2 Documentation Test suite to validate ARP functionality for ACL_Enhancement feature.
4 Library OperatingSystem
5 Library RequestsLibrary
7 Resource ../../../libraries/DevstackUtils.robot
8 Resource ../../../libraries/KarafKeywords.robot
9 Resource ../../../libraries/OVSDB.robot
10 Resource ../../../libraries/OpenStackOperations.robot
11 Resource ../../../libraries/OvsManager.robot
12 Resource ../../../libraries/SetupUtils.robot
13 Resource ../../../libraries/Utils.robot
14 Resource ../../../variables/Variables.robot
15 Resource ../../../variables/netvirt/Variables.robot
17 Suite Setup Start Suite
18 Suite Teardown OpenStackOperations.OpenStack Suite Teardown
19 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
20 Test Teardown OpenStackOperations.Get Test Teardown Debugs
24 @{REQ_NETWORKS} acl_net_1 acl_net_2
25 @{REQ_SUBNETS} acl_subnet_1 acl_subnet_2
26 @{REQ_SUBNET_CIDR} 30.30.30.0/24 40.40.40.0/24
27 @{PORTS} acl_port_1 acl_port_2 acl_port_3 acl_port_4
28 @{VM_NAMES} acl_myvm_1 acl_myvm_2
29 @{SECURITY_GROUP} acl_sg_1
30 ${VIRTUAL_IP} 30.30.30.100/24
32 ${RANDOM_IP} 11.11.11.11
33 ${NETMASK} 255.255.255.0
34 ${PACKET_COUNT_ZERO} 0
35 ${DHCP_CMD} sudo /sbin/cirros-dhcpc up eth1
36 ${SPOOF_IP} 30.30.30.100
37 @{SPOOF_MAC_ADDRESSES} FA:17:3E:73:65:86 fa:16:3e:3d:3b:5e
39 ... sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
42 ${TABLE} goto_table:217
46 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
47 [Documentation] Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
48 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[0] ${VM_IP_DPN1}[0] ${DHCP_CMD}
49 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[0] ${VM_IP_DPN2}[0] ${DHCP_CMD}
50 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
52 ... ${INTEGRATION_BRIDGE}
53 ... table=${DEFAULT_FLOW_TABLES}[15]
54 ... | grep ${VM1_METADATA}.*${ARP_SHA}
55 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
56 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS[1]} ${VM_IP_DPN1}[1] ${arping_cli}
57 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
59 ... ${INTEGRATION_BRIDGE}
60 ... table=${DEFAULT_FLOW_TABLES}[15]
61 ... | grep ${VM1_METADATA}.*${ARP_SHA}
62 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
63 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT}
65 Verify ARP request generated from Spoofed IP for the VM
66 [Documentation] Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
67 ${arp_int_up_cli} = BuiltIn.Set Variable sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
68 ${output} = OpenStackOperations.Execute Command on VM Instance
69 ... ${REQ_NETWORKS}[1]
72 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
74 ... ${INTEGRATION_BRIDGE}
75 ... table=${DEFAULT_FLOW_TABLES}[15]
76 ... | grep ${VM1_METADATA}.*${ARP_SHA}
77 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
79 ... ${INTEGRATION_BRIDGE}
80 ... table=${DEFAULT_FLOW_TABLES}[15]
81 ... | grep ${ARP}.*${TABLE}
82 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
83 ${output} = OpenStackOperations.Execute Command on VM Instance
84 ... ${REQ_NETWORKS}[1]
87 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
89 ... ${INTEGRATION_BRIDGE}
90 ... table=${DEFAULT_FLOW_TABLES}[15]
91 ... | grep ${VM1_METADATA}.*${ARP_SHA}
92 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
94 ... ${INTEGRATION_BRIDGE}
95 ... table=${DEFAULT_FLOW_TABLES}[15]
96 ... | grep ${ARP}.*${TABLE}
97 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
98 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
99 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
100 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
102 Verify ARP request generated from Spoofed MAC for the VM
103 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
104 ${count} = String.Get Line Count ${ARP_CONFIG}
105 FOR ${index} IN RANGE 0 ${count}
106 ${cmd} = String.Get Line ${ARP_CONFIG} ${index}
107 ${output} = OpenStackOperations.Execute Command on VM Instance
108 ... ${REQ_NETWORKS}[1]
112 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
114 ... ${INTEGRATION_BRIDGE}
115 ... table=${DEFAULT_FLOW_TABLES}[15]
116 ... | grep ${VM1_METADATA}.*${ARP_SHA}
117 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
119 ... ${INTEGRATION_BRIDGE}
120 ... table=${DEFAULT_FLOW_TABLES}[15]
