def test_reply_message(self): network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(network.close) network_id = network.create() subnet = objects.SubnetTestObj(self.neutron, self.nb_api, network_id) self.addCleanup(subnet.close) subnet_body = { 'network_id': network_id, 'cidr': '10.20.0.0/24', 'gateway_ip': '10.20.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet.create(subnet=subnet_body) self.assertTrue(network.exists()) self.assertTrue(subnet.exists()) vm1 = objects.VMTestObj(self, self.neutron) self.addCleanup(vm1.close) vm1.create(network=network) self.assertIsNotNone(vm1.server.addresses['mynetwork']) mac1 = vm1.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac1) vm2 = objects.VMTestObj(self, self.neutron) self.addCleanup(vm2.close) vm2.create(network=network) self.assertIsNotNone(vm2.server.addresses['mynetwork']) mac2 = vm2.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac2) # wait util get the message we want self.set_wanted_vms.clear() utils.wait_until_true( lambda: self._get_all_wanted_vms_online(mac1, mac2), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Could not get wanted online vm')) vm1.close() vm2.close() utils.wait_until_none( lambda: utils.find_logical_port(self.nb_api, ip=None, mac=mac1), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Port was not deleted')) utils.wait_until_none( lambda: utils.find_logical_port(self.nb_api, ip=None, mac=mac2), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Port was not deleted'))
def test_flat_network_flows(self): if not self._check_providers_net_app_enable(): return physical_network = self._parse_flat_network() if not physical_network: self.assertIsNotNone(None) return # Create network network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_params = { "name": "flat_1", "provider:network_type": "flat", "provider:physical_network": physical_network } network_id = network.create(network=network_params) # Create subnet subnet_params = { 'network_id': network_id, 'cidr': '100.64.1.0/24', 'gateway_ip': '10.64.1.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet = self.neutron.create_subnet({'subnet': subnet_params}) self.assertIsNotNone(subnet) # Create VM ovs = utils.OvsFlowsParser() vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) mac = vm.get_first_mac() self.assertIsNotNone(mac) metadataid = utils.wait_until_is_and_return( lambda: self._get_metadata_id(ovs.dump(self.integration_bridge), ip, mac), exception=Exception('Metadata id was not found in OpenFlow rules')) port = utils.wait_until_is_and_return( lambda: utils.get_vm_port(self.nb_api, ip, mac), exception=Exception('No port assigned to VM')) port_key = port.unique_key port_key_hex = hex(port_key) r = self._check_flat_flows(ovs.dump(self.integration_bridge), metadataid, port_key_hex, mac) for key, value in r.items(): self.assertIsNotNone(value, key) vm.server.stop() vm.close() network.close() return None
def test_vm_multicast(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'private'}) subnet = { 'network_id': network_id, 'cidr': '10.200.0.0/24', 'gateway_ip': '10.200.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet = self.neutron.create_subnet({'subnet': subnet}) ovs = utils.OvsFlowsParser() vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) self.assertIsNotNone(vm.server.addresses['private']) mac = vm.server.addresses['private'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) metadataid = utils.wait_until_is_and_return( lambda: self._get_metadata_id(ovs.dump(self.integration_bridge), ip, mac), exception=Exception('Metadata id was not found in OpenFlow rules')) port = utils.wait_until_is_and_return( lambda: self._get_vm_port(ip, mac), exception=Exception('No port assigned to VM')) tunnel_key = port.get_tunnel_key() tunnel_key_hex = hex(tunnel_key) r = self._check_multicast_rule(ovs.dump(self.integration_bridge), metadataid, tunnel_key_hex) self.assertIsNotNone(r) vm.close() network.close()
def _create_vm(self, network): vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) vm_mac = vm.get_first_mac() self.assertTrue(vm_mac is not None) vm_flows = self._get_vm_flows(vm_mac) self.assertTrue(any(vm_flows)) return vm
def test_reply_message(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'private'}) subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id)) subnet_body = { 'network_id': network_id, 'cidr': '10.20.0.0/24', 'gateway_ip': '10.20.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet.create(subnet=subnet_body) self.assertTrue(network.exists()) self.assertTrue(subnet.exists()) vm1 = self.store(objects.VMTestObj(self, self.neutron)) vm1.create(network=network) self.assertIsNotNone(vm1.server.addresses['private']) mac1 = vm1.server.addresses['private'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac1) vm2 = self.store(objects.VMTestObj(self, self.neutron)) vm2.create(network=network) self.assertIsNotNone(vm2.server.addresses['private']) mac2 = vm2.server.addresses['private'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac2) #wait util get the message we want self.set_wanted_vms.clear() wait_until_true(lambda: self._get_all_wanted_vms_online(mac1, mac2), timeout=30, sleep=1, exception=Exception('Could not get wanted online vm')) vm1.close() vm2.close() utils.wait_until_none(lambda: self._get_vm_port_by_mac_address(mac1), timeout=30, sleep=1, exception=Exception('Port was not deleted')) utils.wait_until_none(lambda: self._get_vm_port_by_mac_address(mac2), timeout=30, sleep=1, exception=Exception('Port was not deleted'))
