2 Documentation Test suite to validate ARP functionality for ACL_Enhancement feature.
3 Suite Setup Start Suite
4 Suite Teardown OpenStackOperations.OpenStack Suite Teardown
5 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
6 Test Teardown OpenStackOperations.Get Test Teardown Debugs
7 Library OperatingSystem
8 Library RequestsLibrary
10 Resource ../../../libraries/DevstackUtils.robot
11 Resource ../../../libraries/KarafKeywords.robot
12 Resource ../../../libraries/OVSDB.robot
13 Resource ../../../libraries/OpenStackOperations.robot
14 Resource ../../../libraries/OvsManager.robot
15 Resource ../../../libraries/SetupUtils.robot
16 Resource ../../../libraries/Utils.robot
17 Resource ../../../variables/Variables.robot
18 Resource ../../../variables/netvirt/Variables.robot
21 @{REQ_NETWORKS} acl_net_1 acl_net_2
22 @{REQ_SUBNETS} acl_subnet_1 acl_subnet_2
23 @{REQ_SUBNET_CIDR} 30.30.30.0/24 40.40.40.0/24
24 @{PORTS} acl_port_1 acl_port_2 acl_port_3 acl_port_4 acl_port_5 acl_port_6
25 @{VM_NAMES} acl_myvm_1 acl_myvm_2 acl_myvm_3
26 @{SECURITY_GROUP} acl_sg_1
27 ${VIRTUAL_IP} 30.30.30.100/24
29 ${RANDOM_IP} 11.11.11.11
30 ${NETMASK} 255.255.255.0
31 ${PACKET_COUNT_ZERO} 0
32 ${DHCP_CMD} sudo /sbin/cirros-dhcpc up eth1
34 @{SPOOF_MAC_ADDRESS} FA:17:3E:73:65:86 fa:16:3e:3d:3b:5e
35 ${ARP_CONFIG} sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESS[0]} \n sudo ifconfig eth0 up
39 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
40 [Documentation] Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
41 BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN1}[0] ${DHCP_CMD}
42 BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN2}[0] ${DHCP_CMD}
43 ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha
44 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
45 BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS[1]} @{VM_IP_DPN1}[1] ${arping_cli}
46 ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha
47 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
48 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT}
50 Verify ARP request generated from Spoofed IP for the VM
51 [Documentation] Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
52 ${arp_int_up_cli} = BuiltIn.Set Variable sudo ifconfig eth0:1 ${SPOOF} netmask ${NETMASK} up
53 ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1]
55 ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha
56 ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
57 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF} -c ${PACKET_COUNT} \ ${RANDOM_IP}
58 ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1]
60 ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA} | grep arp_sha
61 ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
62 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
63 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
64 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
65 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
67 Verify ARP request generated from Spoofed MAC for the VM
68 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
69 ${count} = String.Get Line Count ${ARP_CONFIG}
70 : FOR ${index} IN RANGE 0 ${count}
71 \ ${cmd} = String.Get Line ${ARP_CONFIG} ${index}
72 \ ${output} = BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1]
73 \ ... @{VM_IP_DPN1}[1] ${cmd}
74 ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha
75 ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
76 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
77 BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli}
78 ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha
79 ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
80 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
81 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
82 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
83 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
85 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
86 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
87 ${get_pkt_count_before_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha
88 ${get_arp_drop_pkt_before} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
89 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF} -c ${PACKET_COUNT} \ ${RANDOM_IP}
90 BuiltIn.Wait Until Keyword Succeeds 60s 10s OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli}
91 ${get_pkt_count_after_arp} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}|grep arp_sha
92 ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_COMPUTE_1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep arp | grep goto_table:217
93 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
94 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
95 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
96 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
100 [Documentation] Suite setup for ACL_Enhancement feature
101 OpenStackOperations.OpenStack Suite Setup
105 [Documentation] Create Two Networks, Two Subnets, Four Ports
106 Create Neutron Networks 2
107 Create Neutron Subnets 2
108 OpenStackOperations.Neutron Security Group Create @{SECURITY_GROUP}[0]
109 OpenStackOperations.Delete All Security Group Rules @{SECURITY_GROUP}[0]
110 OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[0] sg=@{SECURITY_GROUP}[0]
111 OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[1] sg=@{SECURITY_GROUP}[0]
112 OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[2] sg=@{SECURITY_GROUP}[0]
113 OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[3] sg=@{SECURITY_GROUP}[0]
114 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress protocol=icmp remote-ip=0.0.0.0/0
115 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress protocol=icmp remote-ip=0.0.0.0/0
116 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0
117 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0
118 OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[0] @{PORTS}[1] @{VM_NAMES}[0] ${OS_CMP1_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0]
119 OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[2] @{PORTS}[3] @{VM_NAMES}[1] ${OS_CMP2_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0]
120 @{VM_IP_DPN1} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get Two Port VM IP Addresses ${OS_CMP1_CONN_ID} @{VM_NAMES}[0]
121 @{VM_IP_DPN2} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get Two Port VM IP Addresses ${OS_CMP2_CONN_ID} @{VM_NAMES}[1]
122 BuiltIn.Set Suite Variable @{VM_IP_DPN1}
123 BuiltIn.Set Suite Variable @{VM_IP_DPN2}
124 BuiltIn.Should Not Contain @{VM_IP_DPN1}[0] None
125 BuiltIn.Should Not Contain @{VM_IP_DPN1}[1] None
126 BuiltIn.Should Not Contain @{VM_IP_DPN2}[0] None
127 BuiltIn.Should Not Contain @{VM_IP_DPN2}[1] None
128 ${VM1_PORT} = Get Vm Port ${OS_COMPUTE_1_IP} @{PORTS}[0]
129 ${VM1_METADATA} = OVSDB.Get Port Metadata ${OS_COMPUTE_1_IP} ${VM1_PORT}
130 BuiltIn.Set Suite Variable ${VM1_METADATA}
132 Create Neutron Networks
133 [Arguments] ${num_of_network}
134 [Documentation] Create required number of networks
135 : FOR ${net} IN @{REQ_NETWORKS}
136 \ OpenStackOperations.Create Network ${net}
137 ${net_list} OpenStackOperations.List Networks
138 : FOR ${index} IN RANGE 0 ${num_of_network}
139 \ BuiltIn.Should Contain ${net_list} ${REQ_NETWORKS[${index}]}
141 Create Neutron Subnets
142 [Arguments] ${NUM_OF_NETWORK}
143 [Documentation] Create required number of subnets for previously created networks
144 : FOR ${index} IN RANGE 0 ${NUM_OF_NETWORK}
145 \ OpenStackOperations.Create SubNet ${REQ_NETWORKS[${index}]} ${REQ_SUBNETS[${index}]} ${REQ_SUBNET_CIDR[${index}]}
146 ${sub_list} OpenStackOperations.List Subnets
147 : FOR ${index} IN RANGE 0 ${NUM_OF_NETWORK}
148 \ BuiltIn.Should Contain ${sub_list} ${REQ_SUBNETS[${index}]}
151 [Arguments] ${ip_address} ${portname}
152 [Documentation] Get the port number for given portname
153 ${subportid} = OpenStackOperations.Get Sub Port Id ${portname}
154 ${vm_port} = OVSDB.Get Port Number ${subportid} ${ip_address}