Gitiles
Code Review Sign In
gerrit.opencord.org / cord-tester / fd70504227a74762819c85146a08e676751083dd / . / src / test / vsg / vsgTest.py
blob: 5307a40f9040a3ab69c9f3bea362945d0bb6631f [file] [log] [blame]
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1#copyright 2016-present Ciena Corporation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]15import time
16import os
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]17import sys
18import json
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]19from nose.tools import *
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]20from twisted.internet import defer
21from nose.twistedtools import reactor, deferred
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]22from CordTestUtils import *
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]23from OltConfig import OltConfig
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]24from onosclidriver import OnosCliDriver
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]25from SSHTestAgent import SSHTestAgent
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]26from CordLogger import CordLogger
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]27from VSGAccess import VSGAccess
A R Karthick933f5b52017-03-27 15:27:16 -0700[diff] [blame]28from CordTestUtils import log_test as log
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]29from CordTestConfig import setup_module
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]30from OnosCtrl import OnosCtrl
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]31
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]32log.setLevel('INFO')
33
34class vsg_exchange(CordLogger):
35 ONOS_INSTANCES = 3
36 V_INF1 = 'veth0'
37 device_id = 'of:' + get_mac()
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]38 TEST_IP = '8.8.8.8'
39 HOST = "10.1.0.1"
40 USER = "vagrant"
41 PASS = "vagrant"
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]42 head_node = os.getenv('HEAD_NODE', 'prod')
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]43 HEAD_NODE = head_node + '.cord.lab' if len(head_node.split('.')) == 1 else head_node
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]44 test_path = os.path.dirname(os.path.realpath(__file__))
45 olt_conf_file = os.path.join(test_path, '..', 'setup/olt_config.json')
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]46 restApiXos = None
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]47 subscriber_account_num = 200
48 subscriber_s_tag = 304
49 subscriber_c_tag = 304
50 subscribers_per_s_tag = 8
51 subscriber_map = {}
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]52 subscriber_info = []
53 volt_subscriber_info = []
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]54 restore_methods = []
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]55 TIMEOUT=120
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]56 FABRIC_PORT_HEAD_NODE = 1
57 FABRIC_PORT_COMPUTE_NODE = 2
58 APP_NAME = 'org.ciena.xconnect'
59 APP_FILE = os.path.join(test_path, '..', 'apps/xconnect-1.0-SNAPSHOT.oar')
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]60 NUM_SUBSCRIBERS = 5
A R Karthick0a4ca3a2017-03-30 09:36:53 -0700[diff] [blame]61
62 @classmethod
63 def getSubscriberCredentials(cls, subId):
64 """Generate our own account num, s_tag and c_tags"""
65 if subId in cls.subscriber_map:
66 return cls.subscriber_map[subId]
67 account_num = cls.subscriber_account_num
68 cls.subscriber_account_num += 1
69 s_tag, c_tag = cls.subscriber_s_tag, cls.subscriber_c_tag
70 cls.subscriber_c_tag += 1
71 if cls.subscriber_c_tag % cls.subscribers_per_s_tag == 0:
72 cls.subscriber_s_tag += 1
73 cls.subscriber_map[subId] = account_num, s_tag, c_tag
74 return cls.subscriber_map[subId]
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]75
76 @classmethod
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]77 def getXosCredentials(cls):
78 onos_cfg = OnosCtrl.get_config()
79 if onos_cfg is None:
80 return None
81 if 'apps' in onos_cfg and \
82 'org.opencord.vtn' in onos_cfg['apps'] and \
83 'cordvtn' in onos_cfg['apps']['org.opencord.vtn'] and \
84 'xos' in onos_cfg['apps']['org.opencord.vtn']['cordvtn']:
85 xos_cfg = onos_cfg['apps']['org.opencord.vtn']['cordvtn']['xos']
86 endpoint = xos_cfg['endpoint']
87 user = xos_cfg['user']
88 password = xos_cfg['password']
89 xos_endpoints = endpoint.split(':')
90 xos_host = xos_endpoints[1][len('//'):]
91 xos_port = xos_endpoints[2][:-1]
92 #log.info('xos_host: %s, port: %s, user: %s, password: %s' %(xos_host, xos_port, user, password))
93 return dict(host = xos_host, port = xos_port, user = user, password = password)
94
95 return None
96
97 @classmethod
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]98 def getSubscriberConfig(cls, num_subscribers):
99 features = {
100 'cdn': True,
101 'uplink_speed': 1000000000,
102 'downlink_speed': 1000000000,
103 'uverse': True,
104 'status': 'enabled'
105 }
106 subscriber_map = []
107 for i in xrange(num_subscribers):
108 subId = 'sub{}'.format(i)
109 account_num, _, _ = cls.getSubscriberCredentials(subId)
110 identity = { 'account_num' : str(account_num),
111 'name' : 'My House {}'.format(i)
112 }
113 sub_info = { 'features' : features,
114 'identity' : identity
115 }
116 subscriber_map.append(sub_info)
117
118 return subscriber_map
119
120 @classmethod
121 def getVoltSubscriberConfig(cls, num_subscribers):
122 voltSubscriberMap = []
123 for i in xrange(num_subscribers):
124 subId = 'sub{}'.format(i)
125 account_num, s_tag, c_tag = cls.getSubscriberCredentials(subId)
126 voltSubscriberInfo = {}
127 voltSubscriberInfo['voltTenant'] = dict(s_tag = str(s_tag),
128 c_tag = str(c_tag),
129 subscriber = '')
130 voltSubscriberInfo['account_num'] = account_num
131 voltSubscriberMap.append(voltSubscriberInfo)
132
133 return voltSubscriberMap
134
135 @classmethod
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]136 def setUpCordApi(cls):
137 our_path = os.path.dirname(os.path.realpath(__file__))
138 cord_api_path = os.path.join(our_path, '..', 'cord-api')
139 framework_path = os.path.join(cord_api_path, 'Framework')
140 utils_path = os.path.join(framework_path, 'utils')
141 data_path = os.path.join(cord_api_path, 'Tests', 'data')
142 subscriber_cfg = os.path.join(data_path, 'Subscriber.json')
143 volt_tenant_cfg = os.path.join(data_path, 'VoltTenant.json')
144
A.R Karthick50f4d9a2017-04-20 16:44:19 -0700[diff] [blame]145 cls.subscriber_info = cls.getSubscriberConfig(cls.NUM_SUBSCRIBERS)
146 cls.volt_subscriber_info = cls.getVoltSubscriberConfig(cls.NUM_SUBSCRIBERS)
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]147
148 sys.path.append(utils_path)
149 sys.path.append(framework_path)
150 from restApi import restApi
151 restApiXos = restApi()
A.R Karthicka9b594d2017-03-29 16:25:22 -0700[diff] [blame]152 xos_credentials = cls.getXosCredentials()
153 if xos_credentials is None:
154 restApiXos.controllerIP = cls.HEAD_NODE
155 restApiXos.controllerPort = '9000'
156 else:
157 restApiXos.controllerIP = xos_credentials['host']
158 restApiXos.controllerPort = xos_credentials['port']
159 restApiXos.user = xos_credentials['user']
160 restApiXos.password = xos_credentials['password']
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]161 cls.restApiXos = restApiXos
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]162
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]163 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]164 def closeVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]165 OnosCtrl.uninstall_app(cls.APP_NAME, onos_ip = cls.HEAD_NODE)
166
167 @classmethod
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]168 def openVCPEAccess(cls, volt_subscriber_info):
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]169 """
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]170 This code is used to configure leaf switch for head node access to compute node over fabric.
171 Care is to be taken to avoid overwriting existing/default vcpe flows.
172 The access is opened for generated subscriber info which should not overlap.
173 We target the fabric onos instance on head node.
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]174 """
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]175 OnosCtrl.install_app(cls.APP_FILE, onos_ip = cls.HEAD_NODE)
176 time.sleep(2)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]177 s_tags = map(lambda tenant: int(tenant['voltTenant']['s_tag']), volt_subscriber_info)
178 #only get unique vlan tags
179 s_tags = list(set(s_tags))
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]180 devices = OnosCtrl.get_device_ids(controller = cls.HEAD_NODE)
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]181 if devices:
182 device_config = {}
183 for device in devices:
184 device_config[device] = []
185 for s_tag in s_tags:
186 xconnect_config = {'vlan': s_tag, 'ports' : [ cls.FABRIC_PORT_HEAD_NODE, cls.FABRIC_PORT_COMPUTE_NODE ] }
187 device_config[device].append(xconnect_config)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]188
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]189 cfg = { 'apps' : { 'org.ciena.xconnect' : { 'xconnectTestConfig' : device_config } } }
190 OnosCtrl.config(cfg, controller = cls.HEAD_NODE)
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]191
192 @classmethod
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]193 def setUpClass(cls):
194 cls.controllers = get_controllers()
195 cls.controller = cls.controllers[0]
196 cls.cli = None
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]197 cls.olt = OltConfig(olt_conf_file = cls.olt_conf_file)
198 cls.vcpes = cls.olt.get_vcpes()
199 cls.vcpes_dhcp = cls.olt.get_vcpes_by_type('dhcp')
200 vcpe_dhcp = None
201 vcpe_dhcp_stag = None
202 vcpe_container = None
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]203 cls.on_podd = running_on_podd()
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]204 #cache the first dhcp vcpe in the class for quick testing
205 if cls.vcpes_dhcp:
206 vcpe_container = 'vcpe-{}-{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
207 vcpe_dhcp = 'vcpe0.{}.{}'.format(cls.vcpes_dhcp[0]['s_tag'], cls.vcpes_dhcp[0]['c_tag'])
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]208 if cls.on_podd is False:
A R Karthick3d5ff792017-04-12 16:53:27 -0700[diff] [blame]209 vcpe_dhcp = 'vcpe0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]210 vcpe_dhcp_stag = 'vcpe0.{}'.format(cls.vcpes_dhcp[0]['s_tag'])
211 cls.vcpe_container = vcpe_container
212 cls.vcpe_dhcp = vcpe_dhcp
213 cls.vcpe_dhcp_stag = vcpe_dhcp_stag
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]214 VSGAccess.setUp()
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]215 cls.setUpCordApi()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]216 if cls.on_podd is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]217 cls.openVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]218
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]219 @classmethod
220 def tearDownClass(cls):
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]221 VSGAccess.tearDown()
A.R Karthickb145da82017-04-20 14:45:43 -0700[diff] [blame]222 if cls.on_podd is True:
A R Karthickb0cec7c2017-04-21 10:42:54 -0700[diff] [blame]223 cls.closeVCPEAccess(cls.volt_subscriber_info)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]224
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]225 def cliEnter(self, controller = None):
226 retries = 0
227 while retries < 30:
228 self.cli = OnosCliDriver(controller = controller, connect = True)
229 if self.cli.handle:
230 break
231 else:
232 retries += 1
233 time.sleep(2)
234
235 def cliExit(self):
236 self.cli.disconnect()
237
238 def onos_shutdown(self, controller = None):
239 status = True
240 self.cliEnter(controller = controller)
241 try:
242 self.cli.shutdown(timeout = 10)
243 except:
244 log.info('Graceful shutdown of ONOS failed for controller: %s' %controller)
245 status = False
246
247 self.cliExit()
248 return status
249
A.R Karthick9ccd0d02017-03-16 17:11:08 -0700[diff] [blame]250 def log_set(self, level = None, app = 'org.onosproject'):
251 CordLogger.logSet(level = level, app = app, controllers = self.controllers, forced = True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]252
A R Karthick9a16a112017-04-07 15:40:05 -0700[diff] [blame]253 @classmethod
254 def get_dhcp(cls, vcpe, mgmt = 'eth0'):
255 """Get DHCP for vcpe interface saving management settings"""
256
257 def put_dhcp():
258 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
259
260 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
261 if vcpe_ip is not None:
262 cls.restore_methods.append(put_dhcp)
263 return vcpe_ip
264
265 @classmethod
266 def config_restore(cls):
267 """Restore the vsg test configuration on test case failures"""
268 for restore_method in cls.restore_methods:
269 restore_method()
270
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]271 def get_vsg_vcpe_pair(self):
272 vcpes = self.vcpes_dhcp
273 vcpe_containers = []
274 vsg_vcpe = {}
275 for vcp in vcpes:
276 vcpe_container = 'vcpe-{}-{}'.format(vcp['s_tag'], vcp['c_tag'])
277 vcpe_containers.append(vcpe_container)
278 vsg = VSGAccess.get_vcpe_vsg(vcpe_container)
279 vsg_vcpe[vcpe_container]=str(vsg.get_ip())
280 return vsg_vcpe
281
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]282 def get_vcpe_containers_and_interfaces(self):
283 vcpe_containers = {}
284 vcpe_interfaces = []
285 vcpes = self.vcpes_dhcp
286 count = 0
287 for vcpe in vcpes:
288 vcpe_intf = 'vcpe{}.{}.{}'.format(count,vcpe['s_tag'],vcpe['c_tag'])
289 vcpe_interfaces.append(vcpe_intf)
290 vcpe_container = 'vcpe-{}-{}'.format(vcpe['s_tag'], vcpe['c_tag'])
291 vcpe_containers[vcpe_intf] = vcpe_container
292 count += 1
293 log.info('vcpe interfaces are %s'%vcpe_interfaces)
294 log.info('vcpe containers are %s'%vcpe_containers)
295 return vcpe_interfaces,vcpe_containers
296
297 def get_vcpe_interface_dhcp_ip(self,vcpe=None):
298 if not vcpe:
299 vcpe = self.vcpe_dhcp
300 st, _ = getstatusoutput('dhclient {}'.format(vcpe))
301 vcpe_ip = get_ip(vcpe)
302 return vcpe_ip
303
304 def release_vcpe_interface_dhcp_ip(self,vcpe=None):
305 if not vcpe:
306 vcpe = self.vcpe_dhcp
307 st, _ = getstatusoutput('dhclient {} -r'.format(vcpe))
308 vcpe_ip = get_ip(vcpe)
309 assert_equal(vcpe_ip, None)
310
311 def add_static_route_via_vcpe_interface(self, routes, vcpe=None,dhcp_ip=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]312 if not vcpe:
313 vcpe = self.vcpe_dhcp
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]314 if dhcp_ip:
315 os.system('dhclient '+vcpe)
316 time.sleep(1)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]317 for route in routes:
318 log.info('route is %s'%route)
319 cmd = 'ip route add ' + route + ' via 192.168.0.1 '+ 'dev ' + vcpe
320 cmds.append(cmd)
321 for cmd in cmds:
322 os.system(cmd)
323 return True
324
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]325 def del_static_route_via_vcpe_interface(self,routes,vcpe=None,dhcp_release=True):
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]326 if not vcpe:
327 vcpe = self.vcpe_dhcp
328 cmds = []
329 for route in routes:
330 cmd = 'ip route del ' + route + ' via 192.168.0.1 ' + 'dev ' + vcpe
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]331 os.system(cmd)
332 if dhcp_release:
333 os.system('dhclient '+vcpe+' -r')
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]334 return True
