def erspan_pre_config(): """ Author: Lakshminarayana D ([email protected]) Using this pre config at module level. So, applicable for all test cases which includes in this module. :return: None """ # IP address configuration on DUT-1 for port, ip_addr, in zip(data.port_list_d1, data.ip_list_d1): ip.config_ip_addr_interface(vars.D1, port, ip_addr, data.subnet_mask) # IP address configuration on DUT-2 for port, ip_addr in zip(data.port_list_d2, data.ip_list_d2): ip.config_ip_addr_interface(vars.D2, port, ip_addr, data.subnet_mask) # Create static route _, network = ip.get_network_addr("{}/{}".format(data.ip_T1D2P1, data.subnet_mask)) ip.create_static_route(vars.D1, data.ip_D2D1P1, network) _, network = ip.get_network_addr("{}/{}".format(data.ip_T1D1P1, data.subnet_mask)) ip.create_static_route(vars.D2, data.ip_D1D2P1, network) # creation and verification of Monitor session mirror.create_session(vars.D1, session_name=data.session_name, src_ip=data.ip_D1T1P1, dst_ip=data.ip_T1D2P1, gre_type=data.gre_type, dscp=data.dscp, ttl=data.ttl, queue=data.queue) # creation and verification of ACL Policy acl_dscp.config_policy_table(vars.D1, enable='create', policy_name=data.acl_table_name, policy_type=data.type) acl_dscp.config_service_policy_table(vars.D1, policy_kind="bind", interface_name=vars.D1T1P1, stage='in', service_policy_name=data.acl_table_name, policy_type=data.type) acl_dscp.config_service_policy_table(vars.D1, policy_kind="bind", interface_name=vars.D1T1P2, stage='in', policy_type=data.type, service_policy_name=data.acl_table_name) acl.create_acl_table(vars.D1, name="L3_IPV6_INGRESS", stage=data.stage, type="L3V6", description="L3_IPV6_INGRESS", ports=[vars.D1T1P1])
def ipv4_acl_config(): st.log('Creating IPv4 ACL in ACL table:') acl_obj.create_acl_table(vars.D1, name=data.acl_ipv4_table_name, type=data.type, description=data.description, stage=data.stage) st.log('Adding IPv4 ACL source_ip drop rule in ACL rule table:') acl_obj.create_acl_rule(vars.D1, table_name=data.acl_ipv4_table_name, rule_name=data.acl_rule, packet_action=data.packet_action, priority=data.priority, SRC_IP="{}/{}".format(data.src_ip, data.mask))
def create_ACLtable_scale(dut, **kwargs): """ Author: create_ACLtable_scale(dut=dut1,max_acl=1,aclName='ACL',direction ='INGRESS', acl_type='L3') """ result = True if 'max_acl' in kwargs: max_acl = kwargs['max_acl'] else: max_acl = 1 if 'aclName' in kwargs: aclName = kwargs['aclName'] else: st.log('Mandatory parameter aclName is not found') return False if 'direction' in kwargs: direction = kwargs['direction'] else: direction = 'INGRESS' if 'acl_type' in kwargs: acl_type = kwargs['acl_type'] else: acl_type = 'L3' st.log('creating ACL tables ') for i in range(max_acl): result = acl_obj.create_acl_table(dut=dut, name=aclName + str(i), stage=direction, type=acl_type, description="Testing acl scale") return result
def ipv6_acl_config(): st.log('Creating IPv6 ACL in ACL table:') acl_obj.create_acl_table(vars.D1, name=data.acl_ipv6_table_name, type=data.type_ipv6, description=data.description, stage=data.stage, ports=[vars.D1T1P1]) st.log('Adding IPv4 ACL source_ip drop rule in ACL rule table:') acl_obj.create_acl_rule(vars.D1, table_name=data.acl_ipv6_table_name, acl_type="ipv6", rule_name=data.acl_rule_v6, packet_action=data.packet_action, priority=data.priority, SRC_IPV6="{}/{}".format(data.src_ipv6, data.mask_ipv6))
