def test_policy_rules_scaling_with_ping_api(self): ''' Test to validate scaling of policy and rules ''' result = True msg = [] err_msg = [] vn_names = ['vn1', 'vn2'] vm_names = ['vm1', 'vm2'] vn_of_vm = {'vm1': 'vn1', 'vm2': 'vn2'} vn_nets = { 'vn1': [(NetworkIpam(), VnSubnetsType( [IpamSubnetType(subnet=SubnetType('10.1.1.0', 24))]))], 'vn2': [(NetworkIpam(), VnSubnetsType( [IpamSubnetType(subnet=SubnetType('20.1.1.0', 24))]))] } number_of_policy = 1 # adding workaround to pass the test with less number of rules till # 1006, 1184 fixed number_of_dummy_rules = 149 valid_rules = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'icmp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, ] self.logger.info( 'Creating %d policy and %d rules to test policy scalability' % (number_of_policy, number_of_dummy_rules + len(valid_rules))) # for now we are creating limited number of policy and rules policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules, option='api') self.logger.info('Create VN and associate %d policy' % (number_of_policy)) vn_fixture = {} vm_fixture = {} ref_tuple = [] for conf_policy in policy_objs_list: ref_tuple.append((conf_policy, VirtualNetworkPolicyType( sequence=SequenceType(major=0, minor=0)))) proj_fixt = self.useFixture( ProjectTestFixtureGen(self.vnc_lib, project_name=self.project.project_name)) for vn_name in vn_names: vn_fixture[vn_name] = self.useFixture( VirtualNetworkTestFixtureGen( self.vnc_lib, virtual_network_name=vn_name, parent_fixt=proj_fixt, id_perms=IdPermsType(enable=True), network_policy_ref_infos=ref_tuple, network_ipam_ref_infos=vn_nets[vn_name])) vn_read = self.vnc_lib.virtual_network_read( id=str(vn_fixture[vn_name]._obj.uuid)) if not vn_read: self.logger.error("VN %s read on API server failed" % vn_name) return { 'result': False, 'msg': "VN:%s read failed on API server" % vn_name } for vm_name in vm_names: vn_read = self.vnc_lib.virtual_network_read( id=str(vn_fixture[vn_of_vm[vm_name]]._obj.uuid)) vn_quantum_obj = self.quantum_h.get_vn_obj_if_present(vn_read.name) assert vn_read, "VN %s not found in API" % (vn_of_vm[vm_name]) assert vn_quantum_obj, "VN %s not found in neutron" % ( vn_of_vm[vm_name]) # Launch VM with 'ubuntu-traffic' image which has scapy pkg # remember to call install_pkg after VM bringup # Bring up with 2G RAM to support multiple traffic streams.. vm_fixture[vm_name] = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn_quantum_obj, flavor='contrail_flavor_small', image_name='ubuntu-traffic', vm_name=vm_name)) for vm_name in vm_names: self.logger.info("Calling VM verifications... ") assert vm_fixture[vm_name].verify_on_setup() for vm_name in vm_names: out = self.nova_h.wait_till_vm_is_up(vm_fixture[vm_name].vm_obj) if not out: self.logger.error("VM failed to come up") return out # Test ping with scaled policy and rules dst_vm = vm_names[len(vm_names) - 1] # 'vm2' dst_vm_fixture = vm_fixture[dst_vm] dst_vm_ip = dst_vm_fixture.vm_ip self.logger.info("Verify ping to vm %s" % (dst_vm)) ret = vm_fixture[vm_names[0]].ping_with_certainty(dst_vm_ip, expectation=True) result_msg = "vm ping test result to vm %s is: %s" % (dst_vm, ret) self.logger.info(result_msg) if not ret: result = False msg.extend([ "ping test failure with scaled policy and rules:", result_msg ]) self.assertEqual(result, True, msg) return True