335
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]336 def test_vsg_multiple_subscribers_for_same_vcpe_instace(self):
337 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
338 for vcpe in vcpe_intfs:
339 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
340 assert_not_equal(vcpe_ip,None)
341 for vcpe in vcpe_intfs:
342 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
343
344 def test_vsg_multiple_subscribers_for_same_vcpe_instance_ping_to_external_connectivity(self):
345 host = '8.8.8.8'
346 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
347 for vcpe in vcpe_intfs:
348 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
349 assert_not_equal(vcpe_ip,None)
350 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_ip=False)
351 st, _ = getstatusoutput('ping -I {} -c 3 {}'.format(vcpe,host))
352 assert_equal(st, 0)
353 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe,dhcp_release=False)
354 for vcpe in vcpe_intfs:
355 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
356
357 def test_vsg_vcpe_interface_gets_dhcp_ip_after_interface_toggle(self):
358 vcpe_intfs,containers = self.get_vcpe_containers_and_interfaces()
359 for vcpe in vcpe_intfs:
360 vcpe_ip = self.get_vcpe_interface_dhcp_ip(vcpe=vcpe)
361 assert_not_equal(vcpe_ip,None)
362 os.system('ifconfig {} down'.format(vcpe))
363 time.sleep(1)
364 os.system('ifconfig {} up'.format(vcpe))
365 time.sleep(1)
366 vcpe_ip2 = get_ip(vcpe)
367 assert_equal(vcpe_ip2,vcpe_ip)
368 for vcpe in vcpe_intfs:
369 self.release_vcpe_interface_dhcp_ip(vcpe=vcpe)
370
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]371
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]372 def test_vsg_health(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]373 """
374 Algo:
375 1. Login to compute node VM
376 2. Get all vSGs
377 3. Ping to all vSGs
378 4. Verifying Ping success
379 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]380 status = True
381 if self.on_podd is True:
382 status = VSGAccess.health_check()
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]383 assert_equal(status, True)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]384
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]385 def test_vsg_health_check(self, vsg_name='mysite_vsg-1', verify_status=True):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]386 """
387 Algo:
388 1. If vsg name not specified, Get vsg corresponding to vcpe
389 1. Login to compute mode VM
390 3. Ping to the vSG
391 4. Verifying Ping success
392 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]393 if self.on_podd is False:
394 return
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]395 if not vsg_name:
396 vcpe = self.vcpe_container
397 vsg = VSGAccess.get_vcpe_vsg(vcpe)
398 status = vsg.get_health()
399 assert_equal(status, verify_status)
400 else:
401 vsgs = VSGAccess.get_vsgs()
402 status = None
403 for vsg in vsgs:
404 if vsg.name == vsg_name:
405 status = vsg.get_health()
406 log.info('vsg health check status is %s'%status)
407 assert_equal(status,verify_status)
408
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]409 @deferred(TIMEOUT)
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]410 def test_vsg_for_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]411 """
412 Algo:
413 1. Get list of all compute nodes created using Openstack
414 2. Login to compute mode VM
415 3. Get all vSGs
416 4. Verifying atleast one compute node and one vSG created
417 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]418 df = defer.Deferred()
419 def vsg_for_vcpe_df(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]420 if self.on_podd is True:
421 vsgs = VSGAccess.get_vsgs()
422 compute_nodes = VSGAccess.get_compute_nodes()
423 time.sleep(14)
424 assert_not_equal(len(vsgs), 0)
425 assert_not_equal(len(compute_nodes), 0)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]426 df.callback(0)
427 reactor.callLater(0,vsg_for_vcpe_df,df)
428 return df
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]429
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]430 def test_vsg_for_login(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]431 """
432 Algo:
433 1. Login to compute node VM
434 2. Get all vSGs
435 3. Verifying login to vSG is success
436 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]437 if self.on_podd is False:
438 return
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]439 vsgs = VSGAccess.get_vsgs()
440 vsg_access_status = map(lambda vsg: vsg.check_access(), vsgs)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]441 status = filter(lambda st: st == False, vsg_access_status)
442 assert_equal(len(status), 0)
443
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]444 def test_vsg_for_default_route_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]445 """
446 Algo:
447 1. Login to head node
448 2. Verifying for default route in lxc test client
449 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]450 if self.on_podd is False:
451 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]452 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
453 cmd = "sudo lxc exec testclient -- route | grep default"
454 status, output = ssh_agent.run_cmd(cmd)
455 assert_equal(status, True)
456
457 def test_vsg_for_external_connectivity_through_testclient(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]458 """
459 Algo:
460 1. Login to head node
461 2. On head node, executing ping to 8.8.8.8 from lxc test client
462 3. Verifying for the ping success
463 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]464 if self.on_podd is False:
465 return
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]466 ssh_agent = SSHTestAgent(host = self.HEAD_NODE, user = self.USER, password = self.PASS)
467 cmd = "lxc exec testclient -- ping -c 3 8.8.8.8"
468 status, output = ssh_agent.run_cmd(cmd)
469 assert_equal( status, True)
470
471 def test_vsg_for_external_connectivity(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]472 """
473 Algo:
474 1. Get dhcp IP to vcpe interface in cord-tester
475 2. Verifying vcpe interface gets dhcp IP
476 3. Ping to 8.8.8.8 and Verifying ping should success
477 4. Restoring management interface configuration in cord-tester
478 """
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]479 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]480 mgmt = 'eth0'
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]481 host = '8.8.8.8'
482 self.success = False
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]483 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]484 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]485 assert_not_equal(vcpe_ip, None)
486 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
487 log.info('Sending icmp echo requests to external network 8.8.8.8')
488 st, _ = getstatusoutput('ping -c 3 8.8.8.8')
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]489 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]490 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]491
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]492 def test_vsg_for_external_connectivity_to_google(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]493 """
494 Algo:
495 1. Get dhcp IP to vcpe interface in cord-tester
496 2. Verifying vcpe interface gets dhcp IP
497 3. Ping to www.google.com and Verifying ping should success
498 4. Restoring management interface configuration in cord-tester
499 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]500 host = 'www.google.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]501 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]502 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]503 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]504 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]505 assert_not_equal(vcpe_ip, None)
506 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
507 log.info('Sending icmp ping requests to %s' %host)
508 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]509 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]510 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]511
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]512 def test_vsg_for_external_connectivity_to_invalid_host(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]513 """
514 Algo:
515 1. Get dhcp IP to vcpe interface in cord-tester
516 2. Verifying vcpe interface gets dhcp IP
517 3. Ping to www.goglee.com and Verifying ping should not success
518 4. Restoring management interface configuration in cord-tester
519 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]520 host = 'www.goglee.com'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]521 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]522 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]523 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]524 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]525 assert_not_equal(vcpe_ip, None)
526 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
527 log.info('Sending icmp ping requests to non existent host %s' %host)
528 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]529 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]530 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]531
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]532 def test_vsg_for_external_connectivity_with_ttl_1(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]533 """
534 Algo:
535 1. Get dhcp IP to vcpe interface in cord-tester
536 2. Verifying vcpe interface gets dhcp IP
537 3. Ping to 8.8.8.8 with ttl set to 1
538 4. Verifying ping should not success
539 5. Restoring management interface configuration in cord-tester
540 """
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]541 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]542 vcpe = self.vcpe_dhcp
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]543 mgmt = 'eth0'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]544 assert_not_equal(vcpe, None)
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]545 vcpe_ip = VSGAccess.vcpe_get_dhcp(vcpe, mgmt = mgmt)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]546 assert_not_equal(vcpe_ip, None)
547 log.info('Got DHCP IP %s for %s' %(vcpe_ip, vcpe))
548 log.info('Sending icmp ping requests to host %s with ttl 1' %host)
549 st, _ = getstatusoutput('ping -c 1 -t 1 {}'.format(host))
A R Karthickd0fdf3b2017-03-21 16:54:22 -0700[diff] [blame]550 VSGAccess.restore_interface_config(mgmt, vcpe = vcpe)
A.R Karthick33cfdbe2017-03-17 18:03:48 -0700[diff] [blame]551 assert_not_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]552
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]553 def test_vsg_for_external_connectivity_with_wan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]554 """
555 Algo:
556 1. Get dhcp IP to vcpe interface in cord-tester
557 2. Verifying vcpe interface gets dhcp IP
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]558 3. Ping to 8.8.8.8 and Verifying ping succeeds
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]559 4. Now down the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]560 5. Ping to 8.8.8.8 and Verifying ping fails
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]561 6. Now Up the WAN interface of vcpe
A.R Karthick8f7f1b62017-04-06 18:25:07 -0700[diff] [blame]562 7. Ping to 8.8.8.8 and Verifying ping succeeds
563 8. Restoring management interface configuration in cord-tester
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]564 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]565 if self.on_podd is False:
566 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]567 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]568 mgmt = 'eth0'
569 vcpe = self.vcpe_container
570 assert_not_equal(vcpe, None)
571 assert_not_equal(self.vcpe_dhcp, None)
572 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]573 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
574 assert_not_equal(vcpe_ip, None)
575 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
576 log.info('Sending ICMP pings to host %s' %(host))
577 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
578 if st != 0:
579 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
580 assert_equal(st, 0)
581 #bring down the wan interface and check again
582 st = VSGAccess.vcpe_wan_down(vcpe)
583 if st is False:
584 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
585 assert_equal(st, True)
586 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
587 if st == 0:
588 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
589 assert_not_equal(st, 0)
590 st = VSGAccess.vcpe_wan_up(vcpe)
591 if st is False:
592 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
593 assert_equal(st, True)
594 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
595 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
596 assert_equal(st, 0)
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]597
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]598 def test_vsg_for_external_connectivity_with_lan_interface_toggle_in_vcpe(self):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]599 """
600 Algo:
601 1. Get dhcp IP to vcpe interface in cord-tester
602 2. Verifying vcpe interface gets dhcp IP
603 3. Ping to 8.8.8.8 and Verifying ping should success
604 4. Now down the LAN interface of vcpe
605 5. Ping to 8.8.8.8 and Verifying ping should not success
606 6. Now Up the LAN interface of vcpe
607 7. Ping to 8.8.8.8 and Verifying ping should success
608 8. Restoring management interface configuration in cord-tester
609 """
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]610 if self.on_podd is False:
611 return
Anil Kumar Sanka87115b02017-03-14 17:46:47 +0000[diff] [blame]612 host = '8.8.8.8'
A R Karthick03f40aa2017-03-20 19:33:55 -0700[diff] [blame]613 mgmt = 'eth0'
614 vcpe = self.vcpe_container
615 assert_not_equal(vcpe, None)
616 assert_not_equal(self.vcpe_dhcp, None)
617 #first get dhcp on the vcpe interface
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]618 vcpe_ip = VSGAccess.vcpe_get_dhcp(self.vcpe_dhcp, mgmt = mgmt)
619 assert_not_equal(vcpe_ip, None)
620 log.info('Got DHCP IP %s for %s' %(vcpe_ip, self.vcpe_dhcp))
621 log.info('Sending ICMP pings to host %s' %(host))
622 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
623 if st != 0:
624 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
625 assert_equal(st, 0)
626 #bring down the lan interface and check again
627 st = VSGAccess.vcpe_lan_down(vcpe)
628 if st is False:
629 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
630 assert_equal(st, True)
631 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
632 if st == 0:
633 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
634 assert_not_equal(st, 0)
635 st = VSGAccess.vcpe_lan_up(vcpe)
636 if st is False:
637 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
638 assert_equal(st, True)
639 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
640 VSGAccess.restore_interface_config(mgmt, vcpe = self.vcpe_dhcp)
641 assert_equal(st, 0)
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]642
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]643 @deferred(TIMEOUT)
644 def test_vsg_for_external_connectivity_with_vcpe_container_paused(self,vcpe_name=None,vcpe_intf=None):
645 """
646 Algo:
647 1. Get vSG corresponding to vcpe
648 2. Get dhcp ip to vcpe interface
