From: selias Date: Wed, 21 Sep 2016 08:52:31 +0000 (+0200) Subject: CSIT-235: Switched Port Analyzer mirroring (SPAN) - IPv4 X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=commitdiff_plain;h=ac8b7ce3b05805a978b8186440e62dcd0d9023c3 CSIT-235: Switched Port Analyzer mirroring (SPAN) - IPv4 - add library for SPAN setup - add telemetry traffic script and a keyword to run it - add "telemetry" folders for python and robot libraries - move IPFIX libraries to these new folders - add first SPAN test case, mirroring IPv4 ICMP packets Change-Id: Ibca35f724c13662bf80dce2d7e2649d1a0b8676a Signed-off-by: selias --- diff --git a/bootstrap.sh b/bootstrap.sh index 2bd3a0f072..12427d2f5b 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -30,7 +30,7 @@ VIRL_SERVER_EXPECTED_STATUS="PRODUCTION" SSH_OPTIONS="-i ${VIRL_PKEY} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o BatchMode=yes -o LogLevel=error" -TEST_GROUPS=("bridge_domain,dhcp,gre,honeycomb,l2_xconnect,lisp,softwire" "cop,ipfix,ipsec,ipv6,rpf,tap,vrf" "fds,iacl,ipv4,policer,vlan,vxlan") +TEST_GROUPS=("bridge_domain,dhcp,gre,honeycomb,l2_xconnect,lisp,softwire" "cop,telemetry,ipsec,ipv6,rpf,tap,vrf" "fds,iacl,ipv4,policer,vlan,vxlan") SUITE_PATH="tests.func" SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" diff --git a/resources/libraries/python/IPFIXSetup.py b/resources/libraries/python/telemetry/IPFIXSetup.py similarity index 100% rename from resources/libraries/python/IPFIXSetup.py rename to resources/libraries/python/telemetry/IPFIXSetup.py diff --git a/resources/libraries/python/IPFIXUtil.py b/resources/libraries/python/telemetry/IPFIXUtil.py similarity index 100% rename from resources/libraries/python/IPFIXUtil.py rename to resources/libraries/python/telemetry/IPFIXUtil.py diff --git a/resources/libraries/python/telemetry/SPAN.py b/resources/libraries/python/telemetry/SPAN.py new file mode 100644 index 0000000000..7933898c02 --- /dev/null +++ b/resources/libraries/python/telemetry/SPAN.py @@ -0,0 +1,48 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""SPAN setup library""" + +from resources.libraries.python.topology import Topology +from resources.libraries.python.VatExecutor import VatTerminal + + +# pylint: disable=too-few-public-methods +class SPAN(object): + """Class contains methods for setting up SPAN mirroring on DUTs.""" + + def __init__(self): + """Initializer.""" + pass + + @staticmethod + def set_span_mirroring(node, src_if, dst_if): + """Set Span mirroring on the specified node. + + :param node: DUT node. + :param src_if: Interface to mirror traffic from. + :param dst_if: Interface to mirror traffic to. + :type node: dict + :type src_if: str + :type dst_if: str + """ + + src_if = Topology.get_interface_name(node, src_if) + dst_if = Topology.get_interface_name(node, dst_if) + + with VatTerminal(node, json_param=False) as vat: + vat.vat_terminal_exec_cmd_from_template('span_create.vat', + src_if=src_if, + dst_if=dst_if, + ) + # TODO: Update "span_create.vat" to use VAT command, once available diff --git a/resources/libraries/python/telemetry/__init__.py b/resources/libraries/python/telemetry/__init__.py new file mode 100644 index 0000000000..5a0e0e1c5e --- /dev/null +++ b/resources/libraries/python/telemetry/__init__.py @@ -0,0 +1,12 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/resources/libraries/robot/ipfix.robot b/resources/libraries/robot/telemetry/ipfix.robot