def test_policy_rules_scaling_with_ping_api(self): ''' Test to validate scaling of policy and rules ''' result = True msg = [] err_msg = [] vn_names = ['vn1', 'vn2'] vm_names = ['vm1', 'vm2'] vn_of_vm = {'vm1': 'vn1', 'vm2': 'vn2'} vn_nets = { 'vn1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(subnet=SubnetType('10.1.1.0', 24))]))], 'vn2': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(subnet=SubnetType('20.1.1.0', 24))]))] } number_of_policy = 1 # adding workaround to pass the test with less number of rules till # 1006, 1184 fixed number_of_dummy_rules = 149 valid_rules = [ PolicyRuleType( direction='<>', protocol='icmp', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)]) ] self.logger.info( 'Creating %d policy and %d rules to test policy scalability' % (number_of_policy, number_of_dummy_rules + len(valid_rules))) # for now we are creating limited number of policy and rules policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules, option='api') self.logger.info('Create VN and associate %d policy' % (number_of_policy)) vn_fixture = {} vm_fixture = {} ref_tuple = [] for conf_policy in policy_objs_list: ref_tuple.append( (conf_policy, VirtualNetworkPolicyType( sequence=SequenceType( major=0, minor=0)))) proj_fixt = self.useFixture( ProjectTestFixtureGen( self.vnc_lib, project_name=self.project.project_name)) for vn_name in vn_names: vn_fixture[vn_name] = self.useFixture( VirtualNetworkTestFixtureGen( self.vnc_lib, virtual_network_name=vn_name, parent_fixt=proj_fixt, id_perms=IdPermsType( enable=True), network_policy_ref_infos=ref_tuple, network_ipam_ref_infos=vn_nets[vn_name])) vn_read = self.vnc_lib.virtual_network_read( id=str(vn_fixture[vn_name]._obj.uuid)) if not vn_read: self.logger.error("VN %s read on API server failed" % vn_name) return { 'result': False, 'msg': "VN:%s read failed on API server" % vn_name} for vm_name in vm_names: vn_read = self.vnc_lib.virtual_network_read( id=str(vn_fixture[vn_of_vm[vm_name]]._obj.uuid)) vn_quantum_obj = self.quantum_h.get_vn_obj_if_present( vn_read.name) assert vn_read, "VN %s not found in API" % (vn_of_vm[vm_name]) assert vn_quantum_obj, "VN %s not found in neutron" % (vn_of_vm[vm_name]) # Launch VM with 'ubuntu-traffic' image which has scapy pkg # remember to call install_pkg after VM bringup # Bring up with 2G RAM to support multiple traffic streams.. vm_fixture[vm_name] = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn_quantum_obj, flavor='contrail_flavor_small', image_name='ubuntu-traffic', vm_name=vm_name)) for vm_name in vm_names: self.logger.info("Calling VM verifications... ") assert vm_fixture[vm_name].verify_on_setup() for vm_name in vm_names: out = self.nova_h.wait_till_vm_is_up( vm_fixture[vm_name].vm_obj) if not out: self.logger.error("VM failed to come up") return out # Test ping with scaled policy and rules dst_vm = vm_names[len(vm_names) - 1] # 'vm2' dst_vm_fixture = vm_fixture[dst_vm] dst_vm_ip = dst_vm_fixture.vm_ip self.logger.info("Verify ping to vm %s" % (dst_vm)) ret = vm_fixture[vm_names[0]].ping_with_certainty( dst_vm_ip, expectation=True) result_msg = "vm ping test result to vm %s is: %s" % (dst_vm, ret) self.logger.info(result_msg) if not ret: result = False msg.extend( ["ping test failure with scaled policy and rules:", result_msg]) self.assertEqual(result, True, msg) return True