649 3. Add static route to destination route in test container
650 4. From test container ping to destination route and verify ping success
651 5. Login to compute node and execute command to pause vcpe container
652 6. From test container ping to destination route and verify ping success
653 """
654 if not vcpe_name:
655 vcpe_name = self.vcpe_container
656 if not vcpe_intf:
657 vcpe_intf = self.vcpe_dhcp
658 df = defer.Deferred()
659 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]660 if self.on_podd is False:
661 df.callback(0)
662 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]663 host = '8.8.8.8'
664 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
665 try:
666 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
667 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
668 assert_equal(st, False)
669 st, _ = vsg.run_cmd('sudo docker pause {}'.format(vcpe_name))
670 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
671 assert_equal(st, False)
672 finally:
673 vsg.run_cmd('sudo docker unpause'.format(vcpe_name))
674 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
675 df.callback(0)
676 reactor.callLater(0, vcpe_firewall, df)
677 return df
678
679 @deferred(TIMEOUT)
680 def test_vsg_firewall_with_deny_destination_ip(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]681 """
682 Algo:
683 1. Get vSG corresponding to vcpe
684 2. Login to compute node
685 3. Execute iptable command on vcpe from compute node to deny a destination IP
686 4. From cord-tester ping to the denied IP address
687 5. Verifying that ping should not be successful
688 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]689 if not vcpe_name:
690 vcpe_name = self.vcpe_container
691 if not vcpe_intf:
692 vcpe_intf = self.vcpe_dhcp
693 df = defer.Deferred()
694 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]695 if self.on_podd is False:
696 df.callback(0)
697 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]698 host = '8.8.8.8'
699 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
700 try:
701 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
702 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
703 assert_equal(st, False)
704 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
705 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
706 assert_equal(st, True)
707 finally:
708 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
709 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
710 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
711 df.callback(0)
712 reactor.callLater(0, vcpe_firewall, df)
713 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]714
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]715 @deferred(TIMEOUT)
716 def test_vsg_firewall_with_rule_add_and_delete_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]717 """
718 Algo:
719 1. Get vSG corresponding to vcpe
720 2. Login to compute node
721 3. Execute iptable command on vcpe from compute node to deny a destination IP
722 4. From cord-tester ping to the denied IP address
723 5. Verifying that ping should not be successful
724 6. Delete the iptable rule in vcpe
725 7. From cord-tester ping to the denied IP address
726 8. Verifying the ping should success
727 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]728 if not vcpe_name:
729 vcpe_name = self.vcpe_container
730 if not vcpe_intf:
731 vcpe_intf = self.vcpe_dhcp
732 df = defer.Deferred()
733 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]734 if self.on_podd is False:
735 df.callback(0)
736 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]737 host = '8.8.8.8'
738 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
739 try:
740 self.add_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
741 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
742 assert_equal(st, False)
743 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
744 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
745 assert_equal(st, True)
746 st,_ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
747 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
748 assert_equal(st, False)
749 finally:
750 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
751 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
752 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
753 df.callback(0)
754 reactor.callLater(0, vcpe_firewall, df)
755 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]756
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]757 @deferred(TIMEOUT)
758 def test_vsg_firewall_verifying_reachability_for_non_blocked_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]759 """
760 Algo:
761 1. Get vSG corresponding to vcpe
762 2. Login to compute node
763 3. Execute iptable command on vcpe from compute node to deny a destination IP
764 4. From cord-tester ping to the denied IP address
765 5. Verifying that ping should not be successful
766 6. From cord-tester ping to the denied IP address other than the denied one
767 7. Verifying the ping should success
768 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]769 if not vcpe_name:
770 vcpe_name = self.vcpe_container
771 if not vcpe_intf:
772 vcpe_intf = self.vcpe_dhcp
773 df = defer.Deferred()
774 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]775 if self.on_podd is False:
776 df.callback(0)
777 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]778 host1 = '8.8.8.8'
779 host2 = '204.79.197.203'
780 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
781 try:
782 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
783 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
784 assert_equal(st, False)
785 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
786 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
787 assert_equal(st, True)
788 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
789 assert_equal(st,False)
790 finally:
791 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
792 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
793 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
794 df.callback(0)
795 reactor.callLater(0, vcpe_firewall, df)
796 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]797
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]798 @deferred(TIMEOUT)
799 def test_vsg_firewall_appending_rules_with_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]800 """
801 Algo:
802 1. Get vSG corresponding to vcpe
803 2. Login to compute node
804 3. Execute iptable command on vcpe from compute node to deny a destination IP1
805 4. From cord-tester ping to the denied IP address IP1
806 5. Verifying that ping should not be successful
807 6. Execute iptable command on vcpe from compute node to deny a destination IP2
808 6. From cord-tester ping to the denied IP address IP2
809 7. Verifying that ping should not be successful
810 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]811 if not vcpe_name:
812 vcpe_name = self.vcpe_container
813 if not vcpe_intf:
814 vcpe_intf = self.vcpe_dhcp
815 df = defer.Deferred()
816 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]817 if self.on_podd is False:
818 df.callback(0)
819 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]820 host1 = '8.8.8.8'
821 host2 = '204.79.197.203'
822 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
823 try:
824 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
825 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
826 assert_equal(st, False)
827 st,_ = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
828 time.sleep(2)
829 st,_ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
830 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
831 assert_equal(st, True)
832 st, out = getstatusoutput('ping -c 1 {}'.format(host2))
833 log.info('host2 ping output is %s'%out)
834 assert_equal(st, False)
835 st, _ = vsg.run_cmd('sudo docker exec {} iptables -A FORWARD -d {} -j DROP'.format(vcpe_name,host2))
836 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
837 assert_equal(st,True)
838 finally:
839 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
840 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
841 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
842 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
843 df.callback(0)
844 reactor.callLater(0, vcpe_firewall, df)
845 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]846
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]847 @deferred(TIMEOUT)
848 def test_vsg_firewall_removing_one_rule_denying_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]849 """
850 Algo:
851 1. Get vSG corresponding to vcpe
852 2. Login to compute node
853 3. Execute iptable command on vcpe from compute node to deny a destination IP1
854 4. Execute iptable command on vcpe from compute node to deny a destination IP2
855 5. From cord-tester ping to the denied IP address IP1
856 6. Verifying that ping should not be successful
857 7. From cord-tester ping to the denied IP address IP2
858 8. Verifying that ping should not be successful
859 9. Execute iptable command on vcpe from compute node to remove deny a destination IP2 rule
860 10. From cord-tester ping to the denied IP address IP2
861 11. Verifying the ping should success
862 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]863 if not vcpe_name:
864 vcpe_name = self.vcpe_container
865 if not vcpe_intf:
866 vcpe_intf = self.vcpe_dhcp
867 df = defer.Deferred()
868 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]869 if self.on_podd is False:
870 df.callback(0)
871 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]872 host1 = '8.8.8.8'
873 host2 = '204.79.197.203'
874 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
875 try:
876 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
877 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
878 assert_equal(st, False)
879 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host1))
880 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host2))
881 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
882 assert_equal(st, True)
883 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
884 assert_equal(st,True)
885 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
886 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
887 assert_equal(st,False)
888 finally:
889 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host1))
890 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host2))
891 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
892 log.info('restarting vcpe container')
893 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
894 df.callback(0)
895 reactor.callLater(0, vcpe_firewall, df)
896 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]897
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]898 @deferred(TIMEOUT)
899 def test_vsg_firewall_changing_rule_id_deny_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]900 """
901 Algo:
902 1. Get vSG corresponding to vcpe
903 2. Login to compute node
904 3. Execute iptable command on vcpe from compute node to deny a destination IP
905 5. From cord-tester ping to the denied IP address IP1
906 6. Verifying that ping should not be successful
907 9. Execute iptable command on vcpe from compute node to change the rule ID to 2 to deny the same destination IP
908 10. From cord-tester ping to the denied IP address IP
909 11. Verifying that ping should not be successful
910 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]911 if not vcpe_name:
912 vcpe_name = self.vcpe_container
913 if not vcpe_intf:
914 vcpe_intf = self.vcpe_dhcp
915 df = defer.Deferred()
916 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]917 if self.on_podd is False:
918 df.callback(0)
919 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]920 host = '8.8.8.8'
921 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
922 try:
923 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
924 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
925 assert_equal(st, False)
926 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
927 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
928 assert_equal(st, True)
929 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP '.format(vcpe_name,host))
930 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
931 assert_equal(st,True)
932 finally:
933 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
934 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
935 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
936 df.callback(0)
937 reactor.callLater(0, vcpe_firewall, df)
938 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]939
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]940 @deferred(TIMEOUT)
941 def test_vsg_firewall_changing_deny_rule_to_accept_dest_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]942 """
943 Algo:
944 1. Get vSG corresponding to vcpe
945 2. Login to compute node
946 3. Execute iptable command on vcpe from compute node to deny a destination IP
947 5. From cord-tester ping to the denied IP address IP1
948 6. Verifying that ping should not be successful
949 9. Execute iptable command on vcpe from compute node to accept the same destination IP
950 10. From cord-tester ping to the accepted IP
951 11. Verifying the ping should success
952 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]953 if not vcpe_name:
954 vcpe_name = self.vcpe_container
955 if not vcpe_intf:
956 vcpe_intf = self.vcpe_dhcp
957 df = defer.Deferred()
958 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]959 if self.on_podd is False:
960 df.callback(0)
961 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]962 host = '8.8.8.8'
963 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
964 try:
965 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
966 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
967 assert_equal(st, False)
968 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
969 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
970 assert_equal(st, True)
971 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -d {} -j ACCEPT'.format(vcpe_name,host))
972 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
973 assert_equal(st,False)
974 finally:
975 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
976 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j ACCEPT'.format(vcpe_name,host))
977 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
978 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
979 df.callback(0)
980 reactor.callLater(0, vcpe_firewall, df)
981 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]982
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]983 @deferred(TIMEOUT) #Fail
984 def test_vsg_firewall_denying_destination_network(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]985 """
986 Algo:
987 1. Get vSG corresponding to vcpe
988 2. Login to compute node
989 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
990 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
991 5. Verifying that ping should not be successful
992 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
993 7. Verifying that ping should not be successful
994 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]995 if not vcpe_name:
996 vcpe_name = self.vcpe_container
997 if not vcpe_intf:
998 vcpe_intf = self.vcpe_dhcp
999 df = defer.Deferred()
1000 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1001 if self.on_podd is False:
