2 Documentation Test suite to validate ARP functionality for ACL_Enhancement feature.
4 Library OperatingSystem
5 Library RequestsLibrary
7 Resource ../../../libraries/DevstackUtils.robot
8 Resource ../../../libraries/KarafKeywords.robot
9 Resource ../../../libraries/OVSDB.robot
10 Resource ../../../libraries/OpenStackOperations.robot
11 Resource ../../../libraries/OvsManager.robot
12 Resource ../../../libraries/SetupUtils.robot
13 Resource ../../../libraries/Utils.robot
14 Resource ../../../variables/Variables.robot
16 Suite Setup Start Suite
17 Suite Teardown OpenStackOperations.OpenStack Suite Teardown
18 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
19 Test Teardown OpenStackOperations.Get Test Teardown Debugs
23 @{REQ_NETWORKS} acl_net_1 acl_net_2
24 @{REQ_SUBNETS} acl_subnet_1 acl_subnet_2
25 @{REQ_SUBNET_CIDR} 30.30.30.0/24 40.40.40.0/24
26 @{PORTS} acl_port_1 acl_port_2 acl_port_3 acl_port_4
27 @{VM_NAMES} acl_myvm_1 acl_myvm_2
28 @{SECURITY_GROUP} acl_sg_1
29 ${VIRTUAL_IP} 30.30.30.100/24
31 ${RANDOM_IP} 11.11.11.11
32 ${NETMASK} 255.255.255.0
33 ${PACKET_COUNT_ZERO} 0
34 ${DHCP_CMD} sudo /sbin/cirros-dhcpc up eth1
35 ${SPOOF_IP} 30.30.30.100
36 @{SPOOF_MAC_ADDRESSES} FA:17:3E:73:65:86 fa:16:3e:3d:3b:5e
38 ... sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
41 ${TABLE} goto_table:217
42 ${INTEGRATION_BRIDGE} br-int
43 @{DEFAULT_FLOW_TABLES} 18 19 20 22 23 24 43
44 ... 45 48 50 51 60 80 81
45 ... 90 210 211 212 213 214 215
46 ... 216 217 239 240 241 242 243
51 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
52 [Documentation] Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
53 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[0] ${VM_IP_DPN1}[0] ${DHCP_CMD}
54 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[0] ${VM_IP_DPN2}[0] ${DHCP_CMD}
55 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
57 ... ${INTEGRATION_BRIDGE}
58 ... table=${DEFAULT_FLOW_TABLES}[15]
59 ... | grep ${VM1_METADATA}.*${ARP_SHA}
60 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
61 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS[1]} ${VM_IP_DPN1}[1] ${arping_cli}
62 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
64 ... ${INTEGRATION_BRIDGE}
65 ... table=${DEFAULT_FLOW_TABLES}[15]
66 ... | grep ${VM1_METADATA}.*${ARP_SHA}
67 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
68 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT}
70 Verify ARP request generated from Spoofed IP for the VM
71 [Documentation] Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
72 ${arp_int_up_cli} = BuiltIn.Set Variable sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
73 ${output} = OpenStackOperations.Execute Command on VM Instance
74 ... ${REQ_NETWORKS}[1]
77 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
79 ... ${INTEGRATION_BRIDGE}
80 ... table=${DEFAULT_FLOW_TABLES}[15]
81 ... | grep ${VM1_METADATA}.*${ARP_SHA}
82 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
84 ... ${INTEGRATION_BRIDGE}
85 ... table=${DEFAULT_FLOW_TABLES}[15]
86 ... | grep ${ARP}.*${TABLE}
87 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
88 ${output} = OpenStackOperations.Execute Command on VM Instance
89 ... ${REQ_NETWORKS}[1]
92 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
94 ... ${INTEGRATION_BRIDGE}
95 ... table=${DEFAULT_FLOW_TABLES}[15]
96 ... | grep ${VM1_METADATA}.*${ARP_SHA}
97 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
99 ... ${INTEGRATION_BRIDGE}
100 ... table=${DEFAULT_FLOW_TABLES}[15]
101 ... | grep ${ARP}.*${TABLE}
102 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
103 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
104 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
105 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
107 Verify ARP request generated from Spoofed MAC for the VM
108 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
109 ${count} = String.Get Line Count ${ARP_CONFIG}
110 FOR ${index} IN RANGE 0 ${count}
111 ${cmd} = String.Get Line ${ARP_CONFIG} ${index}
112 ${output} = OpenStackOperations.Execute Command on VM Instance
113 ... ${REQ_NETWORKS}[1]
117 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
119 ... ${INTEGRATION_BRIDGE}
120 ... table=${DEFAULT_FLOW_TABLES}[15]
121 ... | grep ${VM1_METADATA}.*${ARP_SHA}
122 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
124 ... ${INTEGRATION_BRIDGE}