121 ... | grep ${ARP}.*${TABLE}
122 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
123 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[1] ${VM_IP_DPN1}[1] ${arping_cli}
124 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
126 ... ${INTEGRATION_BRIDGE}
127 ... table=${DEFAULT_FLOW_TABLES}[15]
128 ... | grep ${VM1_METADATA}.*${ARP_SHA}
129 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
131 ... ${INTEGRATION_BRIDGE}
132 ... table=${DEFAULT_FLOW_TABLES}[15]
133 ... | grep ${ARP}.*${TABLE}
134 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
135 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
136 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
137 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
139 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
140 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
141 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
143 ... ${INTEGRATION_BRIDGE}
144 ... table=${DEFAULT_FLOW_TABLES}[15]
145 ... | grep ${VM1_METADATA}.*${ARP_SHA}
146 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
148 ... ${INTEGRATION_BRIDGE}
149 ... table=${DEFAULT_FLOW_TABLES}[15]
150 ... | grep ${ARP}.*${TABLE}
151 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
152 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[1] ${VM_IP_DPN1}[1] ${arping_cli}
153 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
155 ... ${INTEGRATION_BRIDGE}
156 ... table=${DEFAULT_FLOW_TABLES}[15]
157 ... | grep ${VM1_METADATA}.*${ARP_SHA}
158 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
160 ... ${INTEGRATION_BRIDGE}
161 ... table=${DEFAULT_FLOW_TABLES}[15]
162 ... | grep ${ARP}.*${TABLE}
163 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
164 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
165 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
166 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
171 [Documentation] Suite setup for ACL_Enhancement feature
172 OpenStackOperations.OpenStack Suite Setup
176 [Documentation] Create Two Networks, Two Subnets, Four Ports
177 Create Multiple Networks @{REQ_NETWORKS}
178 Create Multiple Subnets ${REQ_NETWORKS} ${REQ_SUBNETS} ${REQ_SUBNET_CIDR}
179 OpenStackOperations.Neutron Security Group Create ${SECURITY_GROUP}[0]
180 OpenStackOperations.Delete All Security Group Rules ${SECURITY_GROUP}[0]
181 OpenStackOperations.Create Port ${REQ_NETWORKS}[0] ${PORTS}[0] sg=${SECURITY_GROUP}[0]
182 OpenStackOperations.Create Port ${REQ_NETWORKS}[1] ${PORTS}[1] sg=${SECURITY_GROUP}[0]
183 OpenStackOperations.Create Port ${REQ_NETWORKS}[0] ${PORTS}[2] sg=${SECURITY_GROUP}[0]
184 OpenStackOperations.Create Port ${REQ_NETWORKS}[1] ${PORTS}[3] sg=${SECURITY_GROUP}[0]
185 OpenStackOperations.Neutron Security Group Rule Create
186 ... ${SECURITY_GROUP}[0]
187 ... direction=ingress
189 ... remote_ip=0.0.0.0/0
190 OpenStackOperations.Neutron Security Group Rule Create
191 ... ${SECURITY_GROUP}[0]
194 ... remote_ip=0.0.0.0/0
195 OpenStackOperations.Neutron Security Group Rule Create
196 ... ${SECURITY_GROUP}[0]
197 ... direction=ingress
198 ... port_range_max=65535
201 ... remote-ip=0.0.0.0/0
202 OpenStackOperations.Neutron Security Group Rule Create
203 ... ${SECURITY_GROUP}[0]
205 ... port_range_max=65535
208 ... remote-ip=0.0.0.0/0
209 OpenStackOperations.Create Vm Instance With Ports On Compute Node
213 ... ${OS_CMP1_HOSTNAME}
215 ... sg=${SECURITY_GROUP}[0]
216 OpenStackOperations.Create Vm Instance With Ports On Compute Node
220 ... ${OS_CMP2_HOSTNAME}
222 ... sg=${SECURITY_GROUP}[0]
223 FOR ${vm} IN @{VM_NAMES}
224 OpenStackOperations.Poll VM Is ACTIVE ${vm}
226 ${VM_IP_DPN1} = BuiltIn.Wait Until Keyword Succeeds
229 ... OpenStackOperations.Get All VM IP Addresses
230 ... ${OS_CMP1_CONN_ID}
232 ${VM_IP_DPN2} = BuiltIn.Wait Until Keyword Succeeds
235 ... OpenStackOperations.Get All VM IP Addresses
236 ... ${OS_CMP2_CONN_ID}
238 BuiltIn.Set Suite Variable @{VM_IP_DPN1}
239 BuiltIn.Set Suite Variable @{VM_IP_DPN2}
240 FOR ${ip} IN @{VM_IP_DPN1}
241 BuiltIn.Should Not Contain ${ip} None
243 FOR ${ip} IN @{VM_IP_DPN2}
244 BuiltIn.Should Not Contain ${ip} None
246 ${VM1_PORT} = Get VMs OVS Port Number ${OS_CMP1_IP} ${PORTS}[0]
247 ${VM1_METADATA} = OVSDB.Get Port Metadata ${OS_CMP1_IP} ${VM1_PORT}
248 BuiltIn.Set Suite Variable ${VM1_METADATA}