1002 df.callback(0)
1003 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1004 network = '204.79.197.192/28'
1005 host1 = '204.79.197.203'
1006 host2 = '204.79.197.210'
1007 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1008 try:
1009 self.add_static_route_via_vcpe_interface([host1,host2],vcpe=self.vcpe_dhcp)
1010 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1011 assert_equal(st, False)
1012 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network))
1013 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1014 assert_equal(st, True)
1015 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1016 assert_equal(st,False)
1017 finally:
1018 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network))
1019 self.del_static_route_via_vcpe_interface([host1,host2],vcpe=vcpe_intf)
1020 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1021 df.callback(0)
1022 reactor.callLater(0, vcpe_firewall, df)
1023 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1024
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1025 @deferred(TIMEOUT)
1026 def test_vsg_firewall_denying_destination_network_subnet_modification(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1027 """
1028 Algo:
1029 1. Get vSG corresponding to vcpe
1030 2. Login to compute node
1031 3. Execute iptable command on vcpe from compute node to deny a destination IP subnet
1032 4. From cord-tester ping to the denied IP address IP1 in the denied subnet
1033 5. Verifying that ping should not be successful
1034 6. From cord-tester ping to the denied IP address IP2 in the denied subnet
1035 7. Verifying that ping should not be successful
1036 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1037 if not vcpe_name:
1038 vcpe_name = self.vcpe_container
1039 if not vcpe_intf:
1040 vcpe_intf = self.vcpe_dhcp
1041 df = defer.Deferred()
1042 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1043 if self.on_podd is False:
1044 df.callback(0)
1045 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1046 network1 = '204.79.197.192/28'
1047 network2 = '204.79.197.192/27'
1048 host1 = '204.79.197.203'
1049 host2 = '204.79.197.210'
1050 host3 = '204.79.197.224'
1051 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1052 try:
1053 self.add_static_route_via_vcpe_interface([host1,host2,host3],vcpe=self.vcpe_dhcp)
1054 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1055 assert_equal(st, False)
1056 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1057 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1058 assert_equal(st, True)
1059 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1060 assert_equal(st,False)
1061 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD 2 -d {} -j DROP'.format(vcpe_name,network2))
1062 st, _ = getstatusoutput('ping -c 1 {}'.format(host1))
1063 assert_equal(st, True)
1064 st, _ = getstatusoutput('ping -c 1 {}'.format(host2))
1065 assert_equal(st, True)
1066 st, _ = getstatusoutput('ping -c 1 {}'.format(host3))
1067 assert_equal(st, False)
1068 finally:
1069 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network1))
1070 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,network2))
1071 self.del_static_route_via_vcpe_interface([host1,host2,host3],vcpe=vcpe_intf)
1072 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1073 df.callback(0)
1074 reactor.callLater(0, vcpe_firewall, df)
1075 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1076
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1077 @deferred(TIMEOUT)
1078 def test_vsg_firewall_with_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1079 """
1080 Algo:
1081 1. Get vSG corresponding to vcpe
1082 2. Login to compute node
1083 3. Execute iptable command on vcpe from compute node to deny a source IP
1084 4. From cord-tester ping to 8.8.8.8 from the denied IP
1085 5. Verifying that ping should not be successful
1086 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1087 if not vcpe_name:
1088 vcpe_name = self.vcpe_container
1089 if not vcpe_intf:
1090 vcpe_intf = self.vcpe_dhcp
1091 df = defer.Deferred()
1092 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1093 if self.on_podd is False:
1094 df.callback(0)
1095 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1096 host = '8.8.8.8'
1097 #source_ip = get_ip(self.vcpe_dhcp)
1098 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1099 try:
1100 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1101 source_ip = get_ip(self.vcpe_dhcp)
1102 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1103 assert_equal(st, False)
1104 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1105 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1106 assert_equal(st, True)
1107 finally:
1108 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1109 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1110 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1111 df.callback(0)
1112 reactor.callLater(0, vcpe_firewall, df)
1113 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1114
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1115 @deferred(TIMEOUT)
1116 def test_vsg_firewall_rule_with_add_and_delete_deny_source_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1117 """
1118 Algo:
1119 1. Get vSG corresponding to vcpe
1120 2. Login to compute node
1121 3. Execute iptable command on vcpe from compute node to deny a source IP
1122 4. From cord-tester ping to 8.8.8.8 from the denied IP
1123 5. Verifying that ping should not be successful
1124 6. Delete the iptable rule in vcpe
1125 7. From cord-tester ping to 8.8.8.8 from the denied IP
1126 8. Verifying the ping should success
1127 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1128 if not vcpe_name:
1129 vcpe_name = self.vcpe_container
1130 if not vcpe_intf:
1131 vcpe_intf = self.vcpe_dhcp
1132 df = defer.Deferred()
1133 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1134 if self.on_podd is False:
1135 df.callback(0)
1136 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1137 host = '8.8.8.8'
1138 source_ip = get_ip(self.vcpe_dhcp)
1139 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1140 try:
1141 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1142 source_ip = get_ip(self.vcpe_dhcp)
1143 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1144 assert_equal(st, False)
1145 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1146 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1147 assert_equal(st, True)
1148 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1149 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1150 assert_equal(st, False)
1151 finally:
1152 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -s {} -j DROP'.format(vcpe_name,source_ip))
1153 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1154 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1155 df.callback(0)
1156 reactor.callLater(0, vcpe_firewall, df)
1157 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1158
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1159 @deferred(TIMEOUT)
1160 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_requests_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1161 """
1162 Algo:
1163 1. Get vSG corresponding to vcpe
1164 2. Login to compute node
1165 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1166 4. From cord-tester ping to 8.8.8.8
1167 5. Verifying that ping should not be successful
1168 6. Delete the iptable rule
1169 7. From cord-tester ping to 8.8.8.8
1170 8. Verifying the ping should success
1171 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1172 if not vcpe_name:
1173 vcpe_name = self.vcpe_container
1174 if not vcpe_intf:
1175 vcpe_intf = self.vcpe_dhcp
1176 df = defer.Deferred()
1177 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1178 if self.on_podd is False:
1179 df.callback(0)
1180 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1181 host = '8.8.8.8'
1182 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1183 try:
1184 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1185 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1186 assert_equal(st, False)
1187 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1188 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1189 assert_equal(st, True)
1190 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1191 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1192 assert_equal(st, False)
1193 finally:
1194 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1195 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1196 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1197 df.callback(0)
1198 reactor.callLater(0, vcpe_firewall, df)
1199 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1200
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1201 @deferred(TIMEOUT)
1202 def test_vsg_firewall_rule_with_deny_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1203 """
1204 Algo:
1205 1. Get vSG corresponding to vcpe
1206 2. Login to compute node
1207 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1208 4. From cord-tester ping to 8.8.8.8
1209 5. Verifying that ping should not be successful
1210 6. Delete the iptable rule
1211 7. From cord-tester ping to 8.8.8.8
1212 8. Verifying the ping should success
1213 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1214 if not vcpe_name:
1215 vcpe_name = self.vcpe_container
1216 if not vcpe_intf:
1217 vcpe_intf = self.vcpe_dhcp
1218 df = defer.Deferred()
1219 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1220 if self.on_podd is False:
1221 df.callback(0)
1222 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1223 host = '8.8.8.8'
1224 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1225 try:
1226 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1227 st, _ = getstatusoutput('ping -c 1 {}'.format('8.8.8.8'))
1228 assert_equal(st, False)
1229 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1230 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1231 assert_equal(st, True)
1232 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1233 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1234 assert_equal(st,False)
1235 finally:
1236 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1237 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1238 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1239 df.callback(0)
1240 reactor.callLater(0, vcpe_firewall, df)
1241 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1242
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1243 @deferred(TIMEOUT)
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1244 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_requests_type(self, vcpe_name=None, vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1245 """
1246 Algo:
1247 1. Get vSG corresponding to vcpe
1248 2. Login to compute node
1249 3. Execute iptable command on vcpe from compute node to deny icmp echo-requests type protocol packets
1250 4. From cord-tester ping to 8.8.8.8
1251 5. Verifying that ping should not be successful
1252 6. Insert another rule to accept the icmp-echo requests protocol packets
1253 7. From cord-tester ping to 8.8.8.8
1254 8. Verifying the ping should success
1255 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1256 if not vcpe_name:
1257 vcpe_name = self.vcpe_container
1258 if not vcpe_intf:
1259 vcpe_intf = self.vcpe_dhcp
1260 df = defer.Deferred()
1261 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1262 if self.on_podd is False:
1263 df.callback(0)
1264 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1265 host = '8.8.8.8'
1266 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1267 try:
1268 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1269 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1270 assert_equal(st, False)
1271 st, _ = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1272 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1273 assert_equal(st, True)
1274 st, _ = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1275 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1276 assert_equal(st,False)
1277 finally:
1278 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j DROP'.format(vcpe_name))
1279 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-request -j ACCEPT'.format(vcpe_name))
1280 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1281 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1282 df.callback(0)
1283 reactor.callLater(0, vcpe_firewall, df)
1284 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1285
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1286 @deferred(TIMEOUT)
1287 def test_vsg_firewall_changing_deny_rule_to_accept_rule_with_icmp_protocol_echo_reply_type(self,vcpe_name=None,vcpe_intf=None):
1288 """
1289 Algo:
1290 1. Get vSG corresponding to vcpe
1291 2. Login to compute node
1292 3. Execute iptable command on vcpe from compute node to deny icmp echo-reply type protocol packets
1293 4. From cord-tester ping to 8.8.8.8
1294 5. Verifying the ping should not success
1295 6. Insert another rule to accept the icmp-echo requests protocol packets
1296 7. From cord-tester ping to 8.8.8.8
1297 8. Verifying the ping should success
1298 """
1299 if not vcpe_name:
1300 vcpe_name = self.vcpe_container
1301 if not vcpe_intf:
1302 vcpe_intf = self.vcpe_dhcp
1303 df = defer.Deferred()
1304 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1305 if self.on_podd is False:
1306 df.callback(0)
1307 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1308 host = '8.8.8.8'
1309 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1310 try:
1311 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1312 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1313 assert_equal(st, False)
1314 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1315 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1316 assert_equal(st, True)
1317 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1318 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1319 assert_equal(st,False)
1320 finally:
1321 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j DROP'.format(vcpe_name))
1322 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp --icmp-type echo-reply -j ACCEPT'.format(vcpe_name))
1323 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1324 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1325 df.callback(0)
1326 reactor.callLater(0, vcpe_firewall, df)
1327 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1328
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1329 @deferred(TIMEOUT)
1330 def test_vsg_firewall_for_deny_icmp_protocol(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1331 """
1332 Algo:
1333 1. Get vSG corresponding to vcpe
1334 2. Login to compute node
1335 3. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1336 4. From cord-tester ping to 8.8.8.8
1337 5. Verifying that ping should not be successful
1338 6. Delete the iptable rule
1339 7. From cord-tester ping to 8.8.8.8
1340 8. Verifying the ping should success
1341 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1342 if not vcpe_name:
1343 vcpe_name = self.vcpe_container
1344 if not vcpe_intf:
1345 vcpe_intf = self.vcpe_dhcp
1346 df = defer.Deferred()
1347 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1348 if self.on_podd is False:
1349 df.callback(0)
1350 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1351 host = '8.8.8.8'
