diff options
| author |   Patrik Hrnciar <phrnciar@cisco.com> | 2016-05-03 14:40:52 +0200 |
|---|---|---|
| committer |   Matej Klotton <mklotton@cisco.com> | 2016-05-11 08:16:52 +0000 |
| commit | 452fabf532691f88b36b79bf2469afde18183de2 (patch) | |
| tree | 73c63417ee512ff73050559fae1ee93e99b4ad11 | |
| parent | 807afe3f73ef9f6170e72f922338d0a726028ec6 (diff) | |
Add iACL IPv4/IPv6 tests.
- IPv4: CSIT-15
- IPv6: CSIT-16
Change-Id: I6e66aa853dfaebf1388f1191dbb63f5216820325
Signed-off-by: Patrik Hrnciar <phrnciar@cisco.com>
| -rw-r--r-- | resources/libraries/python/Classify.py | 86 | ||||
| -rw-r--r-- | resources/libraries/python/IPv4Setup.py | 2 | ||||
| -rw-r--r-- | resources/libraries/python/IPv6Util.py | 26 | ||||
| -rw-r--r-- | resources/libraries/python/InterfaceUtil.py | 25 | ||||
| -rw-r--r-- | resources/libraries/robot/iacl.robot | 125 | ||||
| -rw-r--r-- | resources/libraries/robot/traffic.robot | 1 | ||||
| -rw-r--r-- | resources/templates/vat/classify_add_session.vat | 1 | ||||
| -rw-r--r-- | resources/templates/vat/classify_add_table.vat | 1 | ||||
| -rw-r--r-- | resources/templates/vat/input_acl_int.vat | 1 | ||||
| -rw-r--r-- | tests/suites/ipv4/ipv4_iacl_untagged.robot | 127 | ||||
| -rw-r--r-- | tests/suites/ipv6/ipv6_iacl_untagged.robot | 130 |
11 files changed, 523 insertions, 2 deletions
diff --git a/resources/libraries/python/Classify.py b/resources/libraries/python/Classify.py new file mode 100644 index 0000000000..cf93a04b2b --- /dev/null +++ b/resources/libraries/python/Classify.py @@ -0,0 +1,86 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from robot.api import logger + +from resources.libraries.python.VatExecutor import VatExecutor, VatTerminal + + +class Classify(object): + """Classify utilities.""" + + @staticmethod + def vpp_create_classify_table(node, ip_version, direction): + """Create classify table. + + :param node: VPP node to create classify table. + :param ip_version: Version of IP protocol. + :param direction: Direction of traffic - src/dst. + :type node: dict + :type ip_version: str + :type direction: str + :return table_index: Classify table index. + :return skip_n: Number of skip vectors. + :return match_n: Number of match vectors. + :rtype table_index: int + :rtype skip_n: int + :rtype match_n: int + """ + output = VatExecutor.cmd_from_template(node, "classify_add_table.vat", + ip_version=ip_version, + direction=direction) + + if output[0]["retval"] == 0: + table_index = output[0]["new_table_index"] + skip_n = output[0]["skip_n_vectors"] + match_n = output[0]["match_n_vectors"] + logger.trace('Classify table with table_index {} created on node {}' + .format(table_index, node['host'])) + else: + raise RuntimeError('Unable to create classify table on node {}' + .format(node['host'])) + + return table_index, skip_n, match_n + + @staticmethod + def vpp_configure_classify_session(node, acl_method, table_index, skip_n, + match_n, ip_version, direction, address): + """Configuration of classify session. + + :param node: VPP node to setup classify session. + :param acl_method: ACL method - deny/permit. + :param table_index: Classify table index. + :param skip_n: Number of skip vectors based on mask. + :param match_n: Number of match vectors based on mask. + :param ip_version: Version of IP protocol. + :param direction: Direction of traffic - src/dst. + :param address: IPv4 or IPv6 address. + :type node: dict + :type acl_method: str + :type table_index: int + :type skip_n: int + :type match_n: int + :type ip_version: str + :type direction: str + :type address: str + """ + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template("classify_add_session.vat", + acl_method=acl_method, + table_index=table_index, + skip_n=skip_n, + match_n=match_n, + ip_version=ip_version, + direction=direction, + address=address) diff --git a/resources/libraries/python/IPv4Setup.py b/resources/libraries/python/IPv4Setup.py index 50154103ec..577b225ad1 100644 --- a/resources/libraries/python/IPv4Setup.py +++ b/resources/libraries/python/IPv4Setup.py @@ -319,7 +319,7 @@ class IPv4Setup(object): def