def runTest(self):
acl_cfg = {}
acl_cfg['device-id'] = [cfg.leaf0['id']]
acl = ACL(acl_cfg)
actual_device = acl.delete_deviceById(cfg.leaf0['id'])
time.sleep(2)
actual_device = acl.delete_deviceById(cfg.leaf1['id'])
time.sleep(2)
actual_device = acl.delete_deviceById(cfg.spine0['id'])
time.sleep(2)
actual_device = acl.get_device()
#print("debug acl device status1:", actual_device)
acl_cfg['data'] = {
"ports": [1],
"direction": "true",
"action": "permit",
"mac": {
"srcMac": "11:11:11:11:11:11",
"srcMacMask": "FF:FF:FF:FF:FF:FF"
}
}
actual_device = acl.build()
time.sleep(5)
acl_cfg['device-id'] = [cfg.leaf0['id']]
acl_cfg['data'] = {
"ports": [2],
"direction": "true",
"action": "permit",
"mac": {
"dstMac": "22:22:22:22:22:22",
"dstMacMask": "FF:FF:FF:FF:FF:FF"
}
}
actual_device = acl.build()
time.sleep(2)
acl_cfg['device-id'] = [cfg.leaf1['id']]
acl_cfg['data'] = {
"ports": [1],
"direction": "true",
"action": "permit",
"mac": {
"srcMac": "11:11:11:11:11:11",
"srcMacMask": "FF:FF:FF:FF:FF:FF"
}
}
actual_device = acl.build()
time.sleep(5)
acl_cfg['device-id'] = [cfg.leaf1['id']]
acl_cfg['data'] = {
"ports": [2],
"direction": "true",
"action": "permit",
"mac": {
"dstMac": "22:22:22:22:22:22",
"dstMacMask": "FF:FF:FF:FF:FF:FF"
}
}
actual_device = acl.build()
time.sleep(2)
#print("debug:==============================")
actual_device = acl.get_deviceById(cfg.leaf0['id'])
#print("debug actual_device1:", actual_device)
assert (2 == len(actual_device)), "Acl rule len != 2 fail on device 1"
#print("debug:==============================")
actual_device = acl.get_deviceById(cfg.leaf1['id'])
#print("debug actual_device2:", actual_device)
assert (2 == len(actual_device)), "Acl rule len != 2 fail on device 2"
acl.delete_deviceById(cfg.leaf0['id'])
time.sleep(2)
actual_device = acl.get_deviceById(cfg.leaf0['id'])
#print("debug actual_device3:", actual_device)
assert (0 == len(actual_device)), "Acl rule len != 0 fail on device 1"
acl.delete_deviceById(cfg.leaf1['id'])
time.sleep(2)
actual_device = acl.get_deviceById(cfg.leaf1['id'])
#print("debug actual_device4:", actual_device)
assert (0 == len(actual_device)), "Acl rule len != 0 fail on device 2"
def runTest(self):
ports = sorted(config["port_map"].keys())
acl_cfg = {}
acl_cfg['device-id'] = [cfg.leaf0['id']]
acl = ACL(acl_cfg)
actual_device = acl.delete_deviceById(cfg.leaf0['id'])
time.sleep(2)
actual_device = acl.delete_deviceById(cfg.leaf1['id'])
time.sleep(2)
actual_device = acl.delete_deviceById(cfg.spine0['id'])
time.sleep(2)
actual_device = acl.get_device()
#print("debug acl device status1:", actual_device)
acl_cfg['data'] = {
"ports": [2],
"direction": "false",
"action": "deny",
"mac": {
"etherType": "0806",
"etherTypeMask": "FFFF"
}
}
actual_device = acl.build()
time.sleep(5)
#print("debug host0:", cfg.host0)
#print("debug ports:", ports)
cfg.host0['ip'] = '192.168.100.1'
cfg.host1['ip'] = '192.168.100.2'
pkt_from_p0_to_p1 = simple_arp_packet(pktlen=60,
eth_dst='ff:ff:ff:ff:ff:ff',
eth_src=cfg.host0['mac'],
vlan_vid=0,
vlan_pcp=0,
arp_op=1,
ip_snd=cfg.host0['ip'],
ip_tgt=cfg.host1['ip'],
hw_snd=cfg.host0['mac'],
hw_tgt='00:00:00:00:00:00')
expected_pkt = pkt_from_p0_to_p1
#print("debug: =======expect pkt_from_p0_to_p1 =======")
for i in range(5):
self.dataplane.send(ports[0], str(pkt_from_p0_to_p1))
wait_for_seconds(1)
verify_no_packet(self, str(expected_pkt), ports[1])
#print("debug: ", str(expected_pkt), ports[1])
acl_cfg['device-id'] = [cfg.leaf0['id']]
acl_cfg['data'] = {
"ports": [1],
"direction": "false",
"action": "permit",
"mac": {
"etherType": "0806",
"etherTypeMask": "FFFF"
}
}
actual_device = acl.build()
time.sleep(2)
#print("debug:==============================")
pkt_from_p1_to_p0 = simple_arp_packet(pktlen=60,
eth_dst='ff:ff:ff:ff:ff:ff',
eth_src=cfg.host1['mac'],
vlan_vid=0,
vlan_pcp=0,
arp_op=1,
ip_snd=cfg.host0['ip'],
ip_tgt=cfg.host1['ip'],
hw_snd=cfg.host1['mac'],
hw_tgt='00:00:00:00:00:00')
expected_pkt = pkt_from_p1_to_p0
#print("debug: =======expect pkt_from_p1_to_p0 =======")
for i in range(5):
self.dataplane.send(ports[1], str(pkt_from_p1_to_p0))
wait_for_seconds(1)
verify_packet(self, str(expected_pkt), ports[0])