1352 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1353 try:
1354 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1355 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1356 assert_equal(st, False)
1357 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1358 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1359 assert_equal(st, True)
1360 st, _ = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1361 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1362 assert_equal(st,False)
1363 finally:
1364 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1365 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1366 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1367 df.callback(0)
1368 reactor.callLater(0, vcpe_firewall, df)
1369 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1370
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1371 @deferred(TIMEOUT)
1372 def test_vsg_firewall_rule_deny_icmp_protocol_and_destination_ip(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1373 """
1374 Algo:
1375 1. Get vSG corresponding to vcpe
1376 2. Login to compute node
1377 3. Execute iptable command on vcpe from compute node to deny a destination IP
1378 4. From cord-tester ping to 8.8.8.8
1379 5. Verifying that ping should not be successful
1380 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1381 7. From cord-tester ping to 8.8.8.8
1382 8. Verifying the ping should success
1383 9. Delete the rule added in step 3
1384 10. From cord-tester ping to 8.8.8.8
1385 11. Verifying that ping should not be successful
1386 12. Delete the rule added in step 6
1387 13. From cord-tester ping to 8.8.8.8
1388 14. Verifying the ping should success
1389 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1390 if not vcpe_name:
1391 vcpe_name = self.vcpe_container
1392 if not vcpe_intf:
1393 vcpe_intf = self.vcpe_dhcp
1394 df = defer.Deferred()
1395 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1396 if self.on_podd is False:
1397 df.callback(0)
1398 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1399 host = '8.8.8.8'
1400 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1401 try:
1402 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1403 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1404 assert_equal(st, False)
1405 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1406 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1407 assert_equal(st, True)
1408 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1409 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1410 assert_equal(st, True)
1411 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1412 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1413 assert_equal(st, True)
1414 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1415 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1416 assert_equal(st,False)
1417 finally:
1418 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1419 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p icmp -j DROP'.format(vcpe_name))
1420 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1421 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1422 df.callback(0)
1423 reactor.callLater(0, vcpe_firewall, df)
1424 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1425
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1426 @deferred(TIMEOUT) #Fail
1427 def test_vsg_firewall_flushing_all_configured_rules(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1428 """
1429 Algo:
1430 1. Get vSG corresponding to vcpe
1431 2. Login to compute node
1432 3. Execute iptable command on vcpe from compute node to deny a destination IP
1433 4. From cord-tester ping to 8.8.8.8
1434 5. Verifying that ping should not be successful
1435 6. Execute iptable command on vcpe from compute node to deny icmp protocol packets
1436 7. From cord-tester ping to 8.8.8.8
1437 8. Verifying the ping should success
1438 9. Flush all the iptable rules configuraed in vcpe
1439 10. Delete the rule added in step 6
1440 11. From cord-tester ping to 8.8.8.8
1441 12. Verifying the ping should success
1442 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1443 if not vcpe_name:
1444 vcpe_name = self.vcpe_container
1445 if not vcpe_intf:
1446 vcpe_intf = self.vcpe_dhcp
1447 df = defer.Deferred()
1448 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1449 if self.on_podd is False:
1450 df.callback(0)
1451 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1452 host = '8.8.8.8'
1453 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1454 try:
1455 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1456 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1457 assert_equal(st, False)
1458 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -d {} -j DROP'.format(vcpe_name,host))
1459 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1460 assert_equal(st, True)
1461 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p icmp -j DROP'.format(vcpe_name))
1462 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1463 assert_equal(st, True)
1464 st,output = vsg.run_cmd('sudo docker exec {} iptables -F FORWARD'.format(vcpe_name))
1465 time.sleep(1)
1466 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1467 assert_equal(st, False)
1468 finally:
1469 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -d {} -j DROP'.format(vcpe_name,host))
1470 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1471 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1472 df.callback(0)
1473 reactor.callLater(0, vcpe_firewall, df)
1474 return df
Anil Kumar Sankad47023a2017-03-29 21:11:09 +0000[diff] [blame]1475
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1476 @deferred(TIMEOUT)
1477 def test_vsg_firewall_deny_all_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1478 """
1479 Algo:
1480 1. Get vSG corresponding to vcpe
1481 2. Login to compute node
1482 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1483 4. From cord-tester ping to 8.8.8.8
1484 5. Verifying that ping should not be successful
1485 6. Delete the iptable rule added
1486 7. From cord-tester ping to 8.8.8.8
1487 8. Verifying the ping should success
1488 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1489 if not vcpe_name:
1490 vcpe_name = self.vcpe_container
1491 if not vcpe_intf:
1492 vcpe_intf = self.vcpe_dhcp
1493 df = defer.Deferred()
1494 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1495 if self.on_podd is False:
1496 df.callback(0)
1497 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1498 host = '8.8.8.8'
1499 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1500 try:
1501 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1502 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1503 assert_equal(st, False)
1504 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1505 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1506 assert_equal(st, True)
1507 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1508 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1509 assert_equal(st, False)
1510 finally:
1511 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1512 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1513 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1514 df.callback(0)
1515 reactor.callLater(0, vcpe_firewall, df)
1516 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1517
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1518 @deferred(TIMEOUT)
1519 def test_vsg_firewall_replacing_deny_rule_to_accept_rule_ipv4_traffic(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1520 """
1521 Algo:
1522 1. Get vSG corresponding to vcpe
1523 2. Login to compute node
1524 3. Execute iptable command on vcpe from compute node to deny all ipv4 Traffic
1525 4. From cord-tester ping to 8.8.8.8
1526 5. Verifying that ping should not be successful
1527 6. Replace the deny rule added in step 3 with accept rule
1528 7. From cord-tester ping to 8.8.8.8
1529 8. Verifying the ping should success
1530 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1531 if not vcpe_name:
1532 vcpe_name = self.vcpe_container
1533 if not vcpe_intf:
1534 vcpe_intf = self.vcpe_dhcp
1535 df = defer.Deferred()
1536 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1537 if self.on_podd is False:
1538 df.callback(0)
1539 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1540 host = '8.8.8.8'
1541 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1542 try:
1543 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1544 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1545 assert_equal(st, False)
1546 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1547 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1548 assert_equal(st, True)
1549 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -4 -j ACCEPT'.format(vcpe_name))
1550 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1551 assert_equal(st, False)
1552 finally:
1553 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1554 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1555 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1556 df.callback(0)
1557 reactor.callLater(0, vcpe_firewall, df)
1558 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1559
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1560 @deferred(TIMEOUT)
1561 def test_vsg_firewall_deny_all_traffic_coming_on_lan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1562 """
1563 Algo:
1564 1. Get vSG corresponding to vcpe
1565 2. Login to compute node
1566 3. Execute iptable command on vcpe from compute node to deny all the traffic coming on lan interface inside vcpe container
1567 4. From cord-tester ping to 8.8.8.8
1568 5. Verifying the ping should not success
1569 6. Delete the iptable rule added
1570 7. From cord-tester ping to 8.8.8.8
1571 8. Verifying the ping should success
1572 """
1573 if not vcpe_name:
1574 vcpe_name = self.vcpe_container
1575 if not vcpe_intf:
1576 vcpe_intf = self.vcpe_dhcp
1577 df = defer.Deferred()
1578 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1579 if self.on_podd is False:
1580 df.callback(0)
1581 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1582 host = '8.8.8.8'
1583 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1584 try:
1585 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1586 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1587 assert_equal(st, False)
1588 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -j DROP'.format(vcpe_name))
1589 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1590 assert_equal(st, True)
1591 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1592 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1593 assert_equal(st, False)
1594 finally:
1595 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -j DROP'.format(vcpe_name))
1596 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1597 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1598 df.callback(0)
1599 reactor.callLater(0, vcpe_firewall, df)
1600 return df
1601
1602 @deferred(TIMEOUT)
1603 def test_vsg_firewall_deny_all_traffic_going_out_of_wan_interface_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
1604 """
1605 Algo:
1606 1. Get vSG corresponding to vcpe
1607 2. Login to compute node
1608 3. Execute iptable command on vcpe from compute node to deny all the traffic going out of wan interface inside vcpe container
1609 4. From cord-tester ping to 8.8.8.8
1610 5. Verifying the ping should not success
1611 6. Delete the iptable rule added
1612 7. From cord-tester ping to 8.8.8.8
1613 8. Verifying the ping should success
1614 """
1615 if not vcpe_name:
1616 vcpe_name = self.vcpe_container
1617 if not vcpe_intf:
1618 vcpe_intf = self.vcpe_dhcp
1619 df = defer.Deferred()
1620 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1621 if self.on_podd is False:
1622 df.callback(0)
1623 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1624 host = '8.8.8.8'
1625 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1626 try:
1627 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1628 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1629 assert_equal(st, False)
1630 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -o eth0 -j DROP'.format(vcpe_name))
1631 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1632 assert_equal(st, True)
1633 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1634 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1635 assert_equal(st, False)
1636 finally:
1637 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -o eth0 -j DROP'.format(vcpe_name))
1638 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1639 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1640 df.callback(0)
1641 reactor.callLater(0, vcpe_firewall, df)
1642 return df
1643
1644 @deferred(TIMEOUT)
1645 def test_vsg_firewall_deny_all_traffic_from_lan_to_wan_in_vcpe(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1646 """
1647 Algo:
1648 1. Get vSG corresponding to vcpe
1649 2. Login to compute node
1650 3. Execute iptable command on vcpe from compute node to deny all the traffic from lan to wan interface in vcpe
1651 4. From cord-tester ping to 8.8.8.8
1652 5. Verifying that ping should not be successful
1653 6. Delete the iptable rule added
1654 7. From cord-tester ping to 8.8.8.8
1655 8. Verifying the ping should success
1656 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1657 if not vcpe_name:
1658 vcpe_name = self.vcpe_container
1659 if not vcpe_intf:
1660 vcpe_intf = self.vcpe_dhcp
1661 df = defer.Deferred()
1662 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1663 if self.on_podd is False:
1664 df.callback(0)
1665 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1666 host = '8.8.8.8'
1667 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1668 try:
1669 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1670 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1671 assert_equal(st, False)
1672 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1673 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1674 assert_equal(st, True)
1675 st,output = vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1676 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1677 assert_equal(st, False)
1678 finally:
1679 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -i eth1 -o eth0 -j DROP'.format(vcpe_name))
1680 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1681 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1682 df.callback(0)
1683 reactor.callLater(0, vcpe_firewall, df)
1684 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1685
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1686
1687 #this test case needs modification.default route should be vcpe interface to run this test case
1688 @deferred(TIMEOUT)
1689 def test_vsg_firewall_deny_all_dns_traffic(self,vcpe_name=None,vcpe_intf=None):
1690 """
1691 Algo:
1692 1. Get vSG corresponding to vcpe
1693 2. Login to compute node
1694 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1695 4. From cord-tester ping to www.google.com
1696 5. Verifying the ping should not success
1697 6. Delete the iptable rule added
1698 7. From cord-tester ping to www.google.com
1699 8. Verifying the ping should success
1700 """
1701 if not vcpe_name:
1702 vcpe_name = self.vcpe_container
1703 if not vcpe_intf:
1704 vcpe_intf = self.vcpe_dhcp
1705 df = defer.Deferred()
