def test1(self):
vn1 = self.create_vn(vn_name=get_random_name('vn1'),
vn_subnets=get_random_cidrs('dual'),
option='quantum')
vn2 = self.create_vn(vn_name=get_random_name('vn2'),
vn_subnets=get_random_cidrs('v4'),
option='contrail')
vn1.verify_on_setup()
vn2.verify_on_setup()
return True
def _check_subnets(self, subnets, empty_vn):
af = self.inputs.get_af()
if not subnets and not empty_vn:
subnets = get_random_cidrs(stack=af)
#Force add v6 subnet for dual stack when only v4 subnet is passed
if af == 'dual' and subnets and get_af_from_cidrs(
cidrs=subnets) == 'v4':
subnets.extend(get_random_cidrs(stack='v6'))
#Force add v4 subnet when only v6 subnet is passed
if subnets and get_af_from_cidrs(cidrs=subnets) == 'v6':
subnets.extend(get_random_cidrs(stack='v4'))
return subnets
def test1(self):
vn1 = self.create_vn(vn_name='vn1',
vn_subnets=get_random_cidrs('dual'),
option='quantum')
vn2 = self.create_vn(vn_name='vn2',
vn_subnets=get_random_cidrs('v4'),
option='contrail')
rule1 = {
'direction': '<>',
'protocol': 'icmp',
'simple_action': 'pass',
'source_network': 'vn1',
'dest_network': 'vn2',
}
rule2 = {
'direction': '<>',
'protocol': 'udp',
'simple_action': 'pass',
'source_network': 'vn1',
'dest_network': 'vn2',
'src_ports': (80, 100),
'dst_ports': (10, 20),
}
icmp = self.useFixture(
PolicyFixture(
policy_name='pol1',
connections=self.connections,
rules_list=[rule1],
api=True,
))
udp = self.useFixture(
PolicyFixture(policy_name='pol2',
connections=self.connections,
rules_list=[rule2]))
vn1.bind_policies([icmp.fq_name, udp.fq_name])
vn2.bind_policies([icmp.fq_name, udp.fq_name])
icmp.verify_on_setup()
udp.verify_on_setup()
vn1.verify_on_setup()
vn2.verify_on_setup()
vn1.unbind_policies()
vn2.unbind_policies()
return True
def test_sec_group_add_delete(self):
"""
Description: Verify security group add delete
Steps:
1. Create custom security group with rule in it
2. Delete custom security group
Pass criteria: Step 1 and 2 should pass
"""
(prefix, prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{'direction': '>',
'protocol': 'tcp',
'dst_addresses': [{'subnet': {'ip_prefix': prefix,
'ip_prefix_len': prefix_len}}],
'dst_ports': [{'start_port': 8000, 'end_port': 8000}],
'src_ports': [{'start_port': 9000, 'end_port': 9000}],
'src_addresses': [{'security_group': 'local'}],
}]
secgrp_fix = self.config_sec_group(name='test_sec_group', entries=rule)
self.delete_sec_group(secgrp_fix)
return True
def test1 (self):
hosts = self.connections.orch.get_hosts()
zones = self.connections.orch.get_zones()
vn1 = self.create_vn(vn_name=get_random_name('vn1'),
vn_subnets=get_random_cidrs('dual'),
option='quantum')
#Create with only host name
vm1 = self.create_vm(vn_fixture=vn1, vm_name=get_random_name('vm1'),
node_name=hosts[0])
#Create with only zone
vm2 = self.create_vm(vn_fixture=vn1, vm_name=get_random_name('vm2'),
zone=zones[0])
#Create with both zone and host name and fixed ip
fixed_ip = get_an_ip(vn1.subnets[0], offset=10)
vm3 = self.create_vm(vn_fixture=vn1, vm_name=get_random_name('vm3'),
zone=zones[0], node_name=hosts[0], fixed_ips=[fixed_ip])
vn1.verify_on_setup()
vm1.verify_on_setup()
vm2.verify_on_setup()
vm3.verify_on_setup()
return True
def test_vm_with_sec_group(self):
"""
Description: Verify attach dettach security group in VM
Steps:
1. Create VN with subnet
2. Create security group with custom rules
3. Launch VM in custom created security group and verify
4. Remove secuity group association with VM
5. Add back custom security group to VM and verify
6. Try to delete security group with association to VM. It should fail.
Pass criteria: Step 2,3,4,5 and 6 should pass
"""
vn_name = get_random_name("test_sec_vn")
vn_net = get_random_cidrs(self.inputs.get_af())
vn = self.useFixture(VNFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_name=vn_name, inputs=self.inputs, subnets=vn_net))
assert vn.verify_on_setup()
secgrp_name = get_random_name('test_sec_group')
(prefix, prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{'direction': '>',
'protocol': 'tcp',
'dst_addresses': [{'subnet': {'ip_prefix': prefix,
'ip_prefix_len': prefix_len}}],
'dst_ports': [{'start_port': 8000, 'end_port': 8000}],
'src_ports': [{'start_port': 9000, 'end_port': 9000}],
'src_addresses': [{'security_group': 'local'}],
}]
secgrp = self.config_sec_group(name=secgrp_name, entries=rule)
secgrp_id = secgrp.secgrp_id
vm_name = get_random_name("test_sec_vm")
img_name = os.environ['ci_image'] if os.environ.has_key('ci_image') else 'ubuntu-traffic'
vm = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn.obj, vm_name=vm_name, image_name=img_name, flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
assert vm.verify_on_setup()
assert vm.wait_till_vm_is_up()
result, msg = vm.verify_security_group(secgrp_name)
assert result, msg
self.logger.info("Remove security group %s from VM %s",
secgrp_name, vm_name)
vm.remove_security_group(secgrp=secgrp_id)
result, msg = vm.verify_security_group(secgrp_name)
if result:
assert False, "Security group %s is not removed from VM %s" % (secgrp_name,
vm_name)
import time
time.sleep(4)
vm.add_security_group(secgrp=secgrp_id)
result, msg = vm.verify_security_group(secgrp_name)
assert result, msg
self.logger.info(
"Try deleting the security group %s with back ref.", secgrp_name)
try:
if secgrp.option == 'openstack':
secgrp.quantum_h.delete_security_group(secgrp.secgrp_id)
else:
secgrp.secgrp_fix.cleanUp()
except Exception, msg:
self.logger.info(msg)
self.logger.info(
"Not able to delete the security group with back ref as expected")
def test_sec_group_basic(self):
"""
Description: Test basic SG features
1. Security group create and delete
2. Create security group with custom rules and then update it for tcp
3. Launch VM with custom created security group and verify
4. Remove secuity group association with VM
5. Add back custom security group to VM and verify
6. Try to delete security group with association to VM. It should fail.
7. Test with ping, which should fail
8. Test with TCP which should pass
9. Update the rules to allow icmp, ping should pass now.
"""
secgrp_name = get_random_name('test_sec_group')
(prefix,
prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{
'direction':
'>',
'protocol':
'udp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 8000,
'end_port': 8000
}],
'src_ports': [{
'start_port': 9000,
'end_port': 9000
}],
'src_addresses': [{
'security_group': 'local'
}],
}]
#Create the SG
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
#Delete the SG
self.delete_sec_group(sg_fixture)
#Create SG again and update the rules
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
secgrp_id = sg_fixture.secgrp_id
vn_net = get_random_cidrs(self.inputs.get_af())
(prefix, prefix_len) = vn_net[0].split('/')
rule = [{
'protocol':
'tcp',
'dst_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_addresses': [{
'security_group': 'local'
}],
}, {
'protocol':
'tcp',
'src_addresses': [{
'subnet': {
'ip_prefix': prefix,
'ip_prefix_len': prefix_len
}
}],
'dst_ports': [{
'start_port': 0,
'end_port': -1
}],
'src_ports': [{
'start_port': 0,
'end_port': -1
}],
'dst_addresses': [{
'security_group': 'local'
}],
}]
#Update the rules
sg_fixture.replace_rules(rule)
#Create VN and VMs
vn_fixture = self.useFixture(
VNFixture(project_name=self.inputs.project_name,
connections=self.connections,
inputs=self.inputs,
subnets=vn_net))
assert vn_fixture.verify_on_setup()
img_name = self.inputs.get_ci_image() or 'ubuntu-traffic'
#cannot use set_security_group in vro ,so remove default sg before adding new sg
if self.inputs.vro_based:
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small'))
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small'))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
vm1_fixture.remove_security_group(secgrp='default')
vm2_fixture.remove_security_group(secgrp='default')
vm1_fixture.add_security_group(secgrp_id)
vm2_fixture.add_security_group(secgrp_id)
else:
vm1_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
vm2_fixture = self.useFixture(
VMFixture(project_name=self.inputs.project_name,
connections=self.connections,
vn_obj=vn_fixture.obj,
image_name=img_name,
flavor='contrail_flavor_small',
sg_ids=[secgrp_id]))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Remove secuity group association with VM and verify
self.logger.info("Remove security group %s from VM %s", secgrp_name,
vm1_fixture.vm_name)
vm1_fixture.remove_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
if result:
assert False, "Security group %s is not removed from VM %s" % (
secgrp_name, vm1_fixture.vm_name)
#Add back security group to VM and verify
vm1_fixture.add_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Try to delete security group with back ref
self.logger.info("Try deleting the security group %s with back ref.",
secgrp_name)
try:
if sg_fixture.option == 'openstack':
sg_fixture.quantum_h.delete_security_group(
sg_fixture.secgrp_id)
else:
sg_fixture.cleanUp()
except Exception, msg:
self.logger.info(msg)
self.logger.info(
"Not able to delete the security group with back ref as expected"
)
def test_sec_group_basic(self):
"""
