2 Documentation Test suite to validate ARP functionality for ACL_Enhancement feature.
3 Suite Setup Start Suite
4 Suite Teardown OpenStackOperations.OpenStack Suite Teardown
5 Test Setup SetupUtils.Setup_Test_With_Logging_And_Without_Fast_Failing
6 Test Teardown OpenStackOperations.Get Test Teardown Debugs
7 Library OperatingSystem
8 Library RequestsLibrary
10 Resource ../../../libraries/DevstackUtils.robot
11 Resource ../../../libraries/KarafKeywords.robot
12 Resource ../../../libraries/OVSDB.robot
13 Resource ../../../libraries/OpenStackOperations.robot
14 Resource ../../../libraries/OvsManager.robot
15 Resource ../../../libraries/SetupUtils.robot
16 Resource ../../../libraries/Utils.robot
17 Resource ../../../variables/Variables.robot
18 Resource ../../../variables/netvirt/Variables.robot
21 @{REQ_NETWORKS} acl_net_1 acl_net_2
22 @{REQ_SUBNETS} acl_subnet_1 acl_subnet_2
23 @{REQ_SUBNET_CIDR} 30.30.30.0/24 40.40.40.0/24
24 @{PORTS} acl_port_1 acl_port_2 acl_port_3 acl_port_4
25 @{VM_NAMES} acl_myvm_1 acl_myvm_2
26 @{SECURITY_GROUP} acl_sg_1
27 ${VIRTUAL_IP} 30.30.30.100/24
29 ${RANDOM_IP} 11.11.11.11
30 ${NETMASK} 255.255.255.0
31 ${PACKET_COUNT_ZERO} 0
32 ${DHCP_CMD} sudo /sbin/cirros-dhcpc up eth1
33 ${SPOOF_IP} 30.30.30.100
34 @{SPOOF_MAC_ADDRESSES} FA:17:3E:73:65:86 fa:16:3e:3d:3b:5e
35 ${ARP_CONFIG} sudo ifconfig eth0 down \n sudo ifconfig eth0 hw ether ${SPOOF_MAC_ADDRESSES[0]} \n sudo ifconfig eth0 up
38 ${TABLE} goto_table:217
41 Verify ARP request Valid MAC and Valid IP for the VM Egress Table
42 [Documentation] Verifying ARP resquest resolved for Valid MAC and Valid IP at the VM Egress Table
43 OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN1}[0] ${DHCP_CMD}
44 OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[0] @{VM_IP_DPN2}[0] ${DHCP_CMD}
45 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
46 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
47 OpenStackOperations.Execute Command on VM Instance ${REQ_NETWORKS[1]} @{VM_IP_DPN1}[1] ${arping_cli}
48 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
49 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
50 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT}
52 Verify ARP request generated from Spoofed IP for the VM
53 [Documentation] Verifying ARP resquest generated for Spoofed IP with Valid MAC and Validate the packet drop at the VM Egress Table
54 ${arp_int_up_cli} = BuiltIn.Set Variable sudo ifconfig eth0:1 ${SPOOF_IP} netmask ${NETMASK} up
55 ${output} = OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arp_int_up_cli}
56 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
57 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
58 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
59 ${output} = OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli}
60 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
61 ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
62 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
63 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
64 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
65 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
67 Verify ARP request generated from Spoofed MAC for the VM
68 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Valid IP and Validate the ARP packet drop at the VM Egress Table
69 ${count} = String.Get Line Count ${ARP_CONFIG}
70 FOR ${index} IN RANGE 0 ${count}
71 ${cmd} = String.Get Line ${ARP_CONFIG} ${index}
72 ${output} = OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${cmd}
74 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
75 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
76 ${arping_cli} = BuiltIn.Set Variable sudo arping -I eth0 -c ${PACKET_COUNT} \ ${RANDOM_IP}
77 OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli}
78 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
