X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=tests%2Fsuites%2Fcop%2Fcop_whitelist_blacklist.robot;h=c84387d34996a12aa69309357288754a91c15b5d;hb=7c3e0cc41f55327d6eeb04fe757c6e80064ab28a;hp=00267bf29b87820b5151d29b9165216a733dedc5;hpb=7dbda72563912b656bde2ee4b4611a0b284b933e;p=csit.git diff --git a/tests/suites/cop/cop_whitelist_blacklist.robot b/tests/suites/cop/cop_whitelist_blacklist.robot index 00267bf29b..c84387d349 100644 --- a/tests/suites/cop/cop_whitelist_blacklist.robot +++ b/tests/suites/cop/cop_whitelist_blacklist.robot @@ -22,18 +22,23 @@ | Resource | resources/libraries/robot/l2_xconnect.robot | Variables | resources/libraries/python/IPv4NodeAddress.py | ${nodes} | Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO -| Suite Setup | Run Keywords | Setup all DUTs before test -| ... | AND | Setup all TGs before traffic script -| ... | AND | Update All Interface Data On All Nodes | ${nodes} -| Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes} -| Test Teardown | Show packet trace on all DUTs | ${nodes} -| Documentation | *COP Blacklist and Whitelist Tests* +| Test Setup | Run Keywords | Setup all DUTs before test +| ... | AND | Setup all TGs before traffic script +| ... | AND | Update All Interface Data On All Nodes | ${nodes} +| Test Teardown | Run Keywords | Show packet trace on all DUTs | ${nodes} +| ... | AND | Show vpp trace dump on all DUTs +| Documentation | *COP Security IPv4 Blacklist and Whitelist Tests* | ... -| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG -| ... | with one link between nodes where DUT2 has xconnect. -| ... | Test packets are sent only in one direction with COP set either as -| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and -| ... | MAC addresses are checked. +| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology +| ... | with single links between nodes. +| ... | *[Enc] Packet Encapsulations:* Eth-IPv4-ICMPv4 on all links. +| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv4 routing and +| ... | static routes. COP security white-lists are applied on DUT1 ingress +| ... | interface from TG. DUT2 is configured with L2XC. +| ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent in +| ... | one direction by TG on link to DUT1; on receive TG verifies packets for +| ... | correctness and drops as applicable. +| ... | *[Ref] Applicable standard specifications:* *** Variables *** | ${tg_node}= | ${nodes['TG']} @@ -56,8 +61,14 @@ | ${fib_table_number}= | 1 *** Test Cases *** -| VPP permits packets based on IPv4 src addr -| | [Documentation] | COP Whitelist test with basic setup. +| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ +| | ... | configure interface IPv4 addresses and routes in the main +| | ... | routing domain, add COP whitelist on interface to TG with IPv4 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to +| | ... | DUT1; verify received ICMPv4 Echo Req pkts are correct. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up @@ -83,9 +94,14 @@ | | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac} | | ... | ${tg_to_dut2_mac} - -| VPP drops packets based on IPv4 src addr -| | [Documentation] | COP blacklist test with basic setup. +| TC02: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr +| | [Documentation] +| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv4-ICMPv4. [Cfg] On DUT1 \ +| | ... | configure interface IPv4 addresses and routes in the main +| | ... | routing domain, add COP blacklist on interface to TG with IPv4 +| | ... | src-addr matching packets generated by TG; on DUT2 configure L2 +| | ... | xconnect. [Ver] Make TG send ICMPv4 Echo Req on its interface to +| | ... | DUT1; verify no ICMPv4 Echo Req pkts are received. [Ref] | | Given Path for 3-node testing is set | | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node} | | And Interfaces in 3-node path are up