Description: Test basic SG features
1. Security group create and delete
2. Create security group with custom rules and then update it for tcp
3. Launch VM with custom created security group and verify
4. Remove secuity group association with VM
5. Add back custom security group to VM and verify
6. Try to delete security group with association to VM. It should fail.
7. Test with ping, which should fail
8. Test with TCP which should pass
9. Update the rules to allow icmp, ping should pass now.
"""
secgrp_name = get_random_name('test_sec_group')
(prefix, prefix_len) = get_random_cidrs(self.inputs.get_af())[0].split('/')
prefix_len = int(prefix_len)
rule = [{'direction': '>',
'protocol': 'udp',
'dst_addresses': [{'subnet': {'ip_prefix': prefix,
'ip_prefix_len': prefix_len}}],
'dst_ports': [{'start_port': 8000, 'end_port': 8000}],
'src_ports': [{'start_port': 9000, 'end_port': 9000}],
'src_addresses': [{'security_group': 'local'}],
}]
#Create the SG
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
#Delete the SG
self.delete_sec_group(sg_fixture)
#Create SG again and update the rules
sg_fixture = self.config_sec_group(name=secgrp_name, entries=rule)
secgrp_id = sg_fixture.secgrp_id
vn_net = get_random_cidrs(self.inputs.get_af())
(prefix, prefix_len) = vn_net[0].split('/')
rule = [{'protocol': 'tcp',
'dst_addresses': [{'subnet': {'ip_prefix': prefix,
'ip_prefix_len': prefix_len}}],
'dst_ports': [{'start_port': 0, 'end_port': -1}],
'src_ports': [{'start_port': 0, 'end_port': -1}],
'src_addresses': [{'security_group': 'local'}],
},
{'protocol': 'tcp',
'src_addresses': [{'subnet': {'ip_prefix': prefix,
'ip_prefix_len': prefix_len}}],
'dst_ports': [{'start_port': 0, 'end_port': -1}],
'src_ports': [{'start_port': 0, 'end_port': -1}],
'dst_addresses': [{'security_group': 'local'}],
}]
#Update the rules
sg_fixture.replace_rules(rule)
#Create VN and VMs
vn_fixture = self.useFixture(VNFixture(
project_name=self.inputs.project_name, connections=self.connections,
inputs=self.inputs, subnets=vn_net))
assert vn_fixture.verify_on_setup()
img_name = self.inputs.get_ci_image() or 'ubuntu-traffic'
#cannot use set_security_group in vro ,so remove default sg before adding new sg
if self.inputs.vro_based:
vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn_fixture.obj, image_name=img_name, flavor='contrail_flavor_small'))
vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn_fixture.obj, image_name=img_name, flavor='contrail_flavor_small'))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
vm1_fixture.remove_security_group(secgrp='default')
vm2_fixture.remove_security_group(secgrp='default')
vm1_fixture.add_security_group(secgrp_id)
vm2_fixture.add_security_group(secgrp_id)
else:
vm1_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn_fixture.obj, image_name=img_name, flavor='contrail_flavor_small',sg_ids=[secgrp_id]))
vm2_fixture = self.useFixture(VMFixture(
project_name=self.inputs.project_name, connections=self.connections,
vn_obj=vn_fixture.obj, image_name=img_name, flavor='contrail_flavor_small',sg_ids=[secgrp_id]))
assert vm1_fixture.verify_on_setup()
assert vm1_fixture.wait_till_vm_is_up()
assert vm2_fixture.verify_on_setup()
assert vm2_fixture.wait_till_vm_is_up()
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Remove secuity group association with VM and verify
self.logger.info("Remove security group %s from VM %s",
secgrp_name, vm1_fixture.vm_name)
vm1_fixture.remove_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
if result:
assert False, "Security group %s is not removed from VM %s" % (secgrp_name,
vm1_fixture.vm_name)
#Add back security group to VM and verify
vm1_fixture.add_security_group(secgrp=secgrp_id)
result, msg = vm1_fixture.verify_security_group(secgrp_name)
assert result, msg
#Try to delete security group with back ref
self.logger.info(
"Try deleting the security group %s with back ref.", secgrp_name)
try:
if sg_fixture.option == 'openstack':
sg_fixture.quantum_h.delete_security_group(sg_fixture.secgrp_id)
else:
sg_fixture.cleanUp()
except Exception, msg:
self.logger.info(msg)
self.logger.info(
"Not able to delete the security group with back ref as expected")
def test_ecmp_with_static_routes(self):
"""
Description: Verify disabling policy for ECMP routes with static routes on VM
Steps:
1. launch 1 VN and launch 3 VMs in it.
2. create a static route for a new subnet prefix and add this on 2 VMIs.
this will create 2 ECMP routes.
3. Disable the policy on all VMIs.
4. Now from 3rd VM send traffic to an IP from static route prefix
5. add new ECMP destinations and verify load is distributed to new destinations too
6. remove ECMP destinations and verify load is distributed to remaining destinations
Pass criteria:
1. traffic should go through fine
2. flows should not be created
3. load should be distributed among ecmp routes.