def test_vlan_network_flows(self): if self._check_l2_ml2_app_enable() is False: return physical_network, vlan_min = self._parse_network_vlan_ranges() if physical_network is None or vlan_min is None: self.assertIsNotNone(None) return # Create network network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_params = { "name": "vlan_1", "provider:network_type": "vlan", "provider:physical_network": physical_network, "provider:segmentation_id": vlan_min } network_id = network.create(network=network_params) # Create subnet subnet_params = { 'network_id': network_id, 'cidr': '100.64.0.0/24', 'gateway_ip': '10.64.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet = self.neutron.create_subnet({'subnet': subnet_params}) self.assertIsNotNone(subnet) # Create VM ovs = utils.OvsFlowsParser() vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) mac = vm.get_first_mac() self.assertIsNotNone(mac) metadataid = utils.wait_until_is_and_return( lambda: self._get_metadata_id(ovs.dump(self.integration_bridge), ip, mac), exception=Exception('Metadata id was not found in OpenFlow rules')) port = utils.wait_until_is_and_return( lambda: self._get_vm_port(ip, mac), exception=Exception('No port assigned to VM')) port_key = port.get_tunnel_key() port_key_hex = hex(port_key) r = self._check_vlan_flows(ovs.dump(self.integration_bridge), metadataid, vlan_min, port_key_hex, mac) self.assertIsNotNone(r) vm.server.stop() vm.close() network.close()
def test_arp_responder(self): """ Add a VM. Verify it's ARP flow is there. """ network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'arp_responder_test'}) subnet_obj = self.store( objects.SubnetTestObj( self.neutron, self.nb_api, network_id, )) subnet = { 'network_id': network_id, 'cidr': '10.10.10.0/24', 'gateway_ip': '10.10.10.1', 'ip_version': 4, 'name': 'arp_responder_test', 'enable_dhcp': True } subnet = subnet_obj.create(subnet) flows_before = self._get_arp_table_flows() vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) flows_middle = self._get_arp_table_flows() vm.server.stop() vm.close() eventlet.sleep(test_utils.DEFAULT_CMD_TIMEOUT) flows_delta = [ flow for flow in flows_middle if flow not in flows_before ] self.assertIsNotNone( self._find_arp_responder_flow_by_ip(flows_delta, ip)) condition = lambda: self._check_arp_flow_removal(ip) try: utils.wait_until_true( condition, timeout=40, sleep=1, exception=RuntimeError( "Timed out waiting for arp responedr flow from %(ip)s" " to be removed" % {'ip': ip})) except Exception as e: self.assertIsNone(e) finally: network.close()
def test_anti_spoof_flows(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'test_network1'}) self.assertTrue(network.exists()) subnet_info = {'network_id': network_id, 'cidr': '192.168.130.0/24', 'gateway_ip': '192.168.130.1', 'ip_version': 4, 'name': 'test_subnet1', 'enable_dhcp': True} subnet = self.store(objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) self.assertTrue(subnet.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) addresses = vm.server.addresses['test_network1'] self.assertIsNotNone(addresses) ip = addresses[0]['addr'] self.assertIsNotNone(ip) mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) port = utils.wait_until_is_and_return( lambda: self._get_vm_port(ip, mac), exception=Exception('No port assigned to VM') ) ovsdb = utils.OvsDBParser() of_port = ovsdb.get_ofport(port.get_id()) self.assertIsNotNone(of_port) # Check if the associating flows were installed. expected_flow_list = self._get_anti_spoof_expected_flows( ip, mac, of_port ) self._check_all_flows_existed(expected_flow_list) vm.server.stop() vm.close() time.sleep(utils.DEFAULT_CMD_TIMEOUT) # Check if the associating flows were removed. expected_flow_list = self._get_anti_spoof_expected_flows( ip, mac, of_port ) self._check_not_flow_existed(expected_flow_list)