1706 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1707 if self.on_podd is False:
1708 df.callback(0)
1709 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1710 host = 'www.msn.com'
1711 host_ip = '131.253.33.203'
1712 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1713 try:
1714 self.add_static_route_via_vcpe_interface([host_ip],vcpe=self.vcpe_dhcp)
1715 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1716 assert_equal(st, False)
1717 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1718 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1719 assert_equal(st, True)
1720 st,output = vsg.run_cmd('sudo docker exec {} iptables -R FORWARD 1 -p udp --dport 53 -j ACCEPT'.format(vcpe_name))
1721 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1722 assert_equal(st, False)
1723 finally:
1724 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -p udp --dport 53 -j DROP'.format(vcpe_name))
1725 self.del_static_route_via_vcpe_interface([host_ip],vcpe=vcpe_intf)
1726 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1727 df.callback(0)
1728 reactor.callLater(0, vcpe_firewall, df)
1729 return df
1730
1731 @deferred(TIMEOUT)
1732 def test_vsg_firewall_deny_all_ipv4_traffic_vcpe_container_restart(self,vcpe_name=None,vcpe_intf=None):
Anil Kumar Sanka72755c92017-04-06 17:19:02 +0000[diff] [blame]1733 """
1734 Algo:
1735 1. Get vSG corresponding to vcpe
1736 2. Login to compute node
1737 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1738 4. From cord-tester ping to www.google.com
1739 5. Verifying that ping should not be successful
1740 6. Delete the iptable rule added
1741 7. From cord-tester ping to www.google.com
1742 8. Verifying the ping should success
1743 """
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1744 if not vcpe_name:
1745 vcpe_name = self.vcpe_container
1746 if not vcpe_intf:
1747 vcpe_intf = self.vcpe_dhcp
1748 df = defer.Deferred()
1749 def vcpe_firewall(df):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1750 if self.on_podd is False:
1751 df.callback(0)
1752 return
Anil Kumar Sankaa357c6a2017-04-12 17:52:24 +0000[diff] [blame]1753 host = '8.8.8.8'
1754 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1755 try:
1756 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1757 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1758 assert_equal(st, False)
1759 st,output = vsg.run_cmd('sudo docker exec {} iptables -I FORWARD -4 -j DROP'.format(vcpe_name))
1760 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1761 assert_equal(st, True)
1762 st,output = vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1763 time.sleep(3)
1764 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1765 assert_equal(st, False)
1766 finally:
1767 vsg.run_cmd('sudo docker exec {} iptables -D FORWARD -4 -j DROP'.format(vcpe_name))
1768 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1769 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1770 df.callback(0)
1771 reactor.callLater(0, vcpe_firewall, df)
1772 return df
Anil Kumar Sanka966c1932017-03-31 00:48:31 +0000[diff] [blame]1773
Anil Kumar Sanka5fa8d8b2017-04-18 22:01:48 +0000[diff] [blame]1774 @deferred(TIMEOUT)
1775 def test_vsg_dnat_modifying_destination_ip(self,vcpe_name=None,vcpe_intf=None):
1776 """
1777 Algo:
1778 1. Get vSG corresponding to vcpe
1779 2. Login to compute node
1780 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1781 4. From cord-tester ping to www.google.com
1782 5. Verifying the ping should not success
1783 6. Delete the iptable rule added
1784 7. From cord-tester ping to www.google.com
1785 8. Verifying the ping should success
1786 """
1787 if not vcpe_name:
1788 vcpe_name = self.vcpe_container
1789 if not vcpe_intf:
1790 vcpe_intf = self.vcpe_dhcp
1791 df = defer.Deferred()
1792 def vcpe_firewall(df):
1793 host = '8.8.8.8'
1794 dst_ip = '123.123.123.123'
1795 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1796 try:
1797 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1798 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1799 assert_equal(st, False)
1800 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1801 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1802 assert_equal(st, True)
1803 finally:
1804 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1805 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1806 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1807 df.callback(0)
1808 reactor.callLater(0,vcpe_firewall,df)
1809 return df
1810
1811 @deferred(TIMEOUT)
1812 def test_vsg_dnat_modifying_destination_ip_and_delete(self,vcpe_name=None,vcpe_intf=None):
1813 """
1814 Algo:
1815 1. Get vSG corresponding to vcpe
1816 2. Login to compute node
1817 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1818 4. From cord-tester ping to www.google.com
1819 5. Verifying the ping should not success
1820 6. Delete the iptable rule added
1821 7. From cord-tester ping to www.google.com
1822 8. Verifying the ping should success
1823 """
1824 if not vcpe_name:
1825 vcpe_name = self.vcpe_container
1826 if not vcpe_intf:
1827 vcpe_intf = self.vcpe_dhcp
1828 df = defer.Deferred()
1829 def vcpe_firewall(df):
1830 host = '8.8.8.8'
1831 dst_ip = '123.123.123.123'
1832 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1833 try:
1834 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1835 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1836 assert_equal(st, False)
1837 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1838 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1839 assert_equal(st, True)
1840 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1841 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1842 assert_equal(st, False)
1843 finally:
1844 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1845 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1846 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1847 df.callback(0)
1848 reactor.callLater(0,vcpe_firewall,df)
1849 return df
1850
1851 @deferred(TIMEOUT)
1852 def test_vsg_dnat_change_modifying_destination_ip_address(self,vcpe_name=None,vcpe_intf=None):
1853 """
1854 Algo:
1855 1. Get vSG corresponding to vcpe
1856 2. Login to compute node
1857 3. Execute iptable command on vcpe from compute node to deny all dns Traffic
1858 4. From cord-tester ping to www.google.com
1859 5. Verifying the ping should not success
1860 6. Delete the iptable rule added
1861 7. From cord-tester ping to www.google.com
1862 8. Verifying the ping should success
1863 """
1864 if not vcpe_name:
1865 vcpe_name = self.vcpe_container
1866 if not vcpe_intf:
1867 vcpe_intf = self.vcpe_dhcp
1868 df = defer.Deferred()
1869 def vcpe_firewall(df):
1870 host = '8.8.8.8'
1871 dst_ip = '123.123.123.123'
1872 vsg = VSGAccess.get_vcpe_vsg(vcpe_name)
1873 try:
1874 self.add_static_route_via_vcpe_interface([host],vcpe=self.vcpe_dhcp)
1875 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1876 assert_equal(st, False)
1877 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -A PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1878 st,_ = getstatusoutput('ping -c 1 {}'.format(host))
1879 assert_equal(st, True)
1880 st,output = vsg.run_cmd('sudo docker exec {} iptables -t nat -R PREROUTING 1 -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1881 st, _ = getstatusoutput('ping -c 1 {}'.format(host))
1882 assert_equal(st, False)
1883 finally:
1884 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,dst_ip))
1885 vsg.run_cmd('sudo docker exec {} iptables -t nat -D PREROUTING -s 192.168.0.0/16 -i eth1 -j DNAT --to-destination {}'.format(vcpe_name,host))
1886 self.del_static_route_via_vcpe_interface([host],vcpe=vcpe_intf)
1887 vsg.run_cmd('sudo docker restart {}'.format(vcpe_name))
1888 df.callback(0)
1889 reactor.callLater(0,vcpe_firewall,df)
1890 return df
1891
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1892 def test_vsg_xos_subscriber(self):
A R Karthick93ba8d02017-04-13 11:59:58 -0700[diff] [blame]1893 if self.on_podd is False:
1894 return
A.R Karthick282f0d32017-03-28 16:43:59 -0700[diff] [blame]1895 subscriber_info = self.subscriber_info[0]
1896 volt_subscriber_info = self.volt_subscriber_info[0]
1897 result = self.restApiXos.ApiPost('TENANT_SUBSCRIBER', subscriber_info)
1898 assert_equal(result, True)
1899 result = self.restApiXos.ApiGet('TENANT_SUBSCRIBER')
1900 assert_not_equal(result, None)
1901 subId = self.restApiXos.getSubscriberId(result, volt_subscriber_info['account_num'])
1902 assert_not_equal(subId, '0')
1903 log.info('Subscriber ID for account num %d = %s' %(volt_subscriber_info['account_num'], subId))
1904 volt_tenant = volt_subscriber_info['voltTenant']
1905 #update the subscriber id in the tenant info before making the rest
1906 volt_tenant['subscriber'] = subId
1907 result = self.restApiXos.ApiPost('TENANT_VOLT', volt_tenant)
1908 assert_equal(result, True)
1909
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]1910 def test_vsg_for_dns_service(self):
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1911 """
1912 Algo:
1913 1. Create a test client in Prod VM
1914 2. Create a vCPE container in vSG VM inside compute Node
1915 3. Ensure vSG VM and vCPE container created properly
1916 4. Enable dns service in vCPE ( if not by default )
1917 5. Send ping request from test client to valid domain address say, 'www.google'com
1918 6. Verify that dns should resolve ping should success
1919 7. Now send ping request to invalid domain address say 'www.invalidaddress'.com'
1920 8. Verify that dns resolve should fail and hence ping
1921 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1922
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1923 def test_vsg_for_10_subscribers_for_same_service(self):
1924 """
1925 Algo:
1926 1.Create a vSG VM in compute node
1927 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1928 3.Ensure vSG VM and vCPE container created properly
1929 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1930 5.Verify that ping success for all 10 subscribers
1931 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1932
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1933 def test_vsg_for_10_subscribers_for_same_service_ping_invalid_ip(self):
1934 """
1935 Algo:
1936 1.Create a vSG VM in compute Node
1937 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1938 3.Ensure vSG VM and vCPE container created properly
1939 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1940 5.Verify that ping fails for all 10 subscribers
1941 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1942
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1943 def test_vsg_for_10_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1944 """
1945 Algo:
1946 1.Create a vSG VM in VM
1947 2.Create 10 vCPE containers for 10 subscribers, in vSG VM
1948 3.Ensure vSG VM and vCPE container created properly
1949 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1950 5.Verify that ping success for all 5 subscribers
1951 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1952 7.Verify that ping fails for all 5 subscribers
1953 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1954
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1955 def test_vsg_for_100_subscribers_for_same_service(self):
1956 """
1957 Algo:
1958 1.Create a vSG VM in compute node
1959 2.Create 100 vCPE containers for 100 subscribers, in vSG VM
1960 3.Ensure vSG VM and vCPE container created properly
1961 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to valid external public IP
1962 5.Verify that ping success for all 100 subscribers
1963 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1964
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1965 def test_vsg_for_100_subscribers_for_same_service_ping_invalid_ip(self):
1966 """
1967 Algo:
1968 1.Create a vSG VM in compute Node
1969 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1970 3.Ensure vSG VM and vCPE container created properly
1971 4.From each of the subscriber, with same s-tag and different c-tag, send a ping to invalid IP
1972 5.Verify that ping fails for all 100 subscribers
1973 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1974
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1975 def test_vsg_for_100_subscribers_for_same_service_ping_valid_and_invalid_ip(self):
1976 """
1977 Algo:
1978 1.Create a vSG VM in VM
1979 2.Create 10 vCPE containers for 100 subscribers, in vSG VM
1980 3.Ensure vSG VM and vCPE container created properly
1981 4.From first 5 subscribers, with same s-tag and different c-tag, send a ping to valid IP
1982 5.Verify that ping success for all 5 subscribers
1983 6.From next 5 subscribers, with same s-tag and different c-tag, send a ping to invalid IP
1984 7.Verify that ping fails for all 5 subscribers
1985 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1986
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1987 def test_vsg_for_packet_received_with_invalid_ip_fields(self):
1988 """
1989 Algo:
1990 1.Create a vSG VM in compute node
1991 2.Create a vCPE container in vSG VM
1992 3.Ensure vSG VM and vCPE container created properly
1993 4.From subscriber, send a ping packet with invalid ip fields
1994 5.Verify that vSG drops the packet
1995 6.Verify ping fails
1996 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]1997
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]1998 def test_vsg_for_packet_received_with_invalid_mac_fields(self):
1999 """
2000 Algo:
2001 1.Create a vSG VM in compute node
2002 2.Create a vCPE container in vSG VM
2003 3.Ensure vSG VM and vCPE container created properly
2004 4.From subscriber, send a ping packet with invalid mac fields
2005 5.Verify that vSG drops the packet
2006 6.Verify ping fails
2007 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2008
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2009 def test_vsg_for_vlan_id_mismatch_in_stag(self):
2010 """
2011 Algo:
2012 1.Create a vSG VM in compute Node
2013 2.Create a vCPE container in vSG VM
2014 3.Ensure vSG VM and vCPE container created properly
2015 4.Send a ping request to external valid IP from subscriber, with incorrect vlan id in s-tag and valid c-tag
2016 5.Verify that ping fails as the packet drops at VM entry
2017 6.Repeat step 4 with correct s-tag
2018 7.Verify that ping success
2019 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2020
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2021 def test_vsg_for_vlan_id_mismatch_in_ctag(self):
2022 """
2023 Algo:
2024 1.Create a vSG VM in compute node
2025 2.Create a vCPE container in vSG VM
2026 3.Ensure vSG VM and vCPE container created properly
2027 4.Send a ping request to external valid IP from subscriber, with valid s-tag and incorrect vlan id in c-tag
2028 5.Verify that ping fails as the packet drops at vCPE container entry
2029 6.Repeat step 4 with valid s-tag and c-tag
2030 7.Verify that ping success
2031 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2032
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2033 def test_vsg_for_matching_and_mismatching_vlan_id_in_stag(self):
2034 """
2035 Algo:
2036 1.Create two vSG VMs in compute node
2037 2.Create a vCPE container in each vSG VM
2038 3.Ensure vSG VM and vCPE container created properly
2039 4.From subscriber one, send ping request with valid s and c tags
2040 5.From subscriber two, send ping request with vlan id mismatch in s-tag and valid c tags
2041 6.Verify that ping success for only subscriber one and fails for two.