"""
compute_hosts = self.orch.get_hosts()
if len(compute_hosts) < 2:
raise self.skipTest("Skipping test case,\
this test needs atleast 2 compute nodes")
vn_fixtures = self.create_vns(count=1)
self.verify_vns(vn_fixtures)
vn1_fixture = vn_fixtures[0]
prefix_list = get_random_cidrs(self.inputs.get_af())
assert prefix_list, "Unable to get a random CIDR"
#Launch sender on first node and ECMP dest VMs on another node
image = 'ubuntu-traffic'
vm1_fixture = self.create_vms(vn_fixture= vn1_fixture,count=1,
node_name=compute_hosts[0], image_name=image)
vm_fixtures = self.create_vms(vn_fixture= vn1_fixture,count=2,
node_name=compute_hosts[1], image_name=image)
#Launch 1 extra VM, to be used for new ECMP routes later
vm4_fixture = self.create_vms(vn_fixture= vn1_fixture, count=1,
node_name=compute_hosts[0], image_name=image)[0]
self.verify_vms(vm_fixtures)
self.verify_vms(vm1_fixture)
vm1_fixture = vm1_fixture[0]
vm2_fixture = vm_fixtures[0]
vm3_fixture = vm_fixtures[1]
#Add static routes, which will create ECMP routes
static_ip_dict = {}
for prefix in prefix_list:
static_ip_dict[prefix] = self.add_static_routes_on_vms(prefix,
[vm2_fixture, vm3_fixture])
#Disable the policy on all the VMIs
self.disable_policy_for_vms([vm1_fixture])
self.disable_policy_for_vms(vm_fixtures)
for prefix in prefix_list:
assert self.verify_ecmp_routes([vm2_fixture,vm3_fixture], prefix)
assert self.verify_traffic_for_ecmp(vm1_fixture,
[vm2_fixture,vm3_fixture], static_ip_dict[prefix])
self.verify_vms([vm4_fixture])
self.disable_policy_for_vms([vm4_fixture])
#Add new ECMP destination and verify load is distributed to new destinations
for prefix in prefix_list:
self.add_static_routes_on_vms(prefix,
[vm4_fixture],
ip=static_ip_dict[prefix])
self.delete_vms([vm2_fixture])
for prefix in prefix_list:
assert self.verify_ecmp_routes([vm3_fixture,vm4_fixture], prefix)
assert self.verify_traffic_for_ecmp(vm1_fixture,
[vm3_fixture, vm4_fixture],
static_ip_dict[prefix])
def __init__(self, domain= 'default-domain', project= 'admin',
compute_node_list= None, username= None, password= None,
config_option='openstack', af_test='v4'):
self.af_test = af_test
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2', 'vnet3', 'vnet4']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet3_subnets = get_random_cidrs(self.af_test)
self.vnet4_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
self.vnet3_prefix = self.vnet3_subnets[0].split('/')[0]
self.vnet3_prefix_len = int(self.vnet3_subnets[0].split('/')[1])
self.vnet4_prefix = self.vnet4_subnets[0].split('/')[0]
self.vnet4_prefix_len = int(self.vnet4_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets,
'vnet2': self.vnet2_subnets,
'vnet3': self.vnet3_subnets,
'vnet4': self.vnet4_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix,
self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet2_prefix,
self.vnet2_prefix_len))]))],
'vnet3': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet3_prefix,
self.vnet3_prefix_len))]))],
'vnet4': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet4_prefix,
self.vnet4_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0', 'policy1', 'policy100']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0'],'vnet3':['policy0'],'vnet4':['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet1', 'vm4': 'vnet2', 'vm5': 'vnet2',
'vm6': 'vnet3', 'vm7': 'vnet3', 'vm8': 'vnet3', 'vm9': 'vnet4', 'vm10': 'vnet4','vm11':'vnet4','vm12':'vnet3'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
if compute_node_list is not None:
if len(compute_node_list) == 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN1', 'vm4':'CN0', 'vm5':'CN1',
'vm6':'CN0', 'vm7':'CN0', 'vm8':'CN1', 'vm9':'CN0', 'vm10':'CN1','vm11':'CN0','vm12':'CN1'}
elif len(compute_node_list) > 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN2', 'vm4':'CN0', 'vm5':'CN1', 'vm6':'CN0',
'vm7':'CN0', 'vm8':'CN2', 'vm9':'CN0', 'vm10':'CN1', 'vm11':'CN0','vm12':'CN1'}
#Logic to create a vm to Compute node mapping.