def test_port_based_flows(self): if not self._check_if_app_enabled(): return network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(network.close) network_id = network.create() subnet = { 'network_id': network_id, 'cidr': '10.200.0.0/24', 'gateway_ip': '10.200.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } external_host_ip = cfg.CONF.df.external_host_ip self.assertIsNotNone(external_host_ip) split_ip = external_host_ip.split('.') ip2mac = '{:02x}:{:02x}:{:02x}:{:02x}'.format(*map(int, split_ip)) external_host_mac = const.CHASSIS_MAC_PREFIX + ip2mac subnet = self.neutron.create_subnet({'subnet': subnet}) self.assertIsNotNone(subnet) # Create VM ovs = utils.OvsFlowsParser() vm = objects.VMTestObj(self, self.neutron) self.addCleanup(vm.close) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) mac = vm.get_first_mac() self.assertIsNotNone(mac) port = utils.wait_until_is_and_return( lambda: utils.find_logical_port(self.nb_api, ip, mac), exception=Exception('No port assigned to VM')) port_key = port.unique_key network_key = network.nb_api.get( l2.LogicalSwitch(id=network_id)).unique_key r = self._check_port_based_flows(ovs.dump(self.integration_bridge), hex(port_key), hex(network_key), external_host_mac, mac) for key, value in r.items(): self.assertIsNotNone(value, key) vm.close() network.close()
def test_tunnel_network_flows(self): if self._check_tunneling_app_enable() is False: return network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(network.close) network_id = network.create() network_params = network.get_network() segmentation_id = network_params['network']['provider:segmentation_id'] subnet = {'network_id': network_id, 'cidr': '10.200.0.0/24', 'gateway_ip': '10.200.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True} subnet = self.neutron.create_subnet({'subnet': subnet}) self.assertIsNotNone(subnet) ovs = utils.OvsFlowsParser() vm = objects.VMTestObj(self, self.neutron) self.addCleanup(vm.close) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) self.assertIsNotNone(vm.server.addresses['mynetwork']) mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) metadataid = utils.wait_until_is_and_return( lambda: self._get_metadata_id(ovs.dump(self.integration_bridge), ip, mac), exception=Exception('Metadata id was not found in OpenFlow rules') ) port = utils.wait_until_is_and_return( lambda: utils.find_logical_port(self.nb_api, ip, mac), exception=Exception('No port assigned to VM') ) tunnel_key = port.unique_key tunnel_key_hex = hex(tunnel_key) n_type = network.get_network()['network']['provider:network_type'] port_num = self.vswitch_api.get_vtp_ofport(n_type) r = self._check_tunnel_flows(ovs.dump(self.integration_bridge), metadataid, hex(segmentation_id), tunnel_key_hex, mac, port_num) for key, value in r.items(): self.assertIsNotNone(value, key) vm.close() network.close()
def _create_vm(self, network): vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) vm_mac = vm.get_first_mac() self.assertTrue(vm_mac is not None) vm_flows = self._get_vm_flows(vm_mac) self.assertTrue(any(vm_flows)) if cfg.CONF.df.enable_neutron_notifier: # test port status update utils.wait_until_true( lambda: self._is_VM_port_status(vm, 'ACTIVE'), timeout=60, exception=Exception('Port status not change to ACTIVE') ) return vm
def _test_anti_spoof_flows(self, subnet_info): network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(network.close) network_id = network.create() self.assertTrue(network.exists()) subnet_info['network_id'] = network_id subnet = objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id) self.addCleanup(subnet.close) subnet.create(subnet_info) self.assertTrue(subnet.exists()) vm = objects.VMTestObj(self, self.neutron) self.addCleanup(vm.close) vm.create(network=network) addresses = vm.server.addresses['mynetwork'] self.assertIsNotNone(addresses) ip = addresses[0]['addr'] self.assertIsNotNone(ip) mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) port = utils.wait_until_is_and_return( lambda: utils.find_logical_port(self.nb_api, ip, mac), exception=Exception('No port assigned to VM')) of_port = self.vswitch_api.get_port_ofport_by_id(port.id) self.assertIsNotNone(of_port) unique_key = port.unique_key # Check if the associating flows were installed. expected_flow_list = self._get_anti_spoof_expected_flows( ip, mac, unique_key) self._check_all_flows_existed(expected_flow_list) vm.close() time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT) # Check if the associating flows were removed. expected_flow_list = self._get_anti_spoof_expected_flows( ip, mac, unique_key) self._check_not_flow_existed(expected_flow_list)
def test_notify_message(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id)) subnet_body = { 'network_id': network_id, 'cidr': '10.10.0.0/24', 'gateway_ip': '10.10.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True } subnet.create(subnet=subnet_body) self.assertTrue(network.exists()) self.assertTrue(subnet.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) self.assertIsNotNone(vm.server.addresses['mynetwork']) mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) # wait util get the message we want utils.wait_until_true( lambda: self._get_wanted_vm_online(mac), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Could not get wanted online vm')) # wait util get the message we want vm.close() utils.wait_until_true( lambda: self._get_wanted_vm_offline(mac), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Could not get wanted offline vm')) utils.wait_until_none( lambda: utils.get_vm_port(self.nb_api, ip=None, mac=mac), timeout=const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=Exception('Port was not deleted'))
