aboutsummaryrefslogtreecommitdiffstats
path: root/tests/func/cop/cop_whitelist_blacklist_IPv6.robot
blob: 140c6b067355cd66460d23084e7fb01b51f696e5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

# Copyright (c) 2016 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

*** Settings ***
| Library | resources.libraries.python.Trace
| Library | resources.libraries.python.Cop
| Resource | resources/libraries/robot/default.robot
| Resource | resources/libraries/robot/interfaces.robot
| Resource | resources/libraries/robot/ipv6.robot
| Resource | resources/libraries/robot/traffic.robot
| Resource | resources/libraries/robot/testing_path.robot
| Resource | resources/libraries/robot/l2_xconnect.robot
| Variables  | resources/libraries/python/IPv6NodesAddr.py | ${nodes}
| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
| Test Setup | Func Test Setup
| Test Teardown | Func Test Teardown
| Documentation | *COP Security IPv6 Blacklist and Whitelist Tests*
| ...
| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
| ... | with single links between nodes.
| ... | *[Enc] Packet Encapsulations:* Eth-IPv6-ICMPv6 on all links.
| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv6 routing and
| ... | static routes. COP security white-lists are applied on DUT1 ingress
| ... | interface from TG. DUT2 is configured with L2XC.
| ... | *[Ver] TG verification:* Test ICMPv6 Echo Request packets are sent in
| ... | one direction by TG on link to DUT1; on receive TG verifies packets for
| ... | correctness and drops as applicable.
| ... | *[Ref] Applicable standard specifications:*

*** Variables ***
| ${tg_node}= | ${nodes['TG']}
| ${dut1_node}= | ${nodes['DUT1']}
| ${dut2_node}= | ${nodes['DUT2']}

| ${dut1_if1_ip}= | 3ffe:62::1
| ${dut1_if2_ip}= | 3ffe:63::1
| ${dut1_if1_ip_GW}= | 3ffe:62::2
| ${dut1_if2_ip_GW}= | 3ffe:63::2

| ${dut2_if1_ip}= | 3ffe:72::1
| ${dut2_if2_ip}= | 3ffe:73::1

| ${test_dst_ip}= | 3ffe:64::1
| ${test_src_ip}= | 3ffe:61::1

| ${cop_dut_ip}= | 3ffe:61::

| ${ip_prefix}= | 64

| ${nodes_ipv6_addresses}= | ${nodes_ipv6_addr}

| ${fib_table_number}= | 1

*** Test Cases ***
| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr
| | [Documentation]
| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \
| | ... | configure interface IPv6 addresses and routes in the main
| | ... | routing domain, add COP whitelist on interface to TG with IPv6
| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to
| | ... | DUT1; verify received ICMPv6 Echo Req pkts are correct. [Ref]
| | Given Path for 3-node testing is set
| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
| | And Interfaces in 3-node path are up
| | And L2 setup xconnect on DUT
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
| | And Vpp Route Add | ${dut1_node}
| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
| | And Vpp All Ra Suppress Link Layer | ${nodes}
| | And Add fib table | ${dut1_node} | ${cop_dut_ip} | ${ip_prefix} |
| | ... | ${fib_table_number} | local
| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_to_tg} | ip6 |
| | ... | ${fib_table_number}
| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
| | Then Send Packet And Check Headers | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
| | ... | ${tg_to_dut2_mac}

| TC02: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr
| | [Documentation]
| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \
| | ... | configure interface IPv6 addresses and routes in the main
| | ... | routing domain, add COP blacklist on interface to TG with IPv6
| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to
| | ... | DUT1; verify no ICMPv6 Echo Req pkts are received. [Ref]
| | Given Path for 3-node testing is set
| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
| | And Interfaces in 3-node path are up
| | And L2 setup xconnect on DUT
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
| | And Vpp Route Add | ${dut1_node}
| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
| | And Vpp All Ra Suppress Link Layer | ${nodes}
| | And Add fib table | ${dut1_node}
| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
| | When COP Add whitelist Entry
| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${fib_table_number}
| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
| | Then Send packet from Port to Port should failed | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
| | ... | ${tg_to_dut2_mac}