if self.vm_node_map:
CN = []
for cn in self.vm_node_map.keys():
if self.vm_node_map[cn] not in CN:
CN.append(self.vm_node_map[cn])
my_node_dict = {}
if compute_node_list is not None:
if len(compute_node_list) >= len(CN):
my_node_dict = dict(zip(CN, compute_node_list))
if my_node_dict:
for key in my_node_dict:
for key1 in self.vm_node_map:
if self.vm_node_map[key1] == key:
self.vm_node_map[key1] = my_node_dict[key]
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0', 'policy1', 'policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
self.rules['policy1']= [
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet1', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'},
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet2', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
self.rules['policy100']= [
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
self.rules['policy1'] = [
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='vnet1')], src_addresses=[AddressType(
virtual_network='vnet0')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)]),
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='vnet2')], src_addresses=[AddressType(
virtual_network='vnet0')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
self.rules['policy100'] = [
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg_allow_all', 'sg_allow_tcp', 'sg_allow_udp', 'sg_allow_icmp', 'sg_allow_udp_sg']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm6'] = [self.sg_list[4]]; self.sg_of_vm['vm9'] = [self.sg_list[4]]; self.sg_of_vm['vm10'] = [self.sg_list[4]];
self.sg_of_vm['vm11'] = [self.sg_list[4]]; self.sg_of_vm['vm12'] = [self.sg_list[4]];
##Define the security group rules
import uuid
uuid_1= uuid.uuid1().urn.split(':')[2]
uuid_2= uuid.uuid1().urn.split(':')[2]
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[2]]=[
get_sg_rule('ingress',af=self.af_test,
proto='udp'),
get_sg_rule('egress',af=self.af_test,
proto='any')]
self.sg_rules[self.sg_list[4]]=[
{'direction' : '>',
'protocol' : 'udp',
'dst_addresses': [{'security_group': 'local', 'subnet' : None}],
'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
'src_addresses': [{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[4]}],
'rule_uuid': uuid_1
},
get_sg_rule('egress',af=self.af_test,
proto='any')]
##
# Define traffic profile.
self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, intra compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm3', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, inter compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, inter compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, intra compute, same default SG
{'src_vm':'vm6', 'dst_vm':'vm7', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, intra compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm8', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, inter compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, inter compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, intra compute, diff. SG
{'src_vm':'vm9', 'dst_vm':'vm11','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, intra compute, same non-default SG
{'src_vm':'vm9', 'dst_vm':'vm10','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, inter compute, same non-default SG
{'src_vm':'vm9', 'dst_vm':'vm12','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# inter VN, inter compute, same non-default SG
{'src_vm':'vm9', 'dst_vm':'vm6', 'proto':'udp','sport':8000,'dport':9000,'exp':'pass'}]# inter VN, intra compute, same non-default SG
def build_topo(self, domain= 'default-domain', project= 'admin', compute_node_list= None, username= None, password= None,config_option='openstack'):
print("building dynamic topo")
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets, 'vnet2': self.vnet2_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix, self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet2_prefix, self.vnet2_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet2'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0]]; self.sg_of_vm['vm2'] = [self.sg_list[0]]; self.sg_of_vm['vm3'] = [self.sg_list[0]];
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]] = [get_sg_rule('egress',af=self.af_test,
proto='any'),
{'direction': '>',
'protocol': 'udp',
'src_addresses':[{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[0]}],
'src_ports': [{'start_port': 0, 'end_port': -1}],
'dst_ports': [{'start_port': 0, 'end_port': -1}],
'dst_addresses': [{'security_group': 'local'}],}]
return self
def build_topo(self, domain= 'default-domain', project= 'admin', username= None, password= None,config_option='openstack'):
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix, self.vnet1_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
##
# Define network policy rules
self.rules= {}
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0]]; self.sg_of_vm['vm2'] = [self.sg_list[0]];
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]]=[]
##
# Define traffic profile.
self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},
{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'tcp', 'sport':8000, 'dport':9000, 'exp':'fail'},
{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'icmp', 'sport':8000, 'dport':9000, 'exp':'fail'}
]
return self
def __init__(self, domain= 'default-domain', project= 'admin',
compute_node_list= None, username= None, password= None,
config_option='openstack', af_test='v4'):
self.af_test = af_test
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2', 'vnet3', 'vnet4']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet3_subnets = get_random_cidrs(self.af_test)
self.vnet4_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
self.vnet3_prefix = self.vnet3_subnets[0].split('/')[0]
self.vnet3_prefix_len = int(self.vnet3_subnets[0].split('/')[1])
self.vnet4_prefix = self.vnet4_subnets[0].split('/')[0]
self.vnet4_prefix_len = int(self.vnet4_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets,
'vnet2': self.vnet2_subnets,
'vnet3': self.vnet3_subnets,
'vnet4': self.vnet4_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix,
self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet2_prefix,
self.vnet2_prefix_len))]))],
'vnet3': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet3_prefix,
self.vnet3_prefix_len))]))],
'vnet4': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet4_prefix,
self.vnet4_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0', 'policy1', 'policy100']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0'],'vnet3':['policy0'],'vnet4':['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet1', 'vm4': 'vnet2', 'vm5': 'vnet2',
'vm6': 'vnet3', 'vm7': 'vnet3', 'vm8': 'vnet3', 'vm9': 'vnet4', 'vm10': 'vnet4'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
if compute_node_list is not None:
if len(compute_node_list) == 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN1', 'vm4':'CN0', 'vm5':'CN1',
'vm6':'CN0', 'vm7':'CN0', 'vm8':'CN1', 'vm9':'CN0', 'vm10':'CN1'}
elif len(compute_node_list) > 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN0', 'vm3':'CN2', 'vm4':'CN0', 'vm5':'CN1', 'vm6':'CN0',
'vm7':'CN0', 'vm8':'CN2', 'vm9':'CN0', 'vm10':'CN1'}
#Logic to create a vm to Compute node mapping.