125 ... table=${DEFAULT_FLOW_TABLES}[15]
126 ... | grep ${ARP}.*${TABLE}
127 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
128 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[1] ${VM_IP_DPN1}[1] ${arping_cli}
129 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
131 ... ${INTEGRATION_BRIDGE}
132 ... table=${DEFAULT_FLOW_TABLES}[15]
133 ... | grep ${VM1_METADATA}.*${ARP_SHA}
134 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
136 ... ${INTEGRATION_BRIDGE}
137 ... table=${DEFAULT_FLOW_TABLES}[15]
138 ... | grep ${ARP}.*${TABLE}
139 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
140 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
141 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
142 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
144 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
145 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
146 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table
148 ... ${INTEGRATION_BRIDGE}
149 ... table=${DEFAULT_FLOW_TABLES}[15]
150 ... | grep ${VM1_METADATA}.*${ARP_SHA}
151 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table
153 ... ${INTEGRATION_BRIDGE}
154 ... table=${DEFAULT_FLOW_TABLES}[15]
155 ... | grep ${ARP}.*${TABLE}
156 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
157 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS}[1] ${VM_IP_DPN1}[1] ${arping_cli}
158 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table
160 ... ${INTEGRATION_BRIDGE}
161 ... table=${DEFAULT_FLOW_TABLES}[15]
162 ... | grep ${VM1_METADATA}.*${ARP_SHA}
163 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table
165 ... ${INTEGRATION_BRIDGE}
166 ... table=${DEFAULT_FLOW_TABLES}[15]
167 ... | grep ${ARP}.*${TABLE}
168 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
169 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
170 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
171 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
176 [Documentation] Suite setup for ACL_Enhancement feature
177 OpenStackOperations.OpenStack Suite Setup
181 [Documentation] Create Two Networks, Two Subnets, Four Ports
182 Create Multiple Networks @{REQ_NETWORKS}
183 Create Multiple Subnets ${REQ_NETWORKS} ${REQ_SUBNETS} ${REQ_SUBNET_CIDR}
184 OpenStackOperations.Neutron Security Group Create ${SECURITY_GROUP}[0]
185 OpenStackOperations.Delete All Security Group Rules ${SECURITY_GROUP}[0]
186 OpenStackOperations.Create Port ${REQ_NETWORKS}[0] ${PORTS}[0] sg=${SECURITY_GROUP}[0]
187 OpenStackOperations.Create Port ${REQ_NETWORKS}[1] ${PORTS}[1] sg=${SECURITY_GROUP}[0]
188 OpenStackOperations.Create Port ${REQ_NETWORKS}[0] ${PORTS}[2] sg=${SECURITY_GROUP}[0]
189 OpenStackOperations.Create Port ${REQ_NETWORKS}[1] ${PORTS}[3] sg=${SECURITY_GROUP}[0]
190 OpenStackOperations.Neutron Security Group Rule Create
191 ... ${SECURITY_GROUP}[0]
192 ... direction=ingress
194 ... remote_ip=0.0.0.0/0
195 OpenStackOperations.Neutron Security Group Rule Create
196 ... ${SECURITY_GROUP}[0]
199 ... remote_ip=0.0.0.0/0
200 OpenStackOperations.Neutron Security Group Rule Create
201 ... ${SECURITY_GROUP}[0]
202 ... direction=ingress
203 ... port_range_max=65535
206 ... remote-ip=0.0.0.0/0
207 OpenStackOperations.Neutron Security Group Rule Create
208 ... ${SECURITY_GROUP}[0]
210 ... port_range_max=65535
213 ... remote-ip=0.0.0.0/0
214 OpenStackOperations.Create Vm Instance With Ports On Compute Node
218 ... ${OS_CMP1_HOSTNAME}
220 ... sg=${SECURITY_GROUP}[0]
221 OpenStackOperations.Create Vm Instance With Ports On Compute Node
225 ... ${OS_CMP2_HOSTNAME}
227 ... sg=${SECURITY_GROUP}[0]
228 FOR ${vm} IN @{VM_NAMES}
229 OpenStackOperations.Poll VM Is ACTIVE ${vm}
231 ${VM_IP_DPN1} = BuiltIn.Wait Until Keyword Succeeds
234 ... OpenStackOperations.Get All VM IP Addresses
235 ... ${OS_CMP1_CONN_ID}
237 ${VM_IP_DPN2} = BuiltIn.Wait Until Keyword Succeeds
240 ... OpenStackOperations.Get All VM IP Addresses
241 ... ${OS_CMP2_CONN_ID}
243 BuiltIn.Set Suite Variable @{VM_IP_DPN1}
244 BuiltIn.Set Suite Variable @{VM_IP_DPN2}
245 FOR ${ip} IN @{VM_IP_DPN1}
246 BuiltIn.Should Not Contain ${ip} None
248 FOR ${ip} IN @{VM_IP_DPN2}
249 BuiltIn.Should Not Contain ${ip} None
251 ${VM1_PORT} = Get VMs OVS Port Number ${OS_CMP1_IP} ${PORTS}[0]
252 ${VM1_METADATA} = OVSDB.Get Port Metadata ${OS_CMP1_IP} ${VM1_PORT}
253 BuiltIn.Set Suite Variable ${VM1_METADATA}