def test_icmp_responder(self): """ Add a VM. Verify the icmp flow is there. """ network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'icmp_responder_test'}) subnet_obj = self.store(objects.SubnetTestObj( self.neutron, self.nb_api, network_id, )) subnet = {'network_id': network_id, 'cidr': '10.10.10.0/24', 'gateway_ip': '10.10.10.1', 'ip_version': 4, 'name': 'arp_responder_test', 'enable_dhcp': True} subnet_id = subnet_obj.create(subnet) flows_before = self._get_l3_lookup_table_flows() router = self.store(objects.RouterTestObj(self.neutron, self.nb_api)) router_id = router.create() subnet_msg = {'subnet_id': subnet_id} interface = self.neutron.add_interface_router(router_id, body=subnet_msg) port_id = interface['port_id'] router_port = self.neutron.list_ports(id=port_id)['ports'][0] router_ip = None for ip in router_port['fixed_ips']: if ip['subnet_id'] == subnet_id: router_ip = ip['ip_address'] break vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) ip = vm.get_first_ipv4() self.assertIsNotNone(ip) flows_middle = self._get_l3_lookup_table_flows() vm.close() router.close() time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT) flows_delta = [flow for flow in flows_middle if flow not in flows_before] self.assertIsNotNone( self._find_icmp_responder_flow_by_ip(flows_delta, router_ip) ) condition = lambda: self._check_icmp_flow_removal(router_ip) try: test_utils.wait_until_true( condition, timeout=test_const.DEFAULT_RESOURCE_READY_TIMEOUT, sleep=1, exception=RuntimeError( "Timed out waiting for icmp responder flow from %(ip)s" " to be removed" % {'ip': router_ip})) except Exception as e: self.assertIsNone(e) finally: network.close()
def test_rule_flows(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'test_network2'}) self.assertTrue(network.exists()) subnet_info = { 'network_id': network_id, 'cidr': '192.168.124.0/24', 'gateway_ip': '192.168.124.1', 'ip_version': 4, 'name': 'test_subnet4', 'enable_dhcp': True } subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) security_group = self.store( objects.SecGroupTestObj(self.neutron, self.nb_api)) security_group_id = security_group.create() self.assertTrue(security_group.exists()) ingress_rule_info = { 'ethertype': 'IPv4', 'direction': 'ingress', 'protocol': 'tcp', 'port_range_min': '80', 'port_range_max': '81', 'remote_ip_prefix': '192.168.124.0/24' } ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info) self.assertTrue(security_group.rule_exists(ingress_rule_id)) egress_rule_info = { 'ethertype': 'IPv4', 'direction': 'egress', 'protocol': '17', 'port_range_min': '53', 'port_range_max': '53', 'remote_group_id': security_group_id } egress_rule_id = security_group.rule_create(secrule=egress_rule_info) self.assertTrue(security_group.rule_exists(egress_rule_id)) vm1 = self.store(objects.VMTestObj(self, self.neutron)) vm1.create(network=network, security_groups=[security_group_id], net_address='192.168.124.8') vm2 = self.store(objects.VMTestObj(self, self.neutron)) vm2.create(network=network, security_groups=[security_group_id], net_address='192.168.124.9') time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT) ovs = utils.OvsFlowsParser() flows = ovs.dump(self.integration_bridge) LOG.info(_LI("flows after adding rules are: %s"), ovs.get_ovs_flows(self.integration_bridge)) # Check if the rule flows were installed. expected_ingress_rule_match = \ "tcp,nw_src=192.168.124.0/24,tp_dst=0x50/0xfffe" expected_egress_rule_match = \ "udp,nw_dst=192.168.124.8/31,tp_dst=53" self._check_rule_flows(flows, expected_ingress_rule_match, expected_egress_rule_match, True) vm1.close() vm2.close()
def test_add_remove_bgp_network(self): bgp_speaker = objects.BGPSpeakerTestObj(self.neutron, self.nb_api) self.addCleanup(bgp_speaker.close) bgp_speaker.create() address_scope = objects.AddressScopeTestObj(self.neutron, self.nb_api) self.addCleanup(address_scope.close) as_id = address_scope.create() private_subnetpool = objects.SubnetPoolTestObj(self.neutron, self.nb_api) self.addCleanup(private_subnetpool.close) private_sp_id = private_subnetpool.create( subnetpool={ 'name': "private_sp", 'default_prefixlen': 24, 'prefixes': ["20.0.0.0/8"], 'address_scope_id': as_id }) public_subnetpool = objects.SubnetPoolTestObj(self.neutron, self.nb_api) self.addCleanup(public_subnetpool.close) public_sp_id = public_subnetpool.create( subnetpool={ 'name': "public_sp", 'default_prefixlen': 24, 'prefixes': ["172.24.4.0/24"], 'address_scope_id': as_id }) public_network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(public_network.close) public_network_id = public_network.create(network={ 'name': 'public', 'router:external': True }) public_subnet = objects.SubnetTestObj(self.neutron, self.nb_api, public_network_id) self.addCleanup(public_subnet.close) public_subnet.create( subnet={ 'ip_version': 4, 'network_id': public_network_id, 'subnetpool_id': public_sp_id }) private_network = objects.NetworkTestObj(self.neutron, self.nb_api) self.addCleanup(private_network.close) private_network_id = private_network.create(network={'name': "public"}) private_subnet = objects.SubnetTestObj(self.neutron, self.nb_api, private_network_id) self.addCleanup(private_subnet.close) private_sn_id = private_subnet.create( subnet={ 'ip_version': 4, 'network_id': private_network_id, 'subnetpool_id': private_sp_id }) bgp_speaker.add_network(public_network_id) router = objects.RouterTestObj(self.neutron, self.nb_api) self.addCleanup(router.close) router_id = router.create() self.neutron.add_interface_router(router_id, body={'subnet_id': private_sn_id}) self.neutron.add_gateway_router(router_id, body={'network_id': public_network_id}) # Finnally, verify the route has been set in nb db. nb_bgp_speaker = bgp_speaker.get_nb_bgp_speaker() self.assertEqual(1, len(nb_bgp_speaker.prefix_routes)) vm = objects.VMTestObj(self, self.neutron) self.addCleanup(vm.close) vm_id = vm.create(network=private_network) vm_port = self.neutron.list_ports(device_id=vm_id).get('ports')[0] vm_port_id = vm_port.get('id') fip = objects.FloatingipTestObj(self.neutron, self.nb_api) self.addCleanup(fip.close) fip.create({ 'floating_network_id': public_network_id, 'port_id': vm_port_id }) fip_addr = fip.get_floatingip().floating_ip_address nb_bgp_speaker = bgp_speaker.get_nb_bgp_speaker() self.assertEqual(1, len(nb_bgp_speaker.host_routes)) self.assertIn( host_route.HostRoute(destination=netaddr.IPNetwork(fip_addr), nexthop='172.24.4.100'), nb_bgp_speaker.host_routes) fip.update({'port_id': None}) nb_bgp_speaker = bgp_speaker.get_nb_bgp_speaker() self.assertFalse(nb_bgp_speaker.host_routes) bgp_speaker.remove_network(public_network_id) nb_bgp_speaker = bgp_speaker.get_nb_bgp_speaker() self.assertFalse(nb_bgp_speaker.prefix_routes)
def test_db_consistent(self): self.db_sync_time = self.conf.db_sync_time network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() topic = network.get_topic() subnet = self.store(objects.SubnetTestObj(self.neutron, self.nb_api, network_id)) subnet_body = {'network_id': network_id, 'cidr': '10.50.0.0/24', 'gateway_ip': '10.50.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True} subnet.create(subnet=subnet_body) time.sleep(constants.DEFAULT_RESOURCE_READY_TIMEOUT) self.assertTrue(network.exists()) self.assertTrue(subnet.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) self.assertIsNotNone(vm.server.addresses['mynetwork']) mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) ovs = utils.OvsFlowsParser() utils.wait_until_true( lambda: self._check_l2_lookup_rule( ovs.dump(self.integration_bridge), mac), timeout=10, sleep=1, exception=Exception('no rule for vm in l2 lookup table') ) net_id = '11111111-1111-1111-1111-111111111111' df_network = l2.LogicalSwitch( id=net_id, topic=topic, name='df_nw1', network_type='vxlan', segmentation_id=4000, is_external=False, mtu=1500, unique_key=1, version=1) df_subnet = l2.Subnet( id='22222222-2222-2222-2222-222222222222', topic=topic, name='df_sn1', enable_dhcp=True, cidr='10.60.0.0/24', dhcp_ip='10.60.0.2', gateway_ip='10.60.0.1') df_network.add_subnet(df_subnet) df_network_json = df_network.to_json() self.nb_api.driver.create_key( 'lswitch', net_id, df_network_json, topic) time.sleep(self.db_sync_time) utils.wait_until_true( lambda: utils.check_dhcp_ip_rule( ovs.dump(self.integration_bridge), '10.60.0.2'), timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1, exception=Exception('no goto dhcp rule for lswitch') ) df_network.version = 2 df_network.subnets[0].dhcp_ip = '10.60.0.3' df_network_json = df_network.to_json() self.nb_api.driver.set_key('lswitch', net_id, df_network_json, topic) time.sleep(self.db_sync_time) utils.wait_until_true( lambda: utils.check_dhcp_ip_rule( ovs.dump(self.integration_bridge), '10.60.0.3'), timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1, exception=Exception('no goto dhcp rule for lswitch') ) self.nb_api.driver.delete_key('lswitch', net_id, topic) time.sleep(self.db_sync_time) utils.wait_until_true( lambda: self._check_no_lswitch_dhcp_rule( ovs.dump(self.integration_bridge), '10.60.0.3'), timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1, exception=Exception('could not delete goto dhcp rule for lswitch') ) vm.close() subnet.close() network.close()