def nat_pre_config(): global vars vars = st.ensure_min_topology("D1T1:2") platform = basic_obj.get_hwsku(vars.D1) common_constants = st.get_datastore(vars.D1, "constants", "default") if platform.lower() in common_constants['TH3_PLATFORMS']: st.error("NAT is not supported for this platform {}".format(platform)) st.report_unsupported('NAT_unsupported_platform',platform) global tg_handler, tg1, tg2, tg_ph_1, tg_ph_2, dut1_rt_int_mac, tg_str_data, tg_rt_int_handle tg_handler = util_tg_init(vars, [vars.T1D1P1, vars.T1D1P2]) tg1 = tg_handler["tg"] tg2 = tg_handler["tg"] tg_ph_1 = tg_handler["tg_ph_1"] tg_ph_2 = tg_handler["tg_ph_2"] ip_obj.config_ip_addr_interface(vars.D1, vars.D1T1P1, data.in1_ip_addr, data.in1_ip_addr_mask, family=data.af_ipv4) ip_obj.config_ip_addr_interface(vars.D1, vars.D1T1P2, data.out_ip_addr_l[0], data.out_ip_addr_mask, family=data.af_ipv4) dut1_rt_int_mac = basic_obj.get_ifconfig_ether(vars.D1, vars.D1T1P1) ip_obj.create_static_route(vars.D1, data.out_ip_addr_h, "{}/{}".format(data.global_ip_addr_rt, data.global_ip_addr_mask), shell=data.shell_vtysh, family=data.af_ipv4) ip_obj.create_static_route(vars.D1, data.in1_ip_addr_h[0], "{}/{}".format(data.s_global_ip_rt, data.s_global_ip_mask)) tg_rt_int_handle = util_tg_routing_int_config(vars, tg1, tg2, tg_ph_1, tg_ph_2) st.log("NAT Configuration") nat_obj.config_nat_feature(vars.D1, 'enable') util_nat_zone_config(vars, [vars.D1T1P1, vars.D1T1P2], [data.zone_1, data.zone_2], config=data.config_add) nat_obj.config_nat_static(vars.D1, protocol=data.proto_all, global_ip=data.out_ip_addr_l[0], local_ip=data.in1_ip_addr_h[0], config=data.config_add, nat_type=data.nat_type_dnat) nat_obj.config_nat_static(vars.D1, protocol=data.proto_tcp, global_ip=data.out_ip_addr_l[1], local_ip=data.in1_ip_addr_h[1], local_port_id=data.tcp_src_local_port, global_port_id=data.tcp_src_global_port, config=data.config_add, nat_type=data.nat_type_dnat) nat_obj.config_nat_static(vars.D1, protocol=data.proto_udp, global_ip=data.in1_ip_addr_h[2], local_ip=data.out_ip_addr_l[2], local_port_id=data.udp_src_global_port, global_port_id=data.udp_src_local_port, config=data.config_add, nat_type=data.nat_type_snat) nat_obj.config_nat_static(vars.D1, protocol=data.proto_all, global_ip=data.s_global_ip, local_ip=data.s_local_ip, config=data.config_add, nat_type=data.nat_type_snat) nat_obj.config_nat_static(vars.D1,protocol=data.proto_all,global_ip=data.out_ip_addr_l[3],local_ip=data.in1_ip_addr_h[3], config=data.config_add,nat_type=data.nat_type_dnat,twice_nat_id=data.twice_nat_id_1) nat_obj.config_nat_static(vars.D1, protocol=data.proto_all, global_ip=data.global_ip_addr, local_ip=data.test_ip_addr, config=data.config_add, nat_type=data.nat_type_snat, twice_nat_id=data.twice_nat_id_1) # dynamic NAT config st.log("Creating NAT Pool-1") nat_obj.config_nat_pool(vars.D1, pool_name=data.pool_name[0], global_ip_range=data.out_ip_range, global_port_range= data.global_port_range, config=data.config_add) nat_obj.config_nat_pool(vars.D1, pool_name="scale_pool", global_ip_range="125.56.90.23-125.56.90.30", global_port_range="1001-8001", config=data.config_add) st.log("Creating NAT Pool binding") nat_obj.config_nat_pool_binding(vars.D1, binding_name=data.bind_name[0], pool_name=data.pool_name[0], config=data.config_add) st.log("Creating NAT Pool-2") nat_obj.config_nat_pool(vars.D1, pool_name=data.pool_name[1], global_ip_range=data.out2_ip_range, config=data.config_add) st.log("Creating NAT Pool-2 binding") nat_obj.config_nat_pool_binding(vars.D1, binding_name=data.bind_name[1], pool_name=data.pool_name[1], config=data.config_add) # nat acl for ingress traffic acl_obj.create_acl_table(vars.D1, name=data.acl_table_in_nat_eg, stage="INGRESS", type=data.type, description="ingress-acl", ports=[vars.D1T1P1]) acl_obj.create_acl_rule(vars.D1, table_name=data.acl_table_in_nat_eg, rule_name="rule-32", packet_action=data.packet_forward_action, SRC_IP="{}/{}".format(data.in1_ip_addr_rt, data.in1_ip_addr_mask), priority='98', type=data.type, ip_protocol="4") acl_obj.create_acl_rule(vars.D1, table_name=data.acl_table_in_nat_eg, rule_name="rule-33", packet_action=data.packet_do_not_nat_action, SRC_IP="{}/{}".format('14.1.0.1', data.mask), priority='97', type=data.type, ip_protocol="4") # Checking arp table for debugging arp_obj.show_arp(vars.D1) ip_obj.show_ip_route(vars.D1) # Clearing all interface counters for debugging purpose intf_obj.clear_interface_counters(vars.D1) tg_str_data = util_tg_stream_config(tg1, tg2, tg_ph_1, tg_ph_2)