similarity index 99% rename from resources/libraries/robot/ipfix.robot rename to resources/libraries/robot/telemetry/ipfix.robot index d8840a5261..5248964f29 100644 --- a/resources/libraries/robot/ipfix.robot +++ b/resources/libraries/robot/telemetry/ipfix.robot @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -"""Traffic keywords""" +"""IPFIX keywords""" *** Settings *** | Library | resources.libraries.python.TrafficScriptExecutor diff --git a/resources/libraries/robot/telemetry/span.robot b/resources/libraries/robot/telemetry/span.robot new file mode 100644 index 0000000000..d994e95e3e --- /dev/null +++ b/resources/libraries/robot/telemetry/span.robot @@ -0,0 +1,56 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Library | resources.libraries.python.TrafficScriptExecutor +| Library | resources.libraries.python.topology.Topology +| Documentation | SPAN traffic keywords + +*** Keywords *** +| Send Packet And Check Received Copies +| | [Documentation] | Sends an ARP or ICMP packet from TG to DUT using one\ +| | ... | link, then receive a copy of both the sent packet and the DUT's reply\ +| | ... | on the second link. +| | ... +| | ... | *Arguments:* +| | ... +| | ... | - tg_node - Node to execute scripts on (TG). Type: dictionary +| | ... | - tx_src_port - First interface on TG. Type: string +| | ... | - tx_src_mac - MAC address of the first interface on TG. Type: string +| | ... | - tx_dst_mac - MAC address of the first interface on DUT. Type: string +| | ... | - rx_port - Second interface on TG. Type: string +| | ... | - src_ip - Packet source IP address. Type: string +| | ... | - dst_ip - Packet destination IP address. Type: string +| | ... | - ptype - Type of payload, ARP or ICMP. Type: string +| | ... +| | ... | *Return:* +| | ... | - No value returned +| | ... +| | ... | *Example:* +| | ... +| | ... | \| Send Packet And Check Received Copies \| ${nodes['TG']} \| eth1 \ +| | ... | \| 8:00:27:ee:fd:b3 \| 08:00:27:a2:52:5b \ +| | ... | \| eth3 \| 192.168.0.2 \| 192.168.0.3 \| ARP \| +| | ... +| | [Arguments] | ${tg_node} | ${tx_src_port} +| | ... | ${tx_src_mac} | ${tx_dst_mac} | ${rx_port} +| | ... | ${src_ip} | ${dst_ip} | ${ptype} +| | ${tx_port_name}= | Get interface name | ${tg_node} | ${tx_src_port} +| | ${rx_port_name}= | Get interface name | ${tg_node} | ${rx_port} +| | ${args}= | Catenate +| | ... | --tg_src_mac ${tx_src_mac} --dut_if1_mac ${tx_dst_mac} +| | ... | --src_ip ${src_ip} --dst_ip ${dst_ip} +| | ... | --tx_if ${tx_port_name} --rx_if | ${rx_port_name} +| | ... | --ptype ${ptype} +| | Run Traffic Script On Node | span_check.py | ${tg_node} | +| | ... | ${args} \ No newline at end of file diff --git a/resources/templates/vat/span_create.vat b/resources/templates/vat/span_create.vat new file mode 100644 index 0000000000..62c423248b --- /dev/null +++ b/resources/templates/vat/span_create.vat @@ -0,0 +1 @@ +exec set span src {src_if} dst {dst_if} diff --git a/resources/traffic_scripts/ipfix_check.py b/resources/traffic_scripts/ipfix_check.py index 14b5a074db..aa04b24038 100755 --- a/resources/traffic_scripts/ipfix_check.py +++ b/resources/traffic_scripts/ipfix_check.py @@ -22,7 +22,8 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether -from resources.libraries.python.IPFIXUtil import IPFIXHandler, IPFIXData +from resources.libraries.python.telemetry.IPFIXUtil import IPFIXHandler, \ + IPFIXData