2042 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2043
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2044 def test_vsg_for_matching_and_mismatching_vlan_id_in_ctag(self):
2045 """
2046 Algo:
2047 1.Create a vSG VM in compute node
2048 2.Create two vCPE containers in vSG VM
2049 3.Ensure vSG VM and vCPE container created properly
2050 4.From subscriber one, send ping request with valid s and c tags
2051 5.From subscriber two, send ping request with valid s-tag and vlan id mismatch in c-tag
2052 6.Verify that ping success for only subscriber one and fails for two
2053 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2054
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2055 def test_vsg_for_out_of_range_vlanid_in_ctag(self):
2056 """
2057 Algo:
2058 1.Create a vSG VM in compute node
2059 2.Create a vCPE container in vSG VM
2060 3.Ensure vSG VM and vCPE container created properly
2061 4.From subscriber, send ping request with valid stag and vlan id in c-tag is an out of range value ( like 0,4097 )
2062 4.Verify that ping fails as the ping packets drops at vCPE container entry
2063 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2064
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2065 def test_vsg_for_out_of_range_vlanid_in_stag(self):
2066 """
2067 Algo:
2068 1.Create a vSG VM in compute node
2069 2.Create a vCPE container in vSG VM
2070 3.Ensure vSG VM and vCPE container created properly
2071 2.From subscriber, send ping request with vlan id in s-tag is an out of range value ( like 0,4097 ), with valid c-tag
2072 4.Verify that ping fails as the ping packets drops at vSG VM entry
2073 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2074
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2075 def test_vsg_without_creating_vcpe_instance(self):
2076 """
2077 Algo:
2078 1.Create a vSG VM in compute Node
2079 2.Ensure vSG VM created properly
2080 3.Do not create vCPE container inside vSG VM
2081 4.From a subscriber, send ping to external valid IP
2082 5.Verify that ping fails as the ping packet drops at vSG VM entry itself.
2083 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2084
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2085 def test_vsg_for_remove_vcpe_instance(self):
2086 """
2087 Algo:
2088 1.Create a vSG VM in compute node
2089 2.Create a vCPE container in vSG VM
2090 3.Ensure vSG VM and vCPE container created properly
2091 4.From subscriber, send ping request with valid s-tag and c-tag
2092 5.Verify that ping success
2093 6.Verify ping success flows in OvS switch in compute node
2094 7.Now remove the vCPE container in vSG VM
2095 8.Ensure that the container removed properly
2096 9.Repeat step 4
2097 10.Verify that now, ping fails
2098 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2099
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2100 def test_vsg_for_restart_vcpe_instance(self):
2101 """
2102 Algo:
2103 1.Create a vSG VM in compute node
2104 2.Create a vCPE container in vSG VM
2105 3.Ensure vSG VM and vCPE container created properly
2106 4.From subscriber, send ping request with valid s-tag and c-tag
2107 5.Verify that ping success
2108 6.Verify ping success flows in OvS switch in compute node
2109 7.Now restart the vCPE container in vSG VM
2110 8.Ensure that the container came up after restart
2111 9.Repeat step 4
2112 10.Verify that now,ping gets success and flows added in OvS
2113 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2114
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2115 def test_vsg_for_restart_vsg_vm(self):
2116 """
2117 Algo:
2118 1.Create a vSG VM in compute node
2119 2.Create a vCPE container in vSG VM
2120 3.Ensure vSG VM and vCPE container created properly
2121 4.From subscriber, send ping request with valid s-tag and c-tag
2122 5.Verify that ping success
2123 6.Verify ping success flows in OvS switch in compute node
2124 7.Now restart the vSG VM
2125 8.Ensure that the vSG comes up properly after restart
2126 9.Verify that vCPE container comes up after vSG restart
2127 10.Repeat step 4
2128 11.Verify that now,ping gets success and flows added in OvS
2129 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2130
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2131 def test_vsg_for_pause_vcpe_instance(self):
2132 """
2133 Algo:
2134 1.Create a vSG VM in compute node
2135 2.Create a vCPE container in vSG VM
2136 3.Ensure vSG VM and vCPE container created properly
2137 4.From subscriber, send ping request with valid s-tag and c-tag
2138 5.Verify that ping success
2139 6.Verify ping success flows in OvS switch in compute node
2140 7.Now pause vCPE container in vSG VM for a while
2141 8.Ensure that the container state is pause
2142 9.Repeat step 4
2143 10.Verify that now,ping fails now and verify flows in OvS
2144 11.Now resume the container
2145 12.Now repeat step 4 again
2146 13.Verify that now, ping gets success
2147 14.Verify ping success flows in OvS
2148 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2149
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2150 def test_vsg_for_extract_all_compute_stats_from_all_vcpe_containers(self):
2151 """
2152 Algo:
2153 1.Create a vSG VM in compute node
2154 2.Create 10 vCPE containers in VM
2155 3.Ensure vSG VM and vCPE containers created properly
2156 4.Login to all vCPE containers
2157 4.Get all compute stats from all vCPE containers
2158 5.Verify the stats # verification method need to add
2159 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2160
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2161 def test_vsg_for_extract_dns_stats_from_all_vcpe_containers(self):
2162 """
2163 Algo:
2164 1.Create a vSG VM in compute node
2165 2.Create 10 vCPE containers in VM
2166 3.Ensure vSG VM and vCPE containers created properly
2167 4.From 10 subscribers, send ping to valid and invalid dns hosts
2168 5.Verify dns resolves and ping success for valid dns hosts
2169 6.Verify ping fails for invalid dns hosts
2170 7.Verify dns host name resolve flows in OvS
2171 8.Login to all 10 vCPE containers
2172 9.Extract all dns stats
2173 10.Verify dns stats for queries sent, queries received for dns host resolve success and failed scenarios
2174 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2175
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2176 def test_vsg_for_subscriber_access_two_vsg_services(self):
2177 """
2178 # Intention is to verify if subscriber can reach internet via two vSG VMs
2179 Algo:
2180 1.Create two vSG VMs for two services in compute node
2181 2.Create one vCPE container in each VM for one subscriber
2182 3.Ensure VMs and containers created properly
2183 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2184 5.Verify ping gets success
2185 6.Verify ping success flows in OvS
2186 7.Now repeat step 4 with stag corresponds to vSG-2 VM
2187 8.Verify that ping again success
2188 9.Verify ping success flows in OvS
2189 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2190
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2191 def test_vsg_for_subscriber_access_service2_if_service1_goes_down(self):
2192 """
2193 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2194 Algo:
2195 1.Create two vSG VMs for two services in compute node
2196 2.Create one vCPE container in each VM for one subscriber
2197 3.Ensure VMs and containers created properly
2198 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2199 5.Verify ping gets success
2200 6.Verify ping success flows in OvS
2201 7.Down the vSG-1 VM
2202 8.Now repeat step 4
2203 9.Verify that ping fails as vSG-1 is down
2204 10.Repeat step 4 with stag corresponding to vSG-2
2205 9.Verify ping success and flows added in OvS
2206 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2207
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2208 def test_vsg_for_subscriber_access_service2_if_service1_goes_restart(self):
2209 """
2210 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2211 Algo:
2212 1.Create two vSG VMs for two services in compute node
2213 2.Create one vCPE container in each VM for one subscriber
2214 3.Ensure VMs and containers created properly
2215 4.From subscriber end, send ping to public IP with stag corresponds to vSG-1 VM and ctag
2216 5.Verify ping gets success
2217 6.Verify ping success flows added in OvS
2218 7.Now restart vSG-1 VM
2219 8.Now repeat step 4 while vSG-1 VM restarts
2220 9.Verify that ping fails as vSG-1 is restarting
2221 10.Repeat step 4 with stag corresponding to vSG-2 while vSG-1 VM restarts
2222 11.Verify ping success and flows added in OvS
2223 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2224
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2225 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_goes_down(self):
2226 """
2227 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 goes down
2228 Algo:
2229 1.Create a vSG VM in compute node
2230 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2231 3.Ensure VM and containers created properly
2232 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2233 5.Verify ping gets success
2234 6.Verify ping success flows added in OvS
2235 7.Now stop vCPE-1 container
2236 8.Now repeat step 4
2237 9.Verify that ping fails as vCPE-1 container is down
2238 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2239 11.Verify ping success and flows added in OvS
2240 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2241
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2242 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_restart(self):
2243 """
2244 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 restarts
2245 Algo:
2246 1.Create a vSG VM in compute node
2247 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2248 3.Ensure VM and containers created properly
2249 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2250 5.Verify ping gets success
2251 6.Verify ping success flows added in OvS
2252 7.Now restart vCPE-1 container
2253 8.Now repeat step 4 while vCPE-1 restarts
2254 9.Verify that ping fails as vCPE-1 container is restarts
2255 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 restarts
2256 11..Verify ping success and flows added in OvS
2257 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2258
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2259 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_pause(self):
2260 """
2261 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 paused
2262 Algo:
2263 1.Create a vSG VM in compute node
2264 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2265 3.Ensure VM and containers created properly
2266 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2267 5.Verify ping gets success
2268 6.Verify ping success flows added in OvS
2269 7.Now pause vCPE-1 container
2270 8.Now repeat step 4 while vCPE-1 in pause state
2271 9.Verify that ping fails as vCPE-1 container in pause state
2272 10.Repeat step 4 with ctag corresponding to vCPE-2 container while vCPE-1 in pause state
2273 11.Verify ping success and flows added in OvS
2274 """
2275 def test_vsg_for_multiple_vcpes_in_vsg_vm_with_one_vcpe_removed(self):
2276 """
2277 # Intention is to verify if subscriber can reach internet via vSG2 if vSG1 removed
2278 Algo:
2279 1.Create a vSG VM in compute node
2280 2.Create two vCPE containers corresponds to two subscribers in vSG VM