def _test_associating_flows(self, subnet_info): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() self.assertTrue(network.exists()) subnet_info['network_id'] = network_id subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) self.assertTrue(subnet.exists()) security_group = self.store( objects.SecGroupTestObj(self.neutron, self.nb_api)) security_group_id = security_group.create() self.assertTrue(security_group.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network, security_groups=[security_group_id]) addresses = vm.server.addresses['mynetwork'] self.assertIsNotNone(addresses) ip = addresses[0]['addr'] self.assertIsNotNone(ip) mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) port = utils.wait_until_is_and_return( lambda: utils.get_vm_port(self.nb_api, ip, mac), exception=Exception('No port assigned to VM')) tunnel_key = port.unique_key tunnel_key_hex = hex(tunnel_key) of_port = self.vswitch_api.get_port_ofport_by_id(port.id) self.assertIsNotNone(of_port) ovs = utils.OvsFlowsParser() flows_after_change = ovs.dump(self.integration_bridge) # Check if the associating flows were installed. ingress_associating_flow, egress_associating_flow = \ self._find_associating_flows(flows_after_change, tunnel_key_hex) LOG.info( "flows after associating a port and a security group" " are: %s", ovs.get_ovs_flows(self.integration_bridge)) self.assertIsNotNone(ingress_associating_flow) self.assertIsNotNone(egress_associating_flow) vm.close() time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT) flows_after_update = ovs.dump(self.integration_bridge) # Check if the associating flows were removed. ingress_associating_flow, egress_associating_flow = \ self._find_associating_flows(flows_after_update, tunnel_key_hex) self.assertIsNone(ingress_associating_flow) self.assertIsNone(egress_associating_flow)
def test_sending_arp_to_controller_flows(self): """ Add a VM with allowed address pairs configuration. Verify related flows is there. """ if not self.check_app_loaded("active_port_detection"): self.skipTest("ActivePortDetectionApp is not enabled") network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'aap_test'}) subnet_obj = self.store(objects.SubnetTestObj( self.neutron, self.nb_api, network_id, )) subnet = {'network_id': network_id, 'cidr': '192.168.97.0/24', 'gateway_ip': '192.168.97.1', 'ip_version': 4, 'name': 'aap_test', 'enable_dhcp': True} subnet_obj.create(subnet) vm = self.store(objects.VMTestObj(self, self.neutron)) vm_id = vm.create(network=network) vm_port_id = self.vswitch_api.get_port_id_by_vm_id(vm_id) self.assertIsNotNone(vm_port_id) vm_port = objects.PortTestObj(self.neutron, self.nb_api, network_id, vm_port_id) of_port = self.vswitch_api.get_port_ofport_by_id(vm_port_id) self.assertIsNotNone(of_port) vm_lport = vm_port.get_logical_port() self.assertIsNotNone(vm_lport) result = self._check_sending_arp_reply_to_controller_flows( vm_lport.unique_key) self.assertFalse(result) result = self._check_sending_gratuitous_arp_to_controller_flows( vm_lport.unique_key) self.assertFalse(result) ip_address1 = '192.168.97.100' mac_address1 = '1A:22:33:44:55:66' allowed_address_pairs1 = [{'ip_address': ip_address1, 'mac_address': mac_address1}] vm_port.update({'allowed_address_pairs': allowed_address_pairs1}) time.sleep(test_const.DEFAULT_CMD_TIMEOUT) result = self._check_sending_arp_reply_to_controller_flows( vm_lport.unique_key, ip_address1) self.assertTrue(result) result = self._check_sending_gratuitous_arp_to_controller_flows( vm_lport.unique_key, ip_address1) self.assertTrue(result) ip_address2 = '192.168.97.101' allowed_address_pairs2 = [{'ip_address': ip_address2}] vm_port.update({'allowed_address_pairs': allowed_address_pairs2}) time.sleep(test_const.DEFAULT_CMD_TIMEOUT) result = self._check_sending_arp_reply_to_controller_flows( vm_lport.unique_key, ip_address1) self.assertFalse(result) result = self._check_sending_gratuitous_arp_to_controller_flows( vm_lport.unique_key, ip_address1) self.assertFalse(result) result = self._check_sending_arp_reply_to_controller_flows( vm_lport.unique_key, ip_address2) self.assertTrue(result) result = self._check_sending_gratuitous_arp_to_controller_flows( vm_lport.unique_key, ip_address2) self.assertTrue(result) vm.close() time.sleep(test_const.DEFAULT_CMD_TIMEOUT) result = self._check_sending_arp_reply_to_controller_flows( vm_lport.unique_key, ip_address2) self.assertFalse(result) result = self._check_sending_gratuitous_arp_to_controller_flows( vm_lport.unique_key, ip_address2) self.assertFalse(result) network.close()
def test_rule_flows(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'test_network2'}) self.assertTrue(network.exists()) subnet_info = { 'network_id': network_id, 'cidr': '192.168.124.0/24', 'gateway_ip': '192.168.124.1', 'ip_version': 4, 'name': 'test_subnet4', 'enable_dhcp': True } subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) security_group = self.store( objects.SecGroupTestObj(self.neutron, self.nb_api)) security_group_id = security_group.create() self.assertTrue(security_group.exists()) ingress_rule_info = { 'ethertype': 'IPv4', 'direction': 'ingress', 'protocol': 'tcp', 'port_range_min': '8000', 'port_range_max': '8100', 'remote_ip_prefix': '192.168.124.0/24' } ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info) self.assertTrue(security_group.rule_exists(ingress_rule_id)) egress_rule_info = { 'ethertype': 'IPv4', 'direction': 'egress', 'protocol': '17', 'port_range_min': '53', 'port_range_max': '53', 'remote_group_id': security_group_id } egress_rule_id = security_group.rule_create(secrule=egress_rule_info) self.assertTrue(security_group.rule_exists(egress_rule_id)) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network, security_groups=[security_group_id]) time.sleep(utils.DEFAULT_CMD_TIMEOUT) ovs = utils.OvsFlowsParser() flows_after_change = ovs.dump() LOG.info(_LI("flows after adding rules are: %s"), ovs.get_ovs_flows()) # Check if the rule flows were installed. self._check_rule_flows(flows_after_change, True) vm.server.stop() vm.close()