if self.vm_node_map:
CN = []
for cn in list(self.vm_node_map.keys()):
if self.vm_node_map[cn] not in CN:
CN.append(self.vm_node_map[cn])
my_node_dict = {}
if compute_node_list is not None:
if len(compute_node_list) >= len(CN):
my_node_dict = dict(list(zip(CN, compute_node_list)))
if my_node_dict:
for key in my_node_dict:
for key1 in self.vm_node_map:
if self.vm_node_map[key1] == key:
self.vm_node_map[key1] = my_node_dict[key]
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0', 'policy1', 'policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
self.rules['policy1']= [
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet1', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'},
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'vnet2', 'source_network': 'vnet0', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
self.rules['policy100']= [
{'direction': '<>', 'protocol': 'udp', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
self.rules['policy1'] = [
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='vnet1')], src_addresses=[AddressType(
virtual_network='vnet0')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)]),
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='vnet2')], src_addresses=[AddressType(
virtual_network='vnet0')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
self.rules['policy100'] = [
PolicyRuleType(direction='<>', protocol='udp', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg_allow_all', 'sg_allow_tcp', 'sg_allow_udp', 'sg_allow_icmp', 'sg_allow_udp_sg']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm6'] = [self.sg_list[4]]; self.sg_of_vm['vm9'] = [self.sg_list[4]]; self.sg_of_vm['vm10'] = [self.sg_list[4]];
##Define the security group rules
import uuid
uuid_1= uuid.uuid1().urn.split(':')[2]
uuid_2= uuid.uuid1().urn.split(':')[2]
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[2]]=[
get_sg_rule('ingress',af=self.af_test,
proto='udp'),
get_sg_rule('egress',af=self.af_test,
proto='any')]
self.sg_rules[self.sg_list[4]]=[
{'direction' : '>',
'protocol' : 'udp',
'dst_addresses': [{'security_group': 'local', 'subnet' : None}],
'dst_ports': [{'start_port' : 0, 'end_port' : 65535}],
'src_ports': [{'start_port' : 0, 'end_port' : 65535}],
'src_addresses': [{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[4]}],
'rule_uuid': uuid_1
},
get_sg_rule('egress',af=self.af_test,
proto='any')]
##
# Define traffic profile.
self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, intra compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm3', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# intra VN, inter compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, inter compute, same default SG
{'src_vm':'vm1', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'pass'},# inter VN, intra compute, same default SG
{'src_vm':'vm6', 'dst_vm':'vm7', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, intra compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm8', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# intra VN, inter compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm5', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, inter compute, diff. SG
{'src_vm':'vm6', 'dst_vm':'vm4', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},# inter VN, intra compute, diff. SG
{'src_vm':'vm9', 'dst_vm':'vm10','proto':'udp','sport':8000,'dport':9000,'exp':'pass'},# intra VN, inter compute, same non-default SG
{'src_vm':'vm9', 'dst_vm':'vm6', 'proto':'udp','sport':8000,'dport':9000,'exp':'pass'}]# inter VN, intra compute, same non-default SG
def build_topo2(self, domain= 'default-domain', project= 'admin',
compute_node_list= None, username= None,
password= None,no_of_vm=2,
config_option='openstack'):
#no_of_vm must be 2 or 3
print "building dynamic topo"
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets, 'vnet2': self.vnet2_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType(
[IpamSubnetType(
subnet=SubnetType(
self.vnet1_prefix,
self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType(
[IpamSubnetType(
subnet=SubnetType(
self.vnet2_prefix,
self.vnet2_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0']}
if no_of_vm == 3:
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet2'}
if no_of_vm == 2:
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet2'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
if compute_node_list is not None:
if len(compute_node_list) == 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN1'}
elif len(compute_node_list) > 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN1'}
if no_of_vm == 3:self.vm_node_map['vm3'] = 'CN0'
#Logic to create a vm to Compute node mapping.
