X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=tests%2Fsuites%2Fcop%2Fcop_whitelist_blacklist_IPv6.robot;h=054e376789a65e48875e08223966f90a34d20368;hb=bcf99a0eb0e8770f28c2e3c8c0965ad6c0acba94;hp=a48ae01475cc16fcbad582bb359fc5dfff831228;hpb=395ed47437010c9852d9d620f491f660a085dbfd;p=csit.git

diff --git a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot
index a48ae01475..054e376789 100644
--- a/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot
+++ b/tests/suites/cop/cop_whitelist_blacklist_IPv6.robot
@@ -12,15 +12,13 @@
 # limitations under the License.
 
 *** Settings ***
-| Library | resources.libraries.python.topology.Topology
-| Library | resources.libraries.python.NodePath
 | Library | resources.libraries.python.Trace
+| Library | resources.libraries.python.Cop
 | Resource | resources/libraries/robot/default.robot
 | Resource | resources/libraries/robot/interfaces.robot
 | Resource | resources/libraries/robot/ipv6.robot
-| Resource | resources/libraries/robot/ipv4.robot
 | Resource | resources/libraries/robot/traffic.robot
-| Resource | resources/libraries/robot/cop.robot
+| Resource | resources/libraries/robot/testing_path.robot
 | Resource | resources/libraries/robot/l2_xconnect.robot
 | Variables  | resources/libraries/python/IPv6NodesAddr.py | ${nodes}
 | Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
@@ -29,13 +27,18 @@
 | ...         | AND          | Update All Interface Data On All Nodes | ${nodes}
 | Test Setup | Clear interface counters on all vpp nodes in topology | ${nodes}
 | Test Teardown | Show packet trace on all DUTs | ${nodes}
-| Documentation | *COP Blacklist and Whitelist Tests*
+| Documentation | *COP Security IPv6 Blacklist and Whitelist Tests*
 | ...
-| ... | Test suite uses 3-node topology TG - DUT1 - DUT2 - TG
-| ... | with one link between nodes where DUT2 has xconnect.
-| ... | Test packets are sent only in one direction with COP set either as
-| ... | whitelist or blacklist. Subsequently, packet's IP src/dst and
-| ... | MAC addresses are checked.
+| ... | *[Top] Network Topologies:* TG-DUT1-DUT2-TG 3-node circular topology
+| ... | with single links between nodes.
+| ... | *[Enc] Packet Encapsulations:* Eth-IPv6-ICMPv6 on all links.
+| ... | *[Cfg] DUT configuration:* DUT1 is configured with IPv6 routing and
+| ... | static routes. COP security white-lists are applied on DUT1 ingress
+| ... | interface from TG. DUT2 is configured with L2XC.
+| ... | *[Ver] TG verification:* Test ICMPv6 Echo Request packets are sent in
+| ... | one direction by TG on link to DUT1; on receive TG verifies packets for
+| ... | correctness and drops as applicable.
+| ... | *[Ref] Applicable standard specifications:*
 
 *** Variables ***
 | ${tg_node}= | ${nodes['TG']}
@@ -62,59 +65,78 @@
 | ${fib_table_number}= | 1
 
 *** Test Cases ***
-| VPP permits packets based on IPv6 src addr
-| | [Documentation] | COP Whitelist test with basic setup.
-| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
-| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \
+| | ... | configure interface IPv6 addresses and routes in the main
+| | ... | routing domain, add COP whitelist on interface to TG with IPv6
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to
+| | ... | DUT1; verify received ICMPv6 Echo Req pkts are correct. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix}
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix}
-| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
-| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix}
+| | And Add IP Neighbor
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
+| | And Add IP Neighbor
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
 | | And Vpp Route Add | ${dut1_node}
-| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
 | | And Vpp All Ra Suppress Link Layer | ${nodes}
 | | And Add fib table | ${dut1_node} | ${cop_dut_ip} | ${ip_prefix} |
 | | ... | ${fib_table_number} | local
-| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_if1} | ip6 |
+| | When COP Add whitelist Entry | ${dut1_node} | ${dut1_to_tg} | ip6 |
 | | ... | ${fib_table_number}
-| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
-| | Then Send Packet And Check Headers | ${tg_node} |
-| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
-| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send Packet And Check Headers | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}
 