def test_policy_rules_scaling_with_ping(self): ''' Test to validate scaling of policy and rules. Test to validate multiple policy scaling with 10 rules each. These policies will be attached to two VN's and 2 VM's will be spawned in each of the VN's to verify exact number of acls are created in the agent introspect. Expected ace id's = 150 policy * 10 distinct rules + 1 valid rule + 2 default rules = 1503 ace id's. ''' result = True msg = [] vn1_name = 'vn1' vn2_name = 'vn2' vn1_subnets = [get_random_cidr(af='v4')] vn2_subnets = ['20.1.1.0/24'] number_of_policy = 150 number_of_dummy_rules = 10 number_of_valid_rules = 1 number_of_default_rules = 2 total_number_of_rules = ( number_of_dummy_rules * number_of_policy) + number_of_valid_rules + number_of_default_rules no_of_rules_exp = total_number_of_rules valid_rules = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'icmp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, ] self.logger.info( 'Creating %d policy and %d rules to test policy scalability' % (number_of_policy, number_of_dummy_rules + len(valid_rules))) policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules, verify=False) time.sleep(5) self.logger.info('Create VN and associate %d policy' % (number_of_policy)) vn1_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn1_name, inputs=self.inputs, subnets=vn1_subnets, policy_objs=policy_objs_list)) assert vn1_fixture.verify_on_setup() vn2_fixture = self.useFixture( VNFixture(project_name=self.inputs.project_name, connections=self.connections, vn_name=vn2_name, inputs=self.inputs, subnets=vn2_subnets, policy_objs=policy_objs_list)) assert vn2_fixture.verify_on_setup() vn1_vm1_name = 'vm1' vn1_vm2_name = 'vm2' vm1_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn1_fixture.obj, vm_name=vn1_vm1_name)) assert vm1_fixture.verify_on_setup() vm2_fixture = self.useFixture( VMFixture(project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn2_fixture.obj, vm_name=vn1_vm2_name)) assert vm2_fixture.verify_on_setup() vm1_fixture.wait_till_vm_is_up() vm2_fixture.wait_till_vm_is_up() self.logger.info("Verify ping to vm %s" % (vn1_vm2_name)) ret = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip, expectation=True, dst_vm_fixture=vm2_fixture) result_msg = "vm ping test result to vm %s is: %s" % (vn1_vm2_name, ret) self.logger.info(result_msg) if not ret: result = False msg.extend( ["ping failure with scaled policy and rules:", result_msg]) assertEqual(result, True, msg) if self.inputs.get_af() == af_test: #In v6 test, new rule is added for proto 58 corresponding to v4 icmp rule, #so expected no. of rules should be increamented by 1 no_of_rules_exp = total_number_of_rules + 1 vn1_acl_count = len( self.agent_inspect[vm1_fixture._vm_node_ip].get_vna_acl_by_vn( vn1_fixture.vn_fq_name)['entries']) vn2_acl_count = len( self.agent_inspect[vm2_fixture._vm_node_ip].get_vna_acl_by_vn( vn2_fixture.vn_fq_name)['entries']) self.assertEqual( vn1_acl_count, no_of_rules_exp, "Mismatch in number of ace ID's and total number of rules in agent introspect \ for vn %s" % vn1_fixture.vn_fq_name) self.assertEqual( vn2_acl_count, no_of_rules_exp, "Mismatch in number of ace ID's and total number of rules in agent introspect \ for vn %s" % vn2_fixture.vn_fq_name) self.logger.info( 'Verified ace Id\'s were created for %d rules, to test policy scalability' % no_of_rules_exp) return True
def test_policy_rules_scaling_with_ping(self): ''' Test to validate scaling of policy and rules ''' result = True msg = [] vn1_name = 'vn1' vn2_name = 'vn2' vn1_subnets = ['10.1.1.0/24'] vn2_subnets = ['20.1.1.0/24'] number_of_policy = 10 # adding workaround to pass the test with less number of rules till # 1006, 1184 fixed number_of_dummy_rules = 148 valid_rules = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'icmp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'udp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, ] self.logger.info( 'Creating %d policy and %d rules to test policy