add_arp_on_dut(node, interface, ip_address, mac_address): """Set ARP cache entree on DUT node. - :param node: Node in the topology. + :param node: VPP Node in the topology. :param interface: Interface name of the node. :param ip_address: IP address of the interface. :param mac_address: MAC address of the interface. diff --git a/resources/libraries/python/IPv6Util.py b/resources/libraries/python/IPv6Util.py index 519026beae..35ec8d5258 100644 --- a/resources/libraries/python/IPv6Util.py +++ b/resources/libraries/python/IPv6Util.py @@ -16,6 +16,8 @@ import re from resources.libraries.python.ssh import SSH +from resources.libraries.python.VatExecutor import VatTerminal +from resources.libraries.python.topology import Topology class IPv6Util(object): @@ -106,3 +108,27 @@ class IPv6Util(object): raise Exception('Node {n} port {p} IPv6 address not found.'.format( n=node['host'], p=interface)) + + @staticmethod + def add_ip_neighbor(node, interface, ip_address, mac_address): + """Add IP neighbor. + + :param node: VPP node to add ip neighbor. + :param interface: Interface name or sw_if_index. + :param ip_address: IP address. + :param mac_address: MAC address. + :type node: dict + :type interface: str or int + :type ip_address: str + :type mac_address: str + """ + if isinstance(interface, basestring): + sw_if_index = Topology.get_interface_sw_index(node, interface) + else: + sw_if_index = interface + + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template("add_ip_neighbor.vat", + sw_if_index=sw_if_index, + ip_address=ip_address, + mac_address=mac_address) diff --git a/resources/libraries/python/InterfaceUtil.py b/resources/libraries/python/InterfaceUtil.py index 35194f2487..3da0e1a204 100644 --- a/resources/libraries/python/InterfaceUtil.py +++ b/resources/libraries/python/InterfaceUtil.py @@ -580,3 +580,28 @@ class InterfaceUtil(object): else: raise RuntimeError('Create loopback failed on node "{}"' .format(node['host'])) + + @staticmethod + def vpp_enable_input_acl_interface(node, interface, ip_version, + table_index): + """Enable input acl on interface. + + :param node: VPP node to setup interface for input acl. + :param interface: Interface to setup input acl. + :param ip_version: Version of IP protocol. + :param table_index: Classify table index. + :type node: dict + :type interface: str or int + :type ip_version: str + :type table_index: int + """ + if isinstance(interface, basestring): + sw_if_index = Topology.get_interface_sw_index(node, interface) + else: + sw_if_index = interface + + with VatTerminal(node) as vat: + vat.vat_terminal_exec_cmd_from_template("input_acl_int.vat", + sw_if_index=sw_if_index, + ip_version=ip_version, + table_index=table_index) diff --git a/resources/libraries/robot/iacl.robot b/resources/libraries/robot/iacl.robot new file mode 100644 index 0000000000..659edb8c30 --- /dev/null +++ b/resources/libraries/robot/iacl.robot @@ -0,0 +1,125 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Documentation | Keywords for iACL tests +| Resource | resources/libraries/robot/default.robot +| Library | resources.libraries.python.InterfaceUtil +| Library | resources.libraries.python.NodePath + +*** Keywords *** +| Node path computed for 3-node topology +| | [Arguments] | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} +| | [Documentation] | *Create interface variables for 3-node topology.* +| | ... +| | ... | *Arguments:* +| | ... | - ${tg_node} - Node attached to the path. Type: dictionary +| | ... | - ${dut1_node} - Node attached to the path. Type: dictionary +| | ... | - ${dut2_node} - Node attached to the path. Type: dictionary +| | ... +| | ... | _Set testcase variables for nodes and interfaces._ +| | ... | - ${tg_node} - Variable for node in path. Type: dictionary +| | ... | - ${dut1_node} - Variable for node in path. Type: dictionary +| | ... | - ${dut2_node} - Variable for node in path. Type: dictionary +| | ... | - ${tg_if1} - First interface of TG node. Type: str +| | ... | - ${tg_if2} - Second interface of TG node. Type: str +| | ... | - ${dut1_if1} - First interface of first DUT node. Type: str +| | ... | - ${dut1_if2} - Second