-
-| VPP drops packets based on IPv6 src addr
-| | [Documentation] | COP blacklist test with basic setup.
-| | Given Setup Nodes And Variables | ${tg_node} | ${dut1_node} | ${dut2_node}
-| | And L2 setup xconnect on DUT | ${dut2_node} | ${dut2_if1} | ${dut2_if2}
+| TC02: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr
+| | [Documentation]
+| | ... | [Top] TG-DUT1-DUT2-TG. [Enc] Eth-IPv6-ICMPv6. [Cfg] On DUT1 \
+| | ... | configure interface IPv6 addresses and routes in the main
+| | ... | routing domain, add COP blacklist on interface to TG with IPv6
+| | ... | src-addr matching packets generated by TG; on DUT2 configure L2
+| | ... | xconnect. [Ver] Make TG send ICMPv6 Echo Req on its interface to
+| | ... | DUT1; verify no ICMPv6 Echo Req pkts are received. [Ref]
+| | Given Path for 3-node testing is set
+| | ... | ${tg_node} | ${dut1_node} | ${dut2_node} | ${tg_node}
+| | And Interfaces in 3-node path are up
+| | And L2 setup xconnect on DUT
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip} | ${ip_prefix}
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut2_node} | ${dut2_if1} | ${dut2_if1_ip} | ${ip_prefix}
+| | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_if1_ip} | ${ip_prefix}
 | | And VPP Set IF IPv6 Addr
-| | ... | ${dut2_node} | ${dut2_if2} | ${dut2_if2_ip} | ${ip_prefix}
-| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if1} | ${dut1_if1_ip_GW} | ${tg_if1_mac}
-| | And Add Arp On Dut
-| | ... | ${dut1_node} | ${dut1_if2} | ${dut1_if2_ip_GW} | ${tg_if2_mac}
+| | ... | ${dut2_node} | ${dut2_to_tg} | ${dut2_if2_ip} | ${ip_prefix}
+| | And Add IP Neighbor
+| | ... | ${dut1_node} | ${dut1_to_tg} | ${dut1_if1_ip_GW} | ${tg_to_dut1_mac}
+| | And Add IP Neighbor
+| | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_if2_ip_GW} | ${tg_to_dut2_mac}
 | | And Vpp Route Add | ${dut1_node}
-| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_if2}
+| | ... | ${test_dst_ip} | ${ip_prefix} | ${dut1_if2_ip_GW} | ${dut1_to_dut2}
 | | And Vpp All Ra Suppress Link Layer | ${nodes}
 | | And Add fib table | ${dut1_node}
 | | ... | ${cop_dut_ip} | ${ip_prefix} | ${fib_table_number} | drop
 | | When COP Add whitelist Entry
-| | ... | ${dut1_node} | ${dut1_if1} | ip6 | ${fib_table_number}
-| | And COP interface enable or disable | ${dut1_node} | ${dut1_if1} | enable
-| | Then Send packet from Port to Port should failed | ${tg_node} |
-| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_if1} | ${tg_if1_mac} |
-| | ... | ${dut1_if1_mac} | ${tg_if2} | ${dut1_if2_mac} | ${tg_if2_mac}
+| | ... | ${dut1_node} | ${dut1_to_tg} | ip6 | ${fib_table_number}
+| | And COP interface enable or disable | ${dut1_node} | ${dut1_to_tg} | enable
+| | Then Send packet from Port to Port should failed | ${tg_node}
+| | ... | ${test_src_ip} | ${test_dst_ip} | ${tg_to_dut1} | ${tg_to_dut1_mac}
+| | ... | ${dut1_to_tg_mac} | ${tg_to_dut2} | ${dut1_to_dut2_mac}
+| | ... | ${tg_to_dut2_mac}