if self.vm_node_map:
CN = []
for cn in self.vm_node_map.keys():
if self.vm_node_map[cn] not in CN:
CN.append(self.vm_node_map[cn])
my_node_dict = {}
if compute_node_list is not None:
if len(compute_node_list) >= len(CN):
my_node_dict = dict(zip(CN, compute_node_list))
if my_node_dict:
for key in my_node_dict:
for key1 in self.vm_node_map:
if self.vm_node_map[key1] == key:
self.vm_node_map[key1] = my_node_dict[key]
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any',
'source_network': 'any', 'dst_ports': 'any',
'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any',
dst_addresses=[AddressType(virtual_network='any')],
src_addresses=[AddressType(virtual_network='any')],
dst_ports=[PortType(-1, -1)],
action_list=ActionListType(simple_action='pass'),
src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1', 'sg2']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0], self.sg_list[1]]; self.sg_of_vm['vm2'] = [self.sg_list[0], self.sg_list[1]]
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]] = [
get_sg_rule('egress',af=self.af_test,
proto='udp'),
get_sg_rule('ingress',af=self.af_test,
proto='udp'),
get_sg_rule('egress',af=self.af_test,
proto='icmp'),
get_sg_rule('ingress',af=self.af_test,
proto='icmp')]
self.sg_rules[self.sg_list[1]] = [
get_sg_rule('egress',af=self.af_test,
proto='tcp'),
get_sg_rule('ingress',af=self.af_test,
proto='tcp')]
return self
def build_topo(self, domain= 'default-domain', project= 'admin', compute_node_list= None, username= None, password= None,config_option='openstack'):
print "building dynamic topo"
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets, 'vnet2': self.vnet2_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix, self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet2_prefix, self.vnet2_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet2'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0]]; self.sg_of_vm['vm2'] = [self.sg_list[0]]; self.sg_of_vm['vm3'] = [self.sg_list[0]];
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]] = [get_sg_rule('egress',af=self.af_test,
proto='any'),
{'direction': '>',
'protocol': 'udp',
'src_addresses':[{'security_group': self.domain + ':'+ self.project+ ':'+ self.sg_list[0]}],
'src_ports': [{'start_port': 0, 'end_port': -1}],
'dst_ports': [{'start_port': 0, 'end_port': -1}],
'dst_addresses': [{'security_group': 'local'}],}]
return self
def build_topo(self, domain= 'default-domain', project= 'admin', username= None, password= None,config_option='openstack'):
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType([IpamSubnetType(
subnet=SubnetType(self.vnet1_prefix, self.vnet1_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0']}
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
##
# Define network policy rules
self.rules= {}
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any', 'source_network': 'any', 'dst_ports': 'any', 'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any', dst_addresses=[AddressType(virtual_network='any')], src_addresses=[AddressType(
virtual_network='any')], dst_ports=[PortType(-1, -1)], action_list=ActionListType(simple_action='pass'), src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0]]; self.sg_of_vm['vm2'] = [self.sg_list[0]];
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]]=[]
##
# Define traffic profile.
self.traffic_profile= [{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'udp', 'sport':8000, 'dport':9000, 'exp':'fail'},
{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'tcp', 'sport':8000, 'dport':9000, 'exp':'fail'},
{'src_vm':'vm1', 'dst_vm':'vm2', 'proto':'icmp', 'sport':8000, 'dport':9000, 'exp':'fail'}
]
return self
def test_ecmp_with_static_routes(self):
"""
Description: Verify disabling policy for ECMP routes with static routes on VM
Steps:
1. launch 1 VN and launch 3 VMs in it.
2. create a static route for a new subnet prefix and add this on 2 VMIs.
this will create 2 ECMP routes.
3. Disable the policy on all VMIs.
4. Now from 3rd VM send traffic to an IP from static route prefix
5. add new ECMP destinations and verify load is distributed to new destinations too
6. remove ECMP destinations and verify load is distributed to remaining destinations
Pass criteria:
1. traffic should go through fine
2. flows should not be created
3. load should be distributed among ecmp routes.
"""
compute_hosts = self.orch.get_hosts()
if len(compute_hosts) < 2:
raise self.skipTest("Skipping test case,\
this test needs atleast 2 compute nodes")
vn_fixtures = self.create_vns(count=1)
self.verify_vns(vn_fixtures)
vn1_fixture = vn_fixtures[0]
prefix_list = get_random_cidrs(self.inputs.get_af())
assert prefix_list, "Unable to get a random CIDR"
#Launch sender on first node and ECMP dest VMs on another node
image = 'ubuntu-traffic'
vm1_fixture = self.create_vms(vn_fixture=vn1_fixture,
count=1,
node_name=compute_hosts[0],
image_name=image)
vm_fixtures = self.create_vms(vn_fixture=vn1_fixture,
count=2,
node_name=compute_hosts[1],
image_name=image)
#Launch 1 extra VM, to be used for new ECMP routes later
vm4_fixture = self.create_vms(vn_fixture=vn1_fixture,
count=1,
node_name=compute_hosts[0],
image_name=image)[0]
self.verify_vms(vm_fixtures)
self.verify_vms(vm1_fixture)
vm1_fixture = vm1_fixture[0]
vm2_fixture = vm_fixtures[0]
vm3_fixture = vm_fixtures[1]
#Add static routes, which will create ECMP routes
static_ip_dict = {}
for prefix in prefix_list:
static_ip_dict[prefix] = self.add_static_routes_on_vms(
prefix, [vm2_fixture, vm3_fixture])
#Disable the policy on all the VMIs
self.disable_policy_for_vms([vm1_fixture])
self.disable_policy_for_vms(vm_fixtures)
for prefix in prefix_list:
assert self.verify_ecmp_routes([vm2_fixture, vm3_fixture], prefix)
assert self.verify_traffic_for_ecmp(vm1_fixture,
[vm2_fixture, vm3_fixture],
static_ip_dict[prefix])
self.verify_vms([vm4_fixture])
self.disable_policy_for_vms([vm4_fixture])
#Add new ECMP destination and verify load is distributed to new destinations
for prefix in prefix_list:
self.add_static_routes_on_vms(prefix, [vm4_fixture],
ip=static_ip_dict[prefix])
self.delete_vms([vm2_fixture])
for prefix in prefix_list:
assert self.verify_ecmp_routes([vm3_fixture, vm4_fixture], prefix)
assert self.verify_traffic_for_ecmp(vm1_fixture,
[vm3_fixture, vm4_fixture],
static_ip_dict[prefix])
def build_topo2(self, domain= 'default-domain', project= 'admin',
compute_node_list= None, username= None,
password= None,no_of_vm=2,
config_option='openstack'):
#no_of_vm must be 2 or 3
print("building dynamic topo")