interface of first DUT node. Type: str +| | ... | - ${dut2_if1} - First interface of second DUT node. Type: str +| | ... | - ${dut2_if2} - Second interface of second DUT node. Type: str +| | ... | - ${tg_if1_mac} - MAC address of TG interface (1st). +| | ... | - ${tg_if2_mac} - MAC address of TG interface (2nd). +| | ... | - ${dut1_if1_mac} - MAC address of DUT1 interface (1st). +| | ... | - ${dut1_if2_mac} - MAC address of DUT1 interface (2nd). +| | ... +| | Append Nodes | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} +| | Compute Path +| | ${tg_if1} | ${tg_node}= | Next Interface +| | ${dut1_if1} | ${dut1_node}= | Next Interface +| | ${dut1_if2} | ${dut1_node}= | Next Interface +| | ${dut2_if1} | ${dut2_node}= | Next Interface +| | ${dut2_if2} | ${dut2_node}= | Next Interface +| | ${tg_if2} | ${tg_node}= | Next Interface +| | ${tg_if1_mac}= | Get interface mac | ${tg_node} | ${tg_if1} +| | ${tg_if2_mac}= | Get interface mac | ${tg_node} | ${tg_if2} +| | ${dut1_if1_mac}= | Get interface mac | ${dut1_node} | ${dut1_if1} +| | ${dut1_if2_mac}= | Get interface mac | ${dut1_node} | ${dut1_if2} +| | Set Test Variable | ${tg_node} +| | Set Test Variable | ${tg_if1} +| | Set Test Variable | ${tg_if2} +| | Set Test Variable | ${dut1_node} +| | Set Test Variable | ${dut1_if1} +| | Set Test Variable | ${dut1_if2} +| | Set Test Variable | ${dut2_node} +| | Set Test Variable | ${dut2_if1} +| | Set Test Variable | ${dut2_if2} +| | Set Test Variable | ${tg_if1_mac} +| | Set Test Variable | ${tg_if2_mac} +| | Set Test Variable | ${dut1_if1_mac} +| | Set Test Variable | ${dut1_if2_mac} + +| Interfaces in path are up +| | [Documentation] | *Set UP state on interfaces in path on nodes.* +| | ... +| | Set Interface State | ${tg_node} | ${tg_if1} | up +| | Set Interface State | ${tg_node} | ${tg_if2} | up +| | Set Interface State | ${dut1_node} | ${dut1_if1} | up +| | Set Interface State | ${dut1_node} | ${dut1_if2} | up +| | Set Interface State | ${dut2_node} | ${dut2_if1} | up +| | Set Interface State | ${dut2_node} | ${dut2_if2} | up +| | Vpp Node Interfaces Ready Wait | ${dut1_node} +| | Vpp Node Interfaces Ready Wait | ${dut2_node} + +| IPv4 Addresses set on the node interfaces +| | [Arguments] | ${dut_node} | ${int1} | ${ip_addr1} | ${int2} | ${ip_addr2} +| | ... | ${prefix_length} +| | [Documentation] | Setup IPv4 adresses on the node interfaces +| | ... +| | ... | *Arguments* +| | ... | - ${dut_node} - VPP node. +| | ... | - ${int1} - First node interface. +| | ... | - ${ip_addr1} - First IP address. +| | ... | - ${int2} - Second node interface. +| | ... | - ${ip_addr2} - Second IP address. +| | ... | - ${prefix_length} - IP prefix length. +| | ... +| | ... | *Example* +| | ... | \| IPv4 Addresses set on the node interfaces \ +| | ... | \| ${dut1_node} \| ${dut1_if1} \| ${dut1_if1_ip} \ +| | ... | \| ${dut1_if2} \| ${dut1_if2_ip} \| ${prefix_length} \| +| | ... +| | Set Interface Address | ${dut_node} | ${int1} | ${ip_addr1} +| | ... | ${prefix_length} +| | Set Interface Address | ${dut_node} | ${int2} | ${ip_addr2} +| | ... | ${prefix_length} + +| IPv6 Addresses set on the node interfaces +| | [Arguments] | ${dut_node} | ${int1} | ${ip_addr1} | ${int2} | ${ip_addr2} +| | ... | ${prefix_length} +| | [Documentation] | Setup IPv6 adresses on the node interfaces +| | ... +| | ... | *Arguments* +| | ... | - ${dut_node} - VPP node. +| | ... | - ${int1} - First node interface. +| | ... | - ${ip_addr1} - First IP address. +| | ... | - ${int2} - Second node interface. +| | ... | - ${ip_addr2} - Second IP address. +| | ... | - ${prefix_length} - IP prefix length. +| | ... +| | ... | *Example* +| | ... | \| IPv6 Addresses set on the node interfaces \ +| | ... | \| ${dut1_node} \| ${dut1_if1} \| ${dut1_if1_ip} \ +| | ... | \| ${dut1_if2} \| ${dut1_if2_ip} \| ${prefix_length} \| +| | ... +| | Vpp Set If Ipv6 Addr | ${dut_node} | ${int1} | ${ip_addr1} | ${prefix_length} +| | Vpp Set If Ipv6 Addr | ${dut_node} | ${int2} | ${ip_addr2} | ${prefix_length} diff --git a/resources/libraries/robot/traffic.robot b/resources/libraries/robot/traffic.robot index b97a6d4360..fc1fa363fe 100644 --- a/resources/libraries/robot/traffic.robot +++ b/resources/libraries/robot/traffic.robot @@ -105,4 +105,3 @@ | | Run Keyword And Expect Error | ICMP echo Rx timeout | | | ... | Run Traffic Script On Node | send_icmp_check_headers.py | | ... | ${tg_node} | ${args} -l