def test_associating_flows(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create(network={'name': 'test_network1'}) self.assertTrue(network.exists()) subnet_info = { 'network_id': network_id, 'cidr': '192.168.123.0/24', 'gateway_ip': '192.168.123.1', 'ip_version': 4, 'name': 'test_subnet1', 'enable_dhcp': True } subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) self.assertTrue(subnet.exists()) security_group = self.store( objects.SecGroupTestObj(self.neutron, self.nb_api)) security_group_id = security_group.create() self.assertTrue(security_group.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network, security_groups=[security_group_id]) addresses = vm.server.addresses['test_network1'] self.assertIsNotNone(addresses) ip = addresses[0]['addr'] self.assertIsNotNone(ip) mac = addresses[0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) port = utils.wait_until_is_and_return( lambda: self._get_vm_port(ip, mac), exception=Exception('No port assigned to VM')) tunnel_key = port.get_tunnel_key() tunnel_key_hex = hex(tunnel_key) of_port = self._get_of_port(port.get_id()) self.assertIsNotNone(of_port) ovs = utils.OvsFlowsParser() flows_after_change = ovs.dump() # Check if the associating flows were installed. ingress_associating_flow, egress_associating_flow = \ self._find_associating_flows(flows_after_change, of_port, tunnel_key_hex) LOG.info( _LI("flows after associating a port and a security group" " are: %s"), ovs.get_ovs_flows()) self.assertIsNotNone(ingress_associating_flow) self.assertIsNotNone(egress_associating_flow) vm.server.stop() vm.close() time.sleep(utils.DEFAULT_CMD_TIMEOUT) flows_after_update = ovs.dump() # Check if the associating flows were removed. ingress_associating_flow, egress_associating_flow = \ self._find_associating_flows(flows_after_update, of_port, tunnel_key_hex) self.assertIsNone(ingress_associating_flow) self.assertIsNone(egress_associating_flow)
def _test_rule_flows(self, subnet_info): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() self.assertTrue(network.exists()) cidr = subnet_info['cidr'] network_obj = netaddr.IPNetwork(cidr) ethertype = utils.ip_version_to_ethertype(subnet_info['ip_version']) gateway_ip = network_obj[1] subnet_info['gateway_ip'] = gateway_ip subnet_info['network_id'] = network_id subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create(subnet_info) security_group = self.store( objects.SecGroupTestObj(self.neutron, self.nb_api)) security_group_id = security_group.create() self.assertTrue(security_group.exists()) ingress_rule_info = { 'ethertype': ethertype, 'direction': 'ingress', 'protocol': 'tcp', 'port_range_min': '80', 'port_range_max': '81', 'remote_ip_prefix': cidr } ingress_rule_id = security_group.rule_create(secrule=ingress_rule_info) self.assertTrue(security_group.rule_exists(ingress_rule_id)) egress_rule_info = { 'ethertype': ethertype, 'direction': 'egress', 'protocol': 'udp', 'port_range_min': '53', 'port_range_max': '53', 'remote_group_id': security_group_id } egress_rule_id = security_group.rule_create(secrule=egress_rule_info) self.assertTrue(security_group.rule_exists(egress_rule_id)) # Get addresses for VMs vm1_ip = network_obj[4] vm2_ip = network_obj[5] vm1 = self.store(objects.VMTestObj(self, self.neutron)) vm1.create(network=network, security_groups=[security_group_id], net_address=vm1_ip) vm2 = self.store(objects.VMTestObj(self, self.neutron)) vm2.create(network=network, security_groups=[security_group_id], net_address=vm2_ip) time.sleep(test_const.DEFAULT_RESOURCE_READY_TIMEOUT) ovs = utils.OvsFlowsParser() flows = ovs.dump(self.integration_bridge) LOG.info("flows after adding rules are: %s", ovs.get_ovs_flows(self.integration_bridge)) # Check if the rule flows were installed. if ethertype == n_const.IPv4: expected_ingress_match = "tcp,nw_src={}".format(network_obj) elif ethertype == n_const.IPv6: expected_ingress_match = "tcp6,ipv6_src={}".format(network_obj) expected_ingress_match += ",tp_dst=0x50/0xfffe" # Calculate vm1, vm2 network vms_ip_set = netaddr.IPSet([vm1_ip, vm2_ip]) vms_ip_set.compact() if ethertype == n_const.IPv4: expected_egress_match = "udp,nw_dst={}".format(vms_ip_set.pop()) elif ethertype == n_const.IPv6: expected_egress_match = "udp6,ipv6_dst={}".format(vms_ip_set.pop()) expected_egress_match += ",tp_dst=53" self._check_rule_flows(flows, expected_ingress_match, expected_egress_match, True) vm1.close() vm2.close()