##
# Domain and project defaults: Do not change until support for non-default is tested!
self.domain= domain; self.project= project; self.username= username; self.password= password
##
# Define VN's in the project:
self.vnet_list= ['vnet1','vnet2']
##
# Define network info for each VN:
self.vnet1_subnets = get_random_cidrs(self.af_test)
self.vnet2_subnets = get_random_cidrs(self.af_test)
self.vnet1_prefix = self.vnet1_subnets[0].split('/')[0]
self.vnet1_prefix_len = int(self.vnet1_subnets[0].split('/')[1])
self.vnet2_prefix = self.vnet2_subnets[0].split('/')[0]
self.vnet2_prefix_len = int(self.vnet2_subnets[0].split('/')[1])
if config_option == 'openstack':
self.vn_nets= {'vnet1': self.vnet1_subnets, 'vnet2': self.vnet2_subnets}
else:
self.vn_nets = {
'vnet1': [(NetworkIpam(), VnSubnetsType(
[IpamSubnetType(
subnet=SubnetType(
self.vnet1_prefix,
self.vnet1_prefix_len))]))],
'vnet2': [(NetworkIpam(), VnSubnetsType(
[IpamSubnetType(
subnet=SubnetType(
self.vnet2_prefix,
self.vnet2_prefix_len))]))]
}
##
# Define network policies
self.policy_list= ['policy0']
self.vn_policy= {'vnet1': ['policy0'], 'vnet2': ['policy0']}
if no_of_vm == 3:
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet1', 'vm3': 'vnet2'}
if no_of_vm == 2:
self.vn_of_vm= {'vm1': 'vnet1', 'vm2': 'vnet2'}
#Define the vm to compute node mapping to pin a vm to a particular
#compute node or else leave empty.
self.vm_node_map = {}
if compute_node_list is not None:
if len(compute_node_list) == 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN1'}
elif len(compute_node_list) > 2:
self.vm_node_map = {'vm1':'CN0', 'vm2':'CN1'}
if no_of_vm == 3:self.vm_node_map['vm3'] = 'CN0'
#Logic to create a vm to Compute node mapping.
if self.vm_node_map:
CN = []
for cn in list(self.vm_node_map.keys()):
if self.vm_node_map[cn] not in CN:
CN.append(self.vm_node_map[cn])
my_node_dict = {}
if compute_node_list is not None:
if len(compute_node_list) >= len(CN):
my_node_dict = dict(list(zip(CN, compute_node_list)))
if my_node_dict:
for key in my_node_dict:
for key1 in self.vm_node_map:
if self.vm_node_map[key1] == key:
self.vm_node_map[key1] = my_node_dict[key]
##
# Define network policy rules
self.rules= {}
# Multiple policies are defined with different action for the test traffic streams..
self.policy_test_order= ['policy0']
if config_option == 'openstack':
self.rules['policy0']= [
{'direction': '<>', 'protocol': 'any', 'dest_network': 'any',
'source_network': 'any', 'dst_ports': 'any',
'simple_action': 'pass', 'src_ports': 'any'}]
else:
self.rules['policy0'] = [
PolicyRuleType(direction='<>', protocol='any',
dst_addresses=[AddressType(virtual_network='any')],
src_addresses=[AddressType(virtual_network='any')],
dst_ports=[PortType(-1, -1)],
action_list=ActionListType(simple_action='pass'),
src_ports=[PortType(-1, -1)])
]
#Define the security_group and its rules
# Define security_group name
self.sg_list=['sg1', 'sg2']
self.sg_names = self.sg_list[:]
##
#Define security_group with vm
self.sg_of_vm = {}
for key in self.vn_of_vm:
self.sg_of_vm[key] = []
self.sg_of_vm['vm1'] = [self.sg_list[0], self.sg_list[1]]; self.sg_of_vm['vm2'] = [self.sg_list[0], self.sg_list[1]]
##Define the security group rules
self.sg_rules={}
for sg in self.sg_list:
self.sg_rules[sg] = []
self.sg_rules[self.sg_list[0]] = [
get_sg_rule('egress',af=self.af_test,
proto='udp'),
get_sg_rule('ingress',af=self.af_test,
proto='udp'),
get_sg_rule('egress',af=self.af_test,
proto='icmp'),
get_sg_rule('ingress',af=self.af_test,
proto='icmp')]
self.sg_rules[self.sg_list[1]] = [
get_sg_rule('egress',af=self.af_test,
proto='tcp'),
get_sg_rule('ingress',af=self.af_test,
proto='tcp')]
return self