\ No newline at end of file diff --git a/resources/templates/vat/classify_add_session.vat b/resources/templates/vat/classify_add_session.vat new file mode 100644 index 0000000000..e68b46f965 --- /dev/null +++ b/resources/templates/vat/classify_add_session.vat @@ -0,0 +1 @@ +classify_add_del_session acl-hit-next {acl_method} table-index {table_index} skip_n {skip_n} match_n {match_n} match l3 {ip_version} {direction} {address}
\ No newline at end of file diff --git a/resources/templates/vat/classify_add_table.vat b/resources/templates/vat/classify_add_table.vat new file mode 100644 index 0000000000..fea8926a68 --- /dev/null +++ b/resources/templates/vat/classify_add_table.vat @@ -0,0 +1 @@ +classify_add_del_table mask l3 {ip_version} {direction}
\ No newline at end of file diff --git a/resources/templates/vat/input_acl_int.vat b/resources/templates/vat/input_acl_int.vat new file mode 100644 index 0000000000..c9d7441796 --- /dev/null +++ b/resources/templates/vat/input_acl_int.vat @@ -0,0 +1 @@ +input_acl_set_interface sw_if_index {sw_if_index} {ip_version}-table {table_index}
\ No newline at end of file diff --git a/tests/suites/ipv4/ipv4_iacl_untagged.robot b/tests/suites/ipv4/ipv4_iacl_untagged.robot new file mode 100644 index 0000000000..2e3d11cb3a --- /dev/null +++ b/tests/suites/ipv4/ipv4_iacl_untagged.robot @@ -0,0 +1,127 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/counters.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/ipv4.robot +| Resource | resources/libraries/robot/iacl.robot +| Resource | resources/libraries/robot/l2_xconnect.robot +| Resource | resources/libraries/robot/traffic.robot +| Library | resources.libraries.python.Classify.Classify +| Library | resources.libraries.python.Trace + +| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO +| Suite Setup | Run Keywords | Setup all TGs before traffic script +| ... | AND | Update All Interface Data On All Nodes | ${nodes} +| Test Setup | Setup all DUTs before test +| Test Teardown | Show packet trace on all DUTs | ${nodes} + +*** Variables *** +| ${dut1_if1_ip}= | 192.168.1.1 +| ${dut1_if2_ip}= | 192.168.2.1 +| ${dut1_if2_ip_GW}= | 192.168.2.2 +| ${test_dst_ip}= | 32.0.0.1 +| ${test_src_ip}= | 16.0.0.1 +| ${prefix_length}= | 24 + +*** Test Cases *** +| VPP drops packets based on IPv4 source addresses +| | [Documentation] | Create classify table on VPP, add source IP address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv4 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ip4 | src +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ip4 | src | ${test_src_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${table_index} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + +| VPP drops packets based on IPv4 destination addresses +| | [Documentation] | Create classify table on VPP, add destination IP address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv4 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ip4 | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ip4 | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${table_index} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + + +| VPP drops packets based on IPv4 src-addr and dst-addr +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | IP address of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv4 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index_1} | ${skip_n_1} | ${match_n_1}= +| | ... | When Vpp Create Classify Table | ${dut1_node} | ip4 | src +| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= +| | ... | When Vpp Create Classify Table | ${dut1_node} | ip4 | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} +| | ... | ip4 | src | ${test_src_ip} +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ip4 | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${table_index_1} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip4 | ${table_index_2} +| | And Add Arp On Dut +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} diff --git a/tests/suites/ipv6/ipv6_iacl_untagged.robot b/tests/suites/ipv6/ipv6_iacl_untagged.robot new file mode 100644 index 0000000000..24a408b9be --- /dev/null +++ b/tests/suites/ipv6/ipv6_iacl_untagged.robot @@ -0,0 +1,130 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/counters.robot +| Resource | resources/libraries/robot/interfaces.robot +| Resource | resources/libraries/robot/iacl.robot +| Resource | resources/libraries/robot/ipv6.robot +| Resource | resources/libraries/robot/l2_xconnect.robot +| Resource | resources/libraries/robot/traffic.robot +| Library | resources.libraries.python.Classify.Classify +| Library | resources.libraries.python.Trace + +| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO +| Suite Setup | Run Keywords | Setup all TGs before traffic script +| ... | AND | Update All Interface Data On All Nodes | ${nodes} +| Test Setup | Setup all DUTs before test +| Test Teardown | Show packet trace on all DUTs | ${nodes} + +*** Variables *** +| ${dut1_if1_ip}= | 3ffe:62::1 +| ${dut1_if2_ip}= | 3ffe:63::1 +| ${dut1_if2_ip_GW}= | 3ffe:63::2 +| ${dut2_if1_ip}= | 3ffe:72::1 +| ${dut2_if2_ip}= | 3ffe:73::1 +| ${test_dst_ip}= | 3ffe:64::1 +| ${test_src_ip}= | 3ffe:61::1 +| ${prefix_length}= | 64 + +*** Test Cases *** +| VPP drops packets based on IPv6 source addresses +| | [Documentation] | Create classify table on VPP, add source IP address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv6 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ip6 | src +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ip6 | src | ${test_src_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${table_index} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + + +| VPP drops packets based on IPv6 destination addresses +| | [Documentation] | Create classify table on VPP, add destination IP address +| | ... | of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv6 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index} | ${skip_n} | ${match_n}= | When Vpp Create Classify Table +| | ... | ${dut1_node} | ip6 | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n} +| | ... | ip6 | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${table_index} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} + + +| VPP drops packets based on IPv6 src-addr and dst-addr +| | [Documentation] | Create classify table on VPP, add source and destination +| | ... | IP address of traffic into table and setup 'deny' traffic +| | ... | and check if traffic is dropped. +| | Given Node path computed for 3-node topology +| | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']} +| | And Interfaces in path are up +| | And IPv6 Addresses set on the node interfaces +| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${dut1_if2} +| | ... | ${dut1_if2_ip} | ${prefix_length} +| | ${table_index_1} | ${skip_n_1} | ${match_n_1}= +| | ... | When Vpp Create Classify Table | ${dut1_node} | ip6 | src +| | ${table_index_2} | ${skip_n_2} | ${match_n_2}= +| | ... | When Vpp Create Classify Table | ${dut1_node} | ip6 | dst +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_2} +| | ... | ip6 | src | ${test_src_ip} +| | And Vpp Configure Classify Session +| | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2} +| | ... | ip6 | dst | ${test_dst_ip} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${table_index_1} +| | And Vpp Enable Input Acl Interface +| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${table_index_2} +| | And Add Ip Neighbor +| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac} +| | And Vpp Route Add +| | ... | ${dut1_node} | ${test_dst_ip} | ${prefix_length} | ${dut1_if2_ip_GW} +| | ... | ${dut1_if2} +| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2} +| | Then Send packet from Port to Port should failed | ${tg_node} | +| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} | +| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac} |