def test_fuctPBR_02(): global description global descriptionv6 global vars vars = st.get_testbed_vars() final_result = True description = 'IPv4_ACL_redirect_NH' descriptionv6 = 'IPv6_ACL_redirect_NH' st.log( 'This test covers StSoSeConf014 StSoSeConf015 StSoSeVer014 StSoSeVer015' ) st.log('creating IPv4 static route') ipfeature.create_static_route(dut1, static_ip=srpIP, next_hop=nextHop_ip, shell='') ipfeature.create_static_route(dut1, static_ip=srpIPv6, next_hop=nextHop_ipv6, shell='', family='ipv6') st.log( 'creating IPv4 ACL table and binding to the ports in Ingress direction' ) acl_obj.create_acl_table(dut1, name=acl_table_name, stage=stage, type=type, description=description, ports=[r1_tg_ports1]) acl_obj.create_acl_table(dut1, name=acl_table_namev6, stage=stage, type=typev6, description=descriptionv6, ports=[r1_tg_ports1]) st.log( 'Creating ACL rules with src_ip dst_ip port and action as forward drop' ) acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[0], priority=priority_list[0], packet_action=pktAction + nextHop_ip + '|' + r1_tg_ports2, SRC_IP="{}/{}".format(srpIP, maskACL), DST_IP="{}/{}".format(dstIP, maskACL)) acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[9], priority=priority_list[9], packet_action='drop', IP_TYPE='ipv4any') acl_obj.create_acl_rule(dut1, table_name=acl_table_namev6, rule_name=rule_list[0], priority=priority_list[0], packet_action=pktAction + nextHop_ipv6 + '|' + r1_tg_ports2, SRC_IPV6="{}/{}".format(srpIPv6, '128'), DST_IPV6="{}/{}".format(dstIPv6, '128')) acl_obj.create_acl_rule(dut1, table_name=acl_table_namev6, rule_name=rule_list[9], priority=priority_list[9], packet_action='drop', IP_TYPE='ipv6any') #acl_obj.create_acl_rule(dut1, table_name=acl_table_name, rule_name=rule_list[0],priority=priority_list[0], packet_action=pktAction+nextHop_ip+'|'+r1_tg_ports2, SRC_IP="{}/{}".format(srpIP, maskACL),DST_IP="{}/{}".format(dstIP, maskACL)) start_stop_traffic(tg1, tg2, tg_dut1_p1_handle, tg_dut1_p2_handle) traffic_details = { '1': { 'tx_ports': [vars.T1D1P1], 'tx_obj': [tg1], 'exp_ratio': [[1, 0, 1, 0]], 'rx_ports': [vars.T1D1P2], 'rx_obj': [tg2], 'stream_list': [[stream_id1, stream_id2, stream_id3, stream_id4]] } } test1 = tgapi.validate_tgen_traffic(traffic_details=traffic_details, mode='streamblock', comp_type='packet_count') if test1 is False: st.error("Traffic Verification Failed") final_result = False t1 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_name, rule_name=rule_list[0], packet_count=expCount) t2 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_name, rule_name=rule_list[9], packet_count=expCount) t3 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_namev6, rule_name=rule_list[0], packet_count=expCount) t4 = acl_obj.verify_acl_stats(dut1, table_name=acl_table_namev6, rule_name=rule_list[9], packet_count=int(expCount) + 16) if False in list(set([t1, t2, t3, t4])): tc = [t1, t2, t3, t4].index(False) print("TC failed for rule : " + str((tc + 1))) st.error("ACL stats validation Failed") final_result = False else: st.log('ACL stats validation Passed') st.log('Deleting IPv4/v6 static route') ipfeature.delete_static_route(dut1, static_ip=srpIP, next_hop=nextHop_ip, shell='') ipfeature.delete_static_route(dut1, static_ip=srpIPv6, next_hop=nextHop_ipv6, shell='', family='ipv6') st.log('Removing the ACL table config') acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_name) acl_obj.delete_acl_table(dut=dut1, acl_table_name=acl_table_namev6) if final_result: st.log( "PBR-Test:Validation of PBR REDIRECT_TO_Next-Hop interface Passed") st.report_pass('test_case_passed') else: st.error( "PBR-Test : Validation of PBR REDIRECT_TO_Next-Hop interface failed" ) st.report_fail('test_case_failed')