79 ${get_arp_drop_pkt_after} OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
80 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
81 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
82 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
83 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
85 Verify ARP request generated from Spoofed IP and spoofed MAC for the VM
86 [Documentation] Verifying ARP resquest generated for Spoofed MAC with Spoofed IP and Validate the ARP packet drop at the VM Egress Table
87 ${get_pkt_count_before_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
88 ${get_arp_drop_pkt_before} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
89 ${arping_cli} = BuiltIn.Set Variable sudo arping -s ${SPOOF_IP} -c ${PACKET_COUNT} \ ${RANDOM_IP}
90 OpenStackOperations.Execute Command on VM Instance @{REQ_NETWORKS}[1] @{VM_IP_DPN1}[1] ${arping_cli}
91 ${get_pkt_count_after_arp} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${VM1_METADATA}.*${ARP_SHA}
92 ${get_arp_drop_pkt_after} = OvsManager.Get Packet Count From Table ${OS_CMP1_IP} ${INTEGRATION_BRIDGE} table=@{DEFAULT_FLOW_TABLES}[15] | grep ${ARP}.*${TABLE}
93 ${pkt_diff} = BuiltIn.Evaluate int(${get_pkt_count_after_arp})-int(${get_pkt_count_before_arp})
94 ${pkt_diff_arp_drop} = BuiltIn.Evaluate int(${get_arp_drop_pkt_after})-int(${get_arp_drop_pkt_before})
95 BuiltIn.Should Be Equal As Numbers ${pkt_diff} ${PACKET_COUNT_ZERO}
96 BuiltIn.Should Be Equal As Numbers ${pkt_diff_arp_drop} ${PACKET_COUNT}
100 [Documentation] Suite setup for ACL_Enhancement feature
101 OpenStackOperations.OpenStack Suite Setup
105 [Documentation] Create Two Networks, Two Subnets, Four Ports
106 Create Multiple Networks @{REQ_NETWORKS}
107 Create Multiple Subnets ${REQ_NETWORKS} ${REQ_SUBNETS} ${REQ_SUBNET_CIDR}
108 OpenStackOperations.Neutron Security Group Create @{SECURITY_GROUP}[0]
109 OpenStackOperations.Delete All Security Group Rules @{SECURITY_GROUP}[0]
110 OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[0] sg=@{SECURITY_GROUP}[0]
111 OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[1] sg=@{SECURITY_GROUP}[0]
112 OpenStackOperations.Create Port @{REQ_NETWORKS}[0] @{PORTS}[2] sg=@{SECURITY_GROUP}[0]
113 OpenStackOperations.Create Port @{REQ_NETWORKS}[1] @{PORTS}[3] sg=@{SECURITY_GROUP}[0]
114 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress protocol=icmp remote_ip=0.0.0.0/0
115 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress protocol=icmp remote_ip=0.0.0.0/0
116 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=ingress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0
117 OpenStackOperations.Neutron Security Group Rule Create @{SECURITY_GROUP}[0] direction=egress port_range_max=65535 port_range_min=1 protocol=tcp remote-ip=0.0.0.0/0
118 OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[0] @{PORTS}[1] @{VM_NAMES}[0] ${OS_CMP1_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0]
119 OpenStackOperations.Create Vm Instance With Ports On Compute Node @{PORTS}[2] @{PORTS}[3] @{VM_NAMES}[1] ${OS_CMP2_HOSTNAME} flavor=m1.tiny sg=@{SECURITY_GROUP}[0]
120 FOR ${vm} IN @{VM_NAMES}
121 OpenStackOperations.Poll VM Is ACTIVE ${vm}
123 @{VM_IP_DPN1} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get All VM IP Addresses ${OS_CMP1_CONN_ID} @{VM_NAMES}[0]
124 @{VM_IP_DPN2} = BuiltIn.Wait Until Keyword Succeeds 300 sec 15 sec OpenStackOperations.Get All VM IP Addresses ${OS_CMP2_CONN_ID} @{VM_NAMES}[1]
125 BuiltIn.Set Suite Variable @{VM_IP_DPN1}
126 BuiltIn.Set Suite Variable @{VM_IP_DPN2}
127 FOR ${ip} IN @{VM_IP_DPN1}
128 BuiltIn.Should Not Contain ${ip} None
130 FOR ${ip} IN @{VM_IP_DPN2}
131 BuiltIn.Should Not Contain ${ip} None
133 ${VM1_PORT} = Get VMs OVS Port Number ${OS_CMP1_IP} @{PORTS}[0]
134 ${VM1_METADATA} = OVSDB.Get Port Metadata ${OS_CMP1_IP} ${VM1_PORT}
135 BuiltIn.Set Suite Variable ${VM1_METADATA}