from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad from resources.libraries.python.TrafficScriptArg import TrafficScriptArg @@ -81,7 +82,6 @@ def main(): rxq = RxQueue(tx_if) # generate simple packet based on arguments - ip_version = None if valid_ipv4(src_ip) and valid_ipv4(dst_ip): ip_version = IP elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): diff --git a/resources/traffic_scripts/ipfix_sessions.py b/resources/traffic_scripts/ipfix_sessions.py index 2994916144..e7597a894a 100755 --- a/resources/traffic_scripts/ipfix_sessions.py +++ b/resources/traffic_scripts/ipfix_sessions.py @@ -22,7 +22,8 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether -from resources.libraries.python.IPFIXUtil import IPFIXHandler, IPFIXData +from resources.libraries.python.telemetry.IPFIXUtil import IPFIXHandler, \ + IPFIXData from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad from resources.libraries.python.TrafficScriptArg import TrafficScriptArg @@ -133,8 +134,6 @@ def main(): tx_if = args.get_arg('tx_if') protocol = args.get_arg('protocol') - source_port = int(args.get_arg('port')) - destination_port = int(args.get_arg('port')) count = int(args.get_arg('count')) sessions = int(args.get_arg('sessions')) diff --git a/resources/traffic_scripts/span_check.py b/resources/traffic_scripts/span_check.py new file mode 100755 index 0000000000..66400d9dfb --- /dev/null +++ b/resources/traffic_scripts/span_check.py @@ -0,0 +1,138 @@ +#!/usr/bin/env python +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Traffic script that sends an IP ICMPv4/ICMPv6 packet from one interface +to the other. Source and destination IP addresses and source and destination +MAC addresses are checked in received packet. +""" + +import sys +import ipaddress + +from scapy.layers.inet import IP, ICMP, ARP +from scapy.layers.inet6 import IPv6, ICMPv6EchoRequest, ICMPv6EchoReply +from scapy.layers.l2 import Ether + +from resources.libraries.python.PacketVerifier import RxQueue, TxQueue, auto_pad +from resources.libraries.python.TrafficScriptArg import TrafficScriptArg + + +def valid_ipv4(address): + """Check if IP address has the correct IPv4 address format. + + :param address: IP address. + :type address: str + :return: True in case of correct IPv4 address format, + otherwise return false. + :rtype: bool + """ + try: + ipaddress.IPv4Address(unicode(address)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def valid_ipv6(address): + """Check if IP address has the correct IPv6 address format. + + :param address: IP address. + :type address: str + :return: True in case of correct IPv6 address format, + otherwise return false. + :rtype: bool + """ + try: + ipaddress.IPv6Address(unicode(address)) + return True + except (AttributeError, ipaddress.AddressValueError): + return False + + +def main(): + """Send a simple L2 or ICMP packet from one TG interface to DUT, then + receive a copy of the packet on the second TG interface, and a copy of + the ICMP reply.""" + args = TrafficScriptArg( + ['tg_src_mac', 'src_ip', 'dst_ip', 'dut_if1_mac', 'ptype']) + + src_mac = args.get_arg('tg_src_mac') + dst_mac = args.get_arg('dut_if1_mac') + src_ip = args.get_arg('src_ip') + dst_ip = args.get_arg('dst_ip') + tx_if = args.get_arg('tx_if') + rx_if = args.get_arg('rx_if') + ptype = args.get_arg('ptype') + + rxq = RxQueue(rx_if) + txq = TxQueue(tx_if) + + if ptype == "ARP": + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + ARP(hwsrc=src_mac, hwdst="00:00:00:00:00:00", + psrc=src_ip, pdst=dst_ip, op="who-has")) + elif ptype == "ICMP": + if valid_ipv4(src_ip) and valid_ipv4(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + IP(src=src_ip, dst=dst_ip) / + ICMP(type="echo-request")) + elif valid_ipv6(src_ip) and valid_ipv6(dst_ip): + pkt_raw = (Ether(src=src_mac, dst=dst_mac) / + IPv6(src=src_ip, dst=dst_ip) / + ICMPv6EchoRequest()) + else: + raise ValueError("IP not in correct format") + else: + raise RuntimeError("Unexpected payload type.") + + txq.send(pkt_raw) + ether = rxq.recv(2) + + # Receive copy of sent packet. + if ether is None: + raise RuntimeError("Rx timeout") + pkt = auto_pad(pkt_raw) + if str(ether) != str(pkt): + raise RuntimeError("Mirrored packet does not match packet sent.") + + # Receive copy of reply to sent packet. + ether = rxq.recv(2) + if ether is None: + raise RuntimeError("Rx timeout") + if ether.src != dst_mac or ether.dst != src_mac: + raise RuntimeError("MAC mismatch in mirrored response.") + if ptype == "ARP": + if ether['ARP'].op != 2: + raise RuntimeError("Mirrored packet is not an ARP reply.") + if ether['ARP'].hwsrc != dst_mac or ether['ARP'].hwdst != src_mac: + raise RuntimeError("ARP MAC does not match l2 MAC " + "in mirrored response.") + if ether['ARP'].psrc != dst_ip or ether['ARP'].pdst != src_ip: + raise RuntimeError("ARP IP address mismatch in mirrored response.") + elif ptype == "ICMP" and ether.haslayer(IP): + if ether['IP'].src != dst_ip or ether['IP'].dst != src_ip: + raise RuntimeError("IP address mismatch in mirrored reply.") + if ether['ICMP'].type != 0: + raise RuntimeError("Mirrored packet is not an ICMP reply.") + elif ptype == "ICMP" and ether.haslayer(IPv6): + if ether['IPv6'].src != dst_ip or ether['IPv6'].dst != src_ip: + raise RuntimeError("IP address mismatch in mirrored reply.") + if not ether.haslayer(ICMPv6EchoReply): + raise RuntimeError("Mirrored packet is not an ICMP reply.") + + sys.exit(0) + + +if __name__ == "__main__": + main() diff --git a/tests/func/ipfix/ipfix_ipv4.robot b/tests/func/telemetry/ipfix_ipv4.robot similarity index 99% rename from tests/func/ipfix/ipfix_ipv4.robot rename to tests/func/telemetry/ipfix_ipv4.robot index 200bd34bcc..ccd5d70b22 100644 --- a/tests/func/ipfix/ipfix_ipv4.robot +++ b/tests/func/telemetry/ipfix_ipv4.robot @@ -16,9 +16,9 @@ | Resource | resources/libraries/robot/interfaces.robot | Resource | resources/libraries/robot/testing_path.robot | Resource | resources/libraries/robot/ipv4.robot -| Resource | resources/libraries/robot/ipfix.robot +| Resource | resources/libraries/robot/telemetry/ipfix.robot | Library | resources.libraries.python.Classify.Classify -| Library | resources.libraries.python.IPFIXSetup +| Library | resources.libraries.python.telemetry.IPFIXSetup | Library | resources.libraries.python.Trace | Force Tags | HW_ENV | VM_ENV | 3_NODE_SINGLE_LINK_TOPO | EXPECTED_FAILING diff --git a/tests/func/ipfix/ipfix_ipv6.robot b/tests/func/telemetry/ipfix_ipv6.robot similarity index 99% rename from tests/func/ipfix/ipfix_ipv6.robot rename to tests/func/telemetry/ipfix_ipv6.robot index 7f86a16712..4f1dd5f408 100644 --- a/tests/func/ipfix/ipfix_ipv6.robot +++ b/tests/func/telemetry/ipfix_ipv6.robot @@ -16,9 +16,9 @@ | Resource | resources/libraries/robot/interfaces.robot | Resource | resources/libraries/robot/testing_path.robot | Resource | resources/libraries/robot/ipv4.robot -| Resource | resources/libraries/robot/ipfix.robot +| Resource | resources/libraries/robot/telemetry/ipfix.robot | Library | resources.libraries.python.Classify.Classify -| Library | resources.libraries.python.IPFIXSetup +| Library | resources.libraries.python.telemetry.IPFIXSetup | Library | resources.libraries.python.IPv6Setup | Library | resources.libraries.python.Trace diff --git a/tests/func/telemetry/span.robot b/tests/func/telemetry/span.robot new file mode 100644 index 0000000000..e482b287d4 --- /dev/null +++ b/tests/func/telemetry/span.robot @@ -0,0 +1,67 @@ +# Copyright (c) 2016 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +*** Settings *** +| Resource | resources/libraries/robot/default.robot +| Resource | resources/libraries/robot/testing_path.robot +| Resource | resources/libraries/robot/telemetry/span.robot +| Library | resources.libraries.python.Trace +| Library | resources.libraries.python.IPv4Util +| Library | resources.libraries.python.IPv4Setup +| Library | resources.libraries.python.telemetry.SPAN +| Force Tags | HW_ENV | VM_ENV | 3_NODE_DOUBLE_LINK_TOPO | EXPECTED_FAILING +# TODO: Remove EXPECTED_FAILING tag once functionality is implemented (VPP-185) +| Test Setup | Run Keywords | Setup all DUTs before test +| ... | AND | Setup all TGs before traffic script +| Test Teardown | Run Keyword If Test Failed | Run Keywords +| ... | Show packet trace on all DUTs | ${nodes} | AND +| ... | Show vpp trace dump on all DUTs +| Documentation | *SPAN test suite* +| ... | *[Top] Network Topologies:* TG=DUT1 2-node topology with two +| ... | links between nodes. +| ... | *[Cfg] DUT configuration:* DUT1 is configured with SPAN mirroring from +| ... | the first DUT1-TG interface to the second one. +| ... | *[Ver] TG verification:* Test ARP or ICMP packets are sent by TG +| ... | on first link to DUT1; On receipt through second link TG verifies +| ... | the copy of packet sent and the copy of DUT's reply packet. +| ... | *[Ref] Applicable standard specifications: None?* + +*** Variables *** +| ${tg_to_dut_if1_ip4}= | 192.168.1.1 +| ${dut_to_tg_if1_ip4}= | 192.168.1.2 +| ${tg_to_dut_if1_ip6}= | 11::1 +| ${dut_to_tg_if1_ip6}= | 10::1 +| ${prefix}= | 24 + +*** Test Cases *** +| TC01: DUT mirrors IPv4 packets from one interface to another +| | [Documentation] +| | ... | [Top] TG=DUT1 +| | ... | [Cfg] On DUT1 configure IPv4 address, add ARP entry for one TG \ +| | ... | interface and set SPAN mirroring from one DUT interface to the other. +| | ... | [Ver] Make TG send an ICMP packet to DUT through one interface,\ +| | ... | then receive a copy of sent packet and of DUT's ICMP reply\ +| | ... | on the other interface. +| | Given Path For 2-node Testing Is Set | ${nodes['TG']} | ${nodes['DUT1']} +| | ... | ${nodes['TG']} +| | And Interfaces In 2-node Path Are Up +| | And Set interface Address | ${dut_node} | ${dut_to_tg_if1} +| | ... | ${dut_to_tg_if1_ip4} | ${prefix} +| | And Add ARP on DUT | ${dut_node} | ${dut_to_tg_if1} | ${tg_to_dut_if1_ip4} +| | ... | ${tg_to_dut_if1_mac} +| | And Set SPAN Mirroring | ${dut_node} | ${dut_to_tg_if1} | ${dut_to_tg_if2} +| | Then Send Packet And Check Received Copies | ${tg_node} +| | ... | ${tg_to_dut_if1} | ${tg_to_dut_if1_mac} +| | ... | ${dut_to_tg__if1_mac} | ${tg_to_dut_if2} +| | ... | ${tg_to_dut_if1_ip4} | ${dut_to_tg_if1_ip4} | ICMP +