def test_port_with_qospolicy(self): network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() self.assertTrue(network.exists()) subnet = self.store( objects.SubnetTestObj(self.neutron, self.nb_api, network_id=network_id)) subnet.create() self.assertTrue(subnet.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm_id = vm.create(network=network) vm_port_id = self.vswitch_api.get_port_id_by_vm_id(vm_id) self.assertIsNotNone(vm_port_id) port = objects.PortTestObj(self.neutron, self.nb_api, network_id, vm_port_id) qospolicy = self.store( objects.QosPolicyTestObj(self.neutron, self.nb_api)) qos_policy_id = qospolicy.create() time.sleep(const.DEFAULT_CMD_TIMEOUT) self.assertTrue(qospolicy.exists()) qospolicy.create_rule(qos_policy_id, { 'max_kbps': '1000', 'max_burst_kbps': '100' }, 'bandwidth_limit') qospolicy.create_rule(qos_policy_id, {'dscp_mark': '10'}, 'dscp_marking') port_param = {'qos_policy_id': qos_policy_id} port.update(port_param) time.sleep(const.DEFAULT_CMD_TIMEOUT) logical_port = port.get_logical_port() self.assertEqual(qos_policy_id, logical_port.qos_policy.id) check_columns = {'ingress_policing_rate', 'ingress_policing_burst'} interface = \ self.vswitch_api.get_interface_by_id_with_specified_columns( vm_port_id, check_columns) self.assertIsNotNone(interface) self.assertEqual(1000, interface.get('ingress_policing_rate')) self.assertEqual(100, interface.get('ingress_policing_burst')) queue = self.vswitch_api.get_queue_info_by_port_id(vm_port_id) self.assertIsNotNone(queue) self.assertEqual(queue['other_config']['max-rate'], '1024000') self.assertEqual(queue['other_config']['min-rate'], '1024000') self.assertEqual(queue['dscp'], 10) qos = self.vswitch_api.get_qos_info_by_port_id(vm_port_id) self.assertIsNotNone(qos) self.assertEqual(qos['queues'][0].uuid, queue['_uuid']) ovs_port = self.vswitch_api.get_ovs_port_by_id_with_specified_columns( vm_port_id, {'qos'}) self.assertIsNotNone(ovs_port) self.assertEqual(ovs_port['qos'], qos['_uuid']) vm.close() time.sleep(const.DEFAULT_CMD_TIMEOUT) queue = self.vswitch_api.get_queue_info_by_port_id(vm_port_id) self.assertIsNone(queue) qos = self.vswitch_api.get_qos_info_by_port_id(vm_port_id) self.assertIsNone(qos)
def test_db_consistent(self): self.db_sync_time = self.conf.db_sync_time network = self.store(objects.NetworkTestObj(self.neutron, self.nb_api)) network_id = network.create() self.addCleanup(network.close) topic = network.get_topic() subnet = self.store(objects.SubnetTestObj(self.neutron, self.nb_api, network_id)) subnet_body = {'network_id': network_id, 'cidr': '10.50.0.0/24', 'gateway_ip': '10.50.0.1', 'ip_version': 4, 'name': 'private', 'enable_dhcp': True} subnet.create(subnet=subnet_body) self.addCleanup(subnet.close) time.sleep(constants.DEFAULT_RESOURCE_READY_TIMEOUT) self.assertTrue(network.exists()) self.assertTrue(subnet.exists()) vm = self.store(objects.VMTestObj(self, self.neutron)) vm.create(network=network) self.addCleanup(vm.close) self.assertIsNotNone(vm.server.addresses['mynetwork']) mac = vm.server.addresses['mynetwork'][0]['OS-EXT-IPS-MAC:mac_addr'] self.assertIsNotNone(mac) ovs = utils.OvsFlowsParser() utils.wait_until_true( lambda: self._check_l2_lookup_rule( ovs.dump(self.integration_bridge), mac), timeout=10, sleep=1, exception=Exception('no rule for vm in l2 lookup table') ) net_id = '11111111-1111-1111-1111-111111111111' df_network = l2.LogicalSwitch( id=net_id, topic=topic, name='df_nw1', network_type='vxlan', segmentation_id=4000, is_external=False, mtu=1500, unique_key=1, version=1) df_network_json = df_network.to_json() self.nb_api.driver.create_key(l2.LogicalSwitch.table_name, net_id, df_network_json, topic) self.addCleanup(self.nb_api.driver.delete_key, 'lswitch', net_id, topic) subnet_id = '22222222-2222-2222-2222-222222222222' df_subnet = l2.Subnet( id=subnet_id, topic=topic, name='df_sn1', enable_dhcp=True, cidr='10.60.0.0/24', dhcp_ip='10.60.0.2', gateway_ip='10.60.0.1', version=1, lswitch=net_id) self.nb_api.driver.create_key(l2.Subnet.table_name, subnet_id, df_subnet.to_json(), topic) self.addCleanup(self.nb_api.driver.delete_key, l2.Subnet.table_name, subnet_id, topic) port_id = '33333333-2222-2222-2222-222222222222,' dhcp_port = l2.LogicalPort( topic=topic, name='df_dhcp1', macs=['aa:bb:cc:dd:ee:ff'], id=port_id, ips=['10.60.0.2'], subnets=[df_subnet.id], device_owner=n_const.DEVICE_OWNER_DHCP, lswitch=df_network.id, unique_key=1 ).to_json() self.nb_api.driver.create_key( 'lport', port_id, dhcp_port, topic) df_net_unique_key = df_network.unique_key time.sleep(self.db_sync_time) utils.wait_until_true( lambda: utils.check_dhcp_network_rule( ovs.dump(self.integration_bridge), df_net_unique_key), timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1, exception=Exception('no goto dhcp rule for lswitch') ) self.nb_api.driver.delete_key('lport', port_id, topic) time.sleep(self.db_sync_time) utils.wait_until_true( lambda: self._check_no_lswitch_dhcp_rule( ovs.dump(self.integration_bridge), df_net_unique_key), timeout=self.db_sync_time + constants.DEFAULT_CMD_TIMEOUT, sleep=1, exception=Exception('could not delete goto dhcp rule for lswitch') )