2281 3.Ensure VM and containers created properly
2282 4.From subscriber-1 end, send ping to public IP with ctag corresponds to vCPE-1 and stag
2283 5.Verify ping gets success
2284 6.Verify ping success flows added in OvS
2285 7.Now remove vCPE-1 container
2286 8.Now repeat step 4
2287 9.Verify that ping fails as vCPE-1 container removed
2288 10.Repeat step 4 with ctag corresponding to vCPE-2 container
2289 11.Verify ping success and flows added in OvS
2290 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2291
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2292 def test_vsg_for_vcpe_instance_removed_and_added_again(self):
2293 """
2294 Algo:
2295 1.Create a vSG VM in compute node
2296 2.Create a vCPE container in vSG VM
2297 3.Ensure VM and containers created properly
2298 4.From subscriber end, send ping to public IP
2299 5.Verify ping gets success
2300 6.Verify ping success flows added in OvS
2301 7.Now remove vCPE container in vSG VM
2302 8.Now repeat step 4
2303 9.Verify that ping fails as vCPE container removed
2304 10.Create the vCPE container again for the same subscriber
2305 11.Ensure that vCPE created now
2306 12.Now repeat step 4
2307 13.Verify ping success and flows added in OvS
2308 """
A R Karthick63751492017-03-22 09:28:01 -0700[diff] [blame]2309
Anil Kumar Sanka1213d4c2017-02-23 22:50:48 +0000[diff] [blame]2310 def test_vsg_for_vsg_vm_removed_and_added_again(self):
2311 """
2312 Algo:
2313 1.Create a vSG VM in compute node
2314 2.Create a vCPE container in vSG VM
2315 3.Ensure VM and containers created properly
2316 4.From subscriber end, send ping to public IP
2317 5.Verify ping gets success
2318 6.Verify ping success flows added in OvS
2319 7.Now remove vSG VM
2320 8.Now repeat step 4
2321 9.Verify that ping fails as vSG VM not exists
2322 10.Create the vSG VM and vCPE container in VM again
2323 11.Ensure that vSG and vCPE created
2324 12.Now repeat step 4
2325 13.Verify ping success and flows added in OvS
2326 """
2327
2328 #Test vSG - Subscriber Configuration
2329 def test_vsg_for_configuring_new_subscriber_in_vcpe(self):
2330 """
2331 Algo:
2332 1.Create a vSG VM in compute node
2333 2.Create a vCPE container in vSG VM
2334 3.Ensure VM and containers created properly
2335 4.Configure a subscriber in XOS and assign a service id
2336 5.Set the admin privileges to the subscriber
2337 6.Verify subscriber configuration is success
2338 """
2339 def test_vsg_for_adding_subscriber_devices_in_vcpe(self):
2340 """
2341 Algo:
2342 1.Create a vSG VM in compute node
2343 2.Create a vCPE container in vSG VM
2344 3.Ensure VM and containers created properly
2345 4.Configure a subscriber in XOS and assign a service id
2346 5.Verify subscriber successfully configured in vCPE
2347 6.Now add devices( Mac addresses ) under the subscriber admin group
2348 7.Verify all devices ( Macs ) added successfully
2349 """
2350 def test_vsg_for_removing_subscriber_devices_in_vcpe(self):
2351 """
2352 Algo:
2353 1.Create a vSG VM in compute node
2354 2.Create a vCPE container in vSG VM
2355 3.Ensure VM and containers created properly
2356 4.Configure a subscriber in XOS and assign a service id
2357 5.Verify subscriber successfully configured
2358 6.Now add devices( Mac addresses ) under the subscriber admin group
2359 7.Verify all devices ( Macs ) added successfully
2360 8.Now remove All the added devices in XOS
2361 9.Verify all the devices removed
2362 """
2363 def test_vsg_for_modify_subscriber_devices_in_vcpe(self):
2364 """
2365 Algo:
2366 1.Create a vSG VM in compute node
2367 2.Create a vCPE container in vSG VM
2368 3.Ensure VM and containers created properly
2369 4.Configure a user in XOS and assign a service id
2370 5.Verify subscriber successfully configured in vCPE.
2371 6.Now add devices( Mac addresses ) under the subscriber admin group
2372 7.Verify all devices ( Macs ) added successfully
2373 8.Now remove few devices in XOS
2374 9.Verify devices removed successfully
2375 10.Now add few additional devices in XOS under the same subscriber admin group
2376 11.Verify newly added devices successfully added
2377 """
2378 def test_vsg_for_vcpe_login_fails_with_incorrect_subscriber_credentials(self):
2379 """
2380 Algo:
2381 1.Create a vSG VM in compute node
2382 2.Create a vCPE container in vSG VM
2383 3.Ensure VM and containers created properly
2384 4.Configure a subscriber in XOS and assign a service id
2385 5.Verify subscriber successfully configured
2386 6.Now add devices( Mac addresses ) under the subscriber admin group
2387 7.Verify all devices ( Macs ) added successfully
2388 8.Login vCPE with credentials with which subscriber configured
2389 9.Verify subscriber successfully logged in
2390 10.Logout and login again with incorrect credentials ( either user name or password )
2391 11.Verify login attempt to vCPE fails wtih incorrect credentials
2392 """
2393 def test_vsg_for_subscriber_configuration_in_vcpe_retain_after_vcpe_restart(self):
2394 """
2395 Algo:
2396 1.Create a vSG VM in compute node
2397 2.Create a vCPE container in vSG VM
2398 3.Ensure VM and containers created properly
2399 4.Configure a subscriber in XOS and assign a service id
2400 5.Verify subscriber successfully configured
2401 6.Now add devices( Mac addresses ) under the subscriber admin group
2402 7.Verify all devices ( Macs ) added successfully
2403 8.Restart vCPE ( locate backup config path while restart )
2404 9.Verify subscriber details in vCPE after restart should be same as before the restart
2405 """
2406 def test_vsg_for_create_multiple_vcpe_instances_and_configure_subscriber_in_each_instance(self):
2407 """
2408 Algo:
2409 1.Create a vSG VM in compute node
2410 2.Create 2 vCPE containers in vSG VM
2411 3.Ensure VM and containers created properly
2412 4.Configure a subscriber in XOS for each vCPE instance and assign a service id
2413 5.Verify subscribers successfully configured
2414 6.Now login vCPE-2 with subscriber-1 credentials
2415 7.Verify login fails
2416 8.Now login vCPE-1 with subscriber-2 credentials
2417 9.Verify login fails
2418 10.Now login vCPE-1 with subscriber-1 and vCPE-2 with subscriber-2 credentials
2419 11.Verify that both the subscribers able to login to their respective vCPE containers
2420 """
2421 def test_vsg_for_same_subscriber_can_be_configured_for_multiple_services(self):
2422 """
2423 Algo:
2424 1.Create 2 vSG VMs in compute node
2425 2.Create a vCPE container in each vSG VM
2426 3.Ensure VMs and containers created properly
2427 4.Configure same subscriber in XOS for each vCPE instance and assign a service id
2428 5.Verify subscriber successfully configured
2429 6.Now login vCPE-1 with subscriber credentials
2430 7.Verify login success
2431 8.Now login vCPE-2 with the same subscriber credentials
2432 9.Verify login success
2433 """
2434
2435 #Test Example Service
2436 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server(self):
2437 """
2438 Algo:
2439 1.Create a vSG VM in compute node
2440 2.Create a vCPE container in each vSG VM
2441 3.Ensure VM and container created properly
2442 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2443 5.On-board an example service into cord pod
2444 6.Create a VM in compute node and run the example service ( Apache server )
2445 7.Configure the example service with service specific and subscriber specific messages
2446 8.Verify example service on-boarded successfully
2447 9.Verify example service running in VM
2448 10.Run a curl command from subscriber to reach example service
2449 11.Verify subscriber can successfully reach example service via vSG
2450 12.Verify that service specific and subscriber specific messages
2451 """
2452 def test_vsg_for_subcriber_avail_example_service_running_in_apache_server_after_service_restart(self):
2453 """
2454 Algo:
2455 1.Create a vSG VM in compute node
2456 2.Create a vCPE container in each vSG VM
2457 3.Ensure VM and container created properly
2458 4.Configure a subscriber in XOS for the vCPE instance and assign a service id
2459 5.On-board an example service into cord pod
2460 6.Create a VM in compute node and run the example service ( Apache server )
2461 7.Configure the example service with service specific and subscriber specific messages
2462 8.Verify example service on-boarded successfully
2463 9.Verify example service running in VM
2464 10.Run a curl command from subscriber to reach example service
2465 11.Verify subscriber can successfully reach example service via vSG
2466 12.Verify that service specific and subscriber specific messages
2467 13.Restart example service running in VM
2468 14.Repeat step 10
2469 15.Verify the same results as mentioned in steps 11, 12
2470 """
2471
2472 #vCPE Firewall Functionality
2473 def test_vsg_firewall_for_creating_acl_rule_based_on_source_ip(self):
2474 """
2475 Algo:
2476 1.Create a vSG VM in compute node
2477 2.Create vCPE container in the VM
2478 3.Ensure vSG VM and vCPE container created properly
2479 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2480 5.Bound the acl rule to WAN interface of vCPE
2481 6.Verify configuration in vCPE is success
2482 8.Verify flows added in OvS
2483 """
2484 def test_vsg_firewall_for_creating_acl_rule_based_on_destination_ip(self):
2485 """
2486 Algo:
2487 1.Create a vSG VM in compute node
2488 2.Create vCPE container in the VM
2489 3.Ensure vSG VM and vCPE container created properly
2490 4.Configure ac acl rule in vCPE to deny IP traffic to a destination ip
2491 5.Bound the acl rule to WAN interface of vCPE
2492 6.Verify configuration in vCPE is success
2493 8.Verify flows added in OvS
2494 """
2495 def test_vsg_firewall_for_acl_deny_rule_based_on_source_ip_traffic(self):
2496 """
2497 Algo:
2498 1.Create a vSG VM in compute node
2499 2.Create vCPE container in the VM
2500 3.Ensure vSG VM and vCPE container created properly
2501 4.Configure ac acl rule in vCPE to deny IP traffic from a source IP
2502 5.Bound the acl rule to WAN interface of vCPE
2503 6.From subscriber, send ping to the denied IP address
2504 7.Verify that ping fails as vCPE denies ping response
2505 8.Verify flows added in OvS
2506 """
2507 def test_vsg_firewall_for_acl_deny_rule_based_on_destination_ip_traffic(self):
2508 """
2509 Algo:
2510 1.Create a vSG VM in compute node
2511 2.Create vCPE container in the VM
2512 3.Ensure vSG VM and vCPE container created properly
2513 4.Configure ac acl rule in vCPE to deny IP traffic to a destination IP
2514 5.Bound the acl rule to WAN interface of vCPE
2515 6.From subscriber, send ping to the denied IP address
2516 7.Verify that ping fails as vCPE drops the ping request at WAN interface
2517 8.Verify flows added in OvS
2518 """
Chetan Gaonker52418832017-01-26 23:03:13 +0000[diff] [blame]2519
2520 def test_vsg_dnsmasq(self):
2521 pass
2522
2523 def test_vsg_with_external_parental_control_family_shield_for_filter(self):
2524 pass
2525
2526 def test_vsg_with_external_parental_control_with_answerx(self):
2527 pass
2528
2529 def test_vsg_for_subscriber_upstream_bandwidth(self):
2530 pass
2531
2532 def test_vsg_for_subscriber_downstream_bandwidth(self):
2533 pass
2534
2535 def test_vsg_for_diagnostic_run_of_traceroute(self):
2536 pass
2537
2538 def test_vsg_for_diagnostic_run_of_tcpdump(self):
2539 pass
2540
2541 def test_vsg_for_iptable_rules(self):
2542 pass
2543
2544 def test_vsg_for_iptables_with_neutron(self):
2545 pass