scalability' % (number_of_policy, number_of_dummy_rules + len(valid_rules))) # for now we are creating limited number of policy and rules policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules) time.sleep(5) self.logger.info('Create VN and associate %d policy' % (number_of_policy)) vn1_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn1_name, inputs=self.inputs, subnets=vn1_subnets, policy_objs=policy_objs_list)) assert vn1_fixture.verify_on_setup() vn2_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn2_name, inputs=self.inputs, subnets=vn2_subnets, policy_objs=policy_objs_list)) assert vn2_fixture.verify_on_setup() vn1_vm1_name = 'vm1' vn1_vm2_name = 'vm2' vm1_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn1_fixture.obj, vm_name=vn1_vm1_name)) assert vm1_fixture.verify_on_setup() vm2_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn2_fixture.obj, vm_name=vn1_vm2_name)) assert vm2_fixture.verify_on_setup() vm1_fixture.wait_till_vm_is_up() vm2_fixture.wait_till_vm_is_up() self.logger.info("Verify ping to vm %s" % (vn1_vm2_name)) ret = vm1_fixture.ping_with_certainty( vm2_fixture.vm_ip, expectation=True, dst_vm_fixture=vm2_fixture) result_msg = "vm ping test result to vm %s is: %s" % ( vn1_vm2_name, ret) self.logger.info(result_msg) if not ret: result = False msg.extend( ["ping failure with scaled policy and rules:", result_msg]) assertEqual(result, True, msg) return True
def test_one_policy_rules_scaling_with_ping(self): ''' Test to validate scaling of policy and rules. Test to validate rules scaling on a single policy. The policy will be attached to two VN's and 2 VM's will be spawned in each of the VN's to verify exact number of acls are created in the agent introspect. Expected ace id's = 1 policy * 1498 distinct rules + 2 valid rule + 2 default rules = 1504 ace id's. ''' result = True msg = [] vn1_name = 'vn1' vn2_name = 'vn2' vn1_subnets = ['10.1.1.0/24'] vn2_subnets = ['20.1.1.0/24'] number_of_policy = 1 number_of_dummy_rules = 1498 number_of_valid_rules = 2 number_of_default_rules = 2 total_number_of_rules=number_of_dummy_rules + number_of_valid_rules + number_of_default_rules no_of_rules_exp = total_number_of_rules valid_rules = [ { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'icmp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, { 'direction': '<>', 'simple_action': 'pass', 'protocol': 'udp', 'src_ports': 'any', 'dst_ports': 'any', 'source_network': 'any', 'dest_network': 'any', }, ] self.logger.info( 'Creating %d policy and %d rules to test policy scalability' % (number_of_policy, number_of_dummy_rules + len(valid_rules))) policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules) time.sleep(5) self.logger.info('Create VN and associate %d policy' % (number_of_policy)) vn1_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn1_name, inputs=self.inputs, subnets=vn1_subnets, policy_objs=policy_objs_list)) assert vn1_fixture.verify_on_setup() vn2_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn2_name, inputs=self.inputs, subnets=vn2_subnets, policy_objs=policy_objs_list)) assert vn2_fixture.verify_on_setup() vn1_vm1_name = 'vm1' vn1_vm2_name = 'vm2' vm1_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn1_fixture.obj, vm_name=vn1_vm1_name)) assert vm1_fixture.verify_on_setup() vm2_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn2_fixture.obj, vm_name=vn1_vm2_name)) assert vm2_fixture.verify_on_setup() vm1_fixture.wait_till_vm_is_up() vm2_fixture.wait_till_vm_is_up() self.logger.info("Verify ping to vm %s" % (vn1_vm2_name)) ret = vm1_fixture.ping_with_certainty( vm2_fixture.vm_ip, expectation=True, dst_vm_fixture=vm2_fixture) result_msg = "vm ping test result to vm %s is: %s" % ( vn1_vm2_name, ret) self.logger.info(result_msg) if not ret: result = False msg.extend( ["ping failure with scaled policy and rules:", result_msg]) assertEqual(result, True, msg) if self.inputs.get_af() == af_test: #In v6 test, new rule is added for proto 58 corresponding to v4 icmp rule, #so expected no. of rules should be increamented by 1 no_of_rules_exp = total_number_of_rules + 1 vn1_acl_count=len(self.agent_inspect[ vm1_fixture._vm_node_ip].get_vna_acl_by_vn(vn1_fixture.vn_fq_name)['entries']) vn2_acl_count=len(self.agent_inspect[ vm2_fixture._vm_node_ip].get_vna_acl_by_vn(vn2_fixture.vn_fq_name)['entries']) self.assertEqual(vn1_acl_count, no_of_rules_exp, "Mismatch in number of ace ID's and total number of rules in agent introspect \ for vn %s" %vn1_fixture.vn_fq_name) self.assertEqual(vn2_acl_count, no_of_rules_exp, "Mismatch in number of ace ID's and total number of rules in agent introspect \ for vn %s" %vn2_fixture.vn_fq_name) self.logger.info( 'Verified ace Id\'s were created for %d rules, to test policy scalability' % no_of_rules_exp) return True
def test_policy_rules_scaling_with_ping(self): """ Test to validate scaling of policy and rules """ result = True msg = [] vn1_name = "vn1" vn2_name = "vn2" vn1_subnets = ["10.1.1.0/24"] vn2_subnets = ["20.1.1.0/24"] number_of_policy = 10 # adding workaround to pass the test with less number of rules till # 1006, 1184 fixed number_of_dummy_rules = 148 valid_rules = [ { "direction": "<>", "simple_action": "pass", "protocol": "icmp", "src_ports": "any", "dst_ports": "any", "source_network": "any", "dest_network": "any", }, { "direction": "<>", "simple_action": "pass", "protocol": "udp", "src_ports": "any", "dst_ports": "any", "source_network": "any", "dest_network": "any", }, ] self.logger.info( "Creating %d policy and %d rules to test policy scalability" % (number_of_policy, number_of_dummy_rules + len(valid_rules)) ) # for now we are creating limited number of policy and rules policy_objs_list = policy_test_helper._create_n_policy_n_rules( self, number_of_policy, valid_rules, number_of_dummy_rules ) time.sleep(5) self.logger.info("Create VN and associate %d policy" % (number_of_policy)) vn1_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn1_name, inputs=self.inputs, subnets=vn1_subnets, policy_objs=policy_objs_list, ) ) assert vn1_fixture.verify_on_setup() vn2_fixture = self.useFixture( VNFixture( project_name=self.inputs.project_name, connections=self.connections, vn_name=vn2_name, inputs=self.inputs, subnets=vn2_subnets, policy_objs=policy_objs_list, ) ) assert vn2_fixture.verify_on_setup() vn1_vm1_name = "vm1" vn1_vm2_name = "vm2" vm1_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn1_fixture.obj, vm_name=vn1_vm1_name, ) ) assert vm1_fixture.verify_on_setup() vm2_fixture = self.useFixture( VMFixture( project_name=self.inputs.project_name, connections=self.connections, vn_obj=vn2_fixture.obj, vm_name=vn1_vm2_name, ) ) assert vm2_fixture.verify_on_setup() vm1_fixture.wait_till_vm_is_up() vm2_fixture.wait_till_vm_is_up() self.logger.info("Verify ping to vm %s" % (vn1_vm2_name)) ret = vm1_fixture.ping_with_certainty(vm2_fixture.vm_ip, expectation=True) result_msg = "vm ping test result to vm %s is: %s" % (vn1_vm2_name, ret) self.logger.info(result_msg) if not ret: result = False msg.extend(["ping failure with scaled policy and rules:", result_msg]) assertEqual(result, True, msg) return True