tests/func/iacl/l2_iacl_untagged.robot

   1 # Copyright (c) 2016 Cisco and/or its affiliates.
   2 # Licensed under the Apache License, Version 2.0 (the "License");
   3 # you may not use this file except in compliance with the License.
   4 # You may obtain a copy of the License at:
   5 #
   6 #     http://www.apache.org/licenses/LICENSE-2.0
   7 #
   8 # Unless required by applicable law or agreed to in writing, software
   9 # distributed under the License is distributed on an "AS IS" BASIS,
  10 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  11 # See the License for the specific language governing permissions and
  12 # limitations under the License.
  13
  14 *** Settings ***
  15 | Resource | resources/libraries/robot/default.robot
  16 | Resource | resources/libraries/robot/counters.robot
  17 | Resource | resources/libraries/robot/interfaces.robot
  18 | Resource | resources/libraries/robot/testing_path.robot
  19 | Resource | resources/libraries/robot/l2_xconnect.robot
  20 | Resource | resources/libraries/robot/l2_traffic.robot
  21 | Library | resources.libraries.python.Classify.Classify
  22 | Library | resources.libraries.python.Trace
  23 | Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO
  24 | ...        | 3_NODE_DOUBLE_LINK_TOPO
  25 | Test Setup | Func Test Setup
  26 | Test Teardown | Func Test Teardown
  27 | Documentation | *Ingress ACL test cases*
  28 | ...
  29 | ... | *[Top] Network Topologies:* TG - DUT1 - DUT2 - TG
  30 | ... |        with one link between the nodes.
  31 | ... | *[Cfg] DUT configuration:* DUT2 is configured with L2 Cross connect.
  32 | ... |        DUT1 is configured with iACL classification on link to TG,
  33 | ... | *[Ver] TG verification:* Test ICMPv4 Echo Request packets are sent
  34 | ... |        in one direction by TG on link to DUT1 and received on TG link
  35 | ... |        to DUT2. On receive TG verifies if packets are dropped.
  36
  37 *** Variables ***
  38 | ${l2_table}= | l2
  39
  40 *** Test Cases ***
  41 | TC01: DUT with iACL MAC src-addr drops matching pkts
  42 | | [Documentation]
  43 | | ... | [Top] TG-DUT1-DUT2-TG.
  44 | | ... | [Cfg] On DUT1 add source MAC address to classify table with 'deny'.
  45 | | ... | [Ver] Make TG verify matching packets are dropped.
  46 | | Given Path for 3-node testing is set
  47 | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
  48 | | And Interfaces in 3-node path are up
  49 | | And L2 setup xconnect on DUT
  50 | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
  51 | | And L2 setup xconnect on DUT
  52 | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
  53 | | Then Send and receive ICMP Packet
  54 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
  55 | | ${table_index} | ${skip_n} | ${match_n}=
  56 | | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
  57 | | And Vpp Configures Classify Session L2
  58 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
  59 | | ... | src | ${tg_to_dut1_mac}
  60 | | And Vpp Enable Input ACL Interface
  61 | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
  62 | | Then Send and receive ICMP Packet should fail
  63 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
  64
  65 | TC02: DUT with iACL MAC dst-addr drops matching pkts
  66 | | [Documentation]
  67 | | ... | [Top] TG-DUT1-DUT2-TG.
  68 | | ... | [Cfg] On DUT1 add destination MAC address to classify
  69 | | ... |       table with 'deny'.
  70 | | ... | [Ver] Make TG verify matching packets are dropped.
  71 | | Given Path for 3-node testing is set
  72 | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
  73 | | And Interfaces in 3-node path are up
  74 | | And L2 setup xconnect on DUT
  75 | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
  76 | | And L2 setup xconnect on DUT
  77 | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
  78 | | Then Send and receive ICMP Packet
  79 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
  80 | | ${table_index} | ${skip_n} | ${match_n}=
  81 | | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst
  82 | | And Vpp Configures Classify Session L2
  83 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
  84 | | ... | dst | ${tg_to_dut2_mac}
  85 | | And Vpp Enable Input ACL Interface
  86 | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
  87 | | Then Send and receive ICMP Packet should fail
  88 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
  89
  90 | TC03: DUT with iACL MAC src-addr and dst-addr drops matching pkts
  91 | | [Documentation]
  92 | | ... | [Top] TG-DUT1-DUT2-TG.
  93 | | ... | [Cfg] On DUT1 add source and destination MAC address to classify
  94 | | ... |       table with 'deny'.
  95 | | ... | [Ver] Make TG verify matching packets are dropped.
  96 | | Given Path for 3-node testing is set
  97 | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
  98 | | And Interfaces in 3-node path are up
  99 | | And L2 setup xconnect on DUT
 100 | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
 101 | | And L2 setup xconnect on DUT
 102 | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
 103 | | Then Send and receive ICMP Packet
 104 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
 105 | | ${table_index_1} | ${skip_n_1} | ${match_n_1}=
 106 | | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | src
 107 | | And Vpp Configures Classify Session L2
 108 | | ... | ${dut1_node} | deny | ${table_index_1} | ${skip_n_1} | ${match_n_1}
 109 | | ... | src | ${tg_to_dut1_mac}
 110 | | ${table_index_2} | ${skip_n_2} | ${match_n_2}=
 111 | | ... | When Vpp Creates Classify Table L2 | ${dut1_node} | dst
 112 | | And Vpp Configures Classify Session L2
 113 | | ... | ${dut1_node} | deny | ${table_index_2} | ${skip_n_2} | ${match_n_2}
 114 | | ... | dst | ${tg_to_dut1_mac}
 115 | | And Vpp Enable Input ACL Interface
 116 | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_1}
 117 | | And Vpp Enable Input ACL Interface
 118 | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index_2}
 119 | | Then Send and receive ICMP Packet should fail
 120 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
 121
 122 | TC04: DUT with iACL EtherType drops matching pkts
 123 | | [Documentation]
 124 | | ... | [Top] TG-DUT1-DUT2-TG.
 125 | | ... | [Cfg] On DUT1 add EtherType IPv4(0x0800) to classify table with 'deny'.
 126 | | ... | [Ver] Make TG verify matching packets are dropped.
 127 | | Given Path for 3-node testing is set
 128 | | ... | ${nodes['TG']} | ${nodes['DUT1']} | ${nodes['DUT2']} | ${nodes['TG']}
 129 | | And Interfaces in 3-node path are up
 130 | | And L2 setup xconnect on DUT
 131 | | ... | ${dut1_node} | ${dut1_to_dut2} | ${dut1_to_tg}
 132 | | And L2 setup xconnect on DUT
 133 | | ... | ${dut2_node} | ${dut2_to_dut1} | ${dut2_to_tg}
 134 | | Then Send and receive ICMP Packet
 135 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}
 136 | | ${table_index} | ${skip_n} | ${match_n}=
 137 | | ... | When Vpp Creates Classify Table Hex
 138 | | ... | ${dut1_node} | 000000000000000000000000ffff
 139 | | And Vpp Configures Classify Session Hex
 140 | | ... | ${dut1_node} | deny | ${table_index} | ${skip_n} | ${match_n}
 141 | | ... | 0000000000000000000000000800
 142 | | And Vpp Enable Input ACL Interface
 143 | | ... | ${dut1_node} | ${dut1_to_tg} | ${l2_table} | ${table_index}
 144 | | Then Send and receive ICMP Packet should fail
 145 | | ... | ${tg_node} | ${tg_to_dut1} | ${tg_to_dut2}