blob: 7511dfe31b13382389be13f94d4a20233784e51f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# Copyright (c) 2016 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*** Settings ***
| Library | resources.libraries.python.Trace
| Library | resources.libraries.python.Cop
| Resource | resources/libraries/robot/default.robot
| Resource | resources/libraries/robot/interfaces.robot
| Resource | resources/libraries/robot/ipv6.robot
| Resource | resources/libraries/robot/traffic.robot
| Resource | resources/libraries/robot/testing_path.robot
| Resource | resources/libraries/robot/l2_xconnect.robot
| Variables | resources/libraries/python/IPv6NodesAddr.py | ${nodes}
| Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
| Test Setup | Func Test Setup
| Test Teardown | Func Test Teardown
| Documentation | *COP Security IPv6 Blacklist Tests*
| ...
| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
| ... | with single links between nodes.
| ... | *[Enc] Packet Encapsulations:* Eth-IPv6-ICMPv6 on all links.
| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv6 routing and
| ... | static routes. COP security black-lists are applied on DUT1 ingress
| ... | interface from TG. DUT2 is configured with L2XC.
| ... | *[Ver] TG verification:* Test ICMPv6 Echo Request packets are sent in
| ... | one direction by TG on link to DUT1; on receive TG verifies packets for
| ... | correctness and drops as applicable.
| ... | *[Ref] Applicable standard specifications:*
*** Variables ***
| ${tg_node}= | ${nodes['TG']}
| ${dut1_node}= | ${nodes['DUT1']}
| ${dut2_node}= | ${nodes['DUT2']}
| ${dut1_if1_ip}= | 3ffe:62::1
| ${dut1_if2_ip}= | 3ffe:63::1
| ${dut1_if1_ip_GW}= | 3ffe:62::2
| ${dut1_if2_ip_GW}= | 3ffe:63::2
| ${dut2_if1_ip}= | 3ffe:72::1
| ${dut2_if2_ip}= | 3ffe:73::1
| ${test_dst_ip}= | 3ffe:64::1
| ${test_src_ip}= | 3ffe:61::1
| ${cop_dut_ip}= | 3ffe:61::
| ${ip_prefix}= | 64
| ${nodes_ipv6_addresses}= | ${nodes_ipv6_addr}
| ${fib_table_number}= | 1
*** Test Cases ***
| TC01: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr
| | [Documentation]
| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \
| | ... | configure interface IPv6 addresses and routes in the main
| | ... | routing domain, add COP blacklist on interface to TG with IPv6
| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to
| | ... | DUT1; verify no ICMPv6 Echo Req pkts are received. [Ref]
| | Given Path for 3-node testing is set
| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
| | And Interfaces in 3-node path are up
| | And L2 setup xconnect on DUT
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix}
| | And VPP Set IF IPv6 Addr
| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
| | And Add IP Neighbor
| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
| | And Vpp Route Add | ${dut1_node}
| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
| | And Vpp All Ra Suppress Link Layer | ${nodes}
| | And Add fib table | ${dut1_node}
| | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
| | When COP Add whitelist Entry
| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${fib_table_number}
| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
| | Then Send packet from Port to Port should failed | ${tg_node}
| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
| | ... | ${tg_to_dut2_mac}
|