]> git.proxmox.com Git - mirror_frr.git/blob - tests/topotests/ospfv3_basic_functionality/test_ospfv3_authentication.py
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
doc: Add `show ipv6 rpf X:X::X:X` command to docs
[mirror_frr.git] / tests / topotests / ospfv3_basic_functionality / test_ospfv3_authentication.py
1 #!/usr/bin/python
2
3 #
4 # Copyright (c) 2021 by VMware, Inc. ("VMware")
5 # Used Copyright (c) 2018 by Network Device Education Foundation, Inc.
6 # ("NetDEF") in this file.
7 #
8 # Permission to use, copy, modify, and/or distribute this software
9 # for any purpose with or without fee is hereby granted, provided
10 # that the above copyright notice and this permission notice appear
11 # in all copies.
12 #
13 # THE SOFTWARE IS PROVIDED "AS IS" AND VMWARE DISCLAIMS ALL WARRANTIES
14 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL VMWARE BE LIABLE FOR
16 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
17 # DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
18 # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
19 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
20 # OF THIS SOFTWARE.
21 #
22
23
24 """OSPF Basic Functionality Automation."""
25 import os
26 import sys
27 import time
28 import pytest
29 from time import sleep
30 from copy import deepcopy
31 import json
32 from lib.topotest import frr_unicode
33
34 pytestmark = pytest.mark.ospf6d
35
36 # Save the Current Working Directory to find configuration files.
37 CWD = os.path.dirname(os.path.realpath(__file__))
38 sys.path.append(os.path.join(CWD, "../"))
39 sys.path.append(os.path.join(CWD, "../lib/"))
40
41 # pylint: disable=C0413
42 # Import topogen and topotest helpers
43 from lib.topogen import Topogen, get_topogen
44
45 # Import topoJson from lib, to create topology and initial configuration
46 from lib.common_config import (
47 start_topology,
48 write_test_header,
49 write_test_footer,
50 reset_config_on_routers,
51 step,
52 shutdown_bringup_interface,
53 )
54 from lib.topolog import logger
55 from lib.topojson import build_topo_from_json, build_config_from_json
56 from lib.ospf import verify_ospf6_neighbor, config_ospf6_interface, clear_ospf
57 from ipaddress import IPv4Address
58
59 # Global variables
60 topo = None
61 # Reading the data from JSON File for topology creation
62 jsonFile = "{}/ospfv3_authentication.json".format(CWD)
63 try:
64 with open(jsonFile, "r") as topoJson:
65 topo = json.load(topoJson)
66 except IOError:
67 assert False, "Could not read file {}".format(jsonFile)
68 """
69 TOPOOLOGY =
70 Please view in a fixed-width font such as Courier.
71 +---+ A1 +---+
72 +R1 +------------+R2 |
73 +-+-+- +--++
74 | -- -- |
75 | -- A0 -- |
76 A0| ---- |
77 | ---- | A2
78 | -- -- |
79 | -- -- |
80 +-+-+- +-+-+
81 +R0 +-------------+R3 |
82 +---+ A3 +---+
83
84 TESTCASES =
85 1. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
86 using MD5 manual key configuration.
87 2. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
88 using HMAC-SHA-256 manual key configuration.
89 3. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
90 using MD5 keychain configuration.
91 4. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
92 using HMAC-SHA-256 keychain configuration.
93
94 """
95
96
97 def setup_module(mod):
98 """
99 Sets up the pytest environment
100 * `mod`: module name
101 """
102 testsuite_run_time = time.asctime(time.localtime(time.time()))
103 logger.info("Testsuite start time: {}".format(testsuite_run_time))
104 logger.info("=" * 40)
105
106 logger.info("Running setup_module to create topology")
107
108 # This function initiates the topology build with Topogen...
109 json_file = "{}/ospfv3_single_area.json".format(CWD)
110 tgen = Topogen(json_file, mod.__name__)
111 global topo
112 topo = tgen.json_topo
113 # ... and here it calls Mininet initialization functions.
114
115 # Starting topology, create tmp files which are loaded to routers
116 # to start daemons and then start routers
117 start_topology(tgen)
118
119 # Creating configuration from JSON
120 build_config_from_json(tgen, topo)
121
122 # Don't run this test if we have any failure.
123 if tgen.routers_have_failure():
124 pytest.skip(tgen.errors)
125
126 ospf6_covergence = verify_ospf6_neighbor(tgen, topo)
127 assert ospf6_covergence is True, "setup_module :Failed \n Error:" " {}".format(
128 ospf6_covergence
129 )
130
131 logger.info("Running setup_module() done")
132
133
134 def teardown_module(mod):
135 """
136 Teardown the pytest environment.
137 * `mod`: module name
138 """
139
140 logger.info("Running teardown_module to delete topology")
141
142 tgen = get_topogen()
143
144 # Stop toplogy and Remove tmp files
145 tgen.stop_topology()
146
147 logger.info(
148 "Testsuite end time: {}".format(time.asctime(time.localtime(time.time())))
149 )
150 logger.info("=" * 40)
151
152
153 # ##################################
154 # Test cases start here.
155 # ##################################
156
157
158 def test_ospf6_auth_trailer_tc1_md5(request):
159 """
160 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
161 using MD5 manual key configuration.
162
163 """
164 tc_name = request.node.name
165 write_test_header(tc_name)
166 tgen = get_topogen()
167 global topo
168 step("Bring up the base config.")
169 reset_config_on_routers(tgen)
170 step(
171 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
172 "connected to R2 with auth trailer"
173 )
174
175 r1_ospf6_auth = {
176 "r1": {
177 "links": {
178 "r2": {
179 "ospf6": {
180 "hash-algo": "md5",
181 "key": "ospf6",
182 "key-id": "10",
183 }
184 }
185 }
186 }
187 }
188 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
189 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
190
191 step("Verify that the neighbour is not FULL between R1 and R2.")
192 # wait for dead time expiry.
193 sleep(6)
194 dut = "r1"
195 ospf6_covergence = verify_ospf6_neighbor(
196 tgen, topo, dut=dut, expected=False, retry_timeout=3
197 )
198 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
199 tc_name, ospf6_covergence
200 )
201
202 step(
203 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
204 "connected to R1 with auth trailer"
205 )
206
207 r2_ospf6_auth = {
208 "r2": {
209 "links": {
210 "r1": {
211 "ospf6": {
212 "hash-algo": "md5",
213 "key": "ospf6",
214 "key-id": "10",
215 }
216 }
217 }
218 }
219 }
220 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
221 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
222
223 step(
224 "Verify that the neighbour is FULL between R1 and R2 "
225 "using show ipv6 ospf6 neighbor cmd."
226 )
227
228 dut = "r2"
229 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
230 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
231 tc_name, ospf6_covergence
232 )
233
234 step("Disable authentication on R2 ")
235
236 r2_ospf6_auth = {
237 "r2": {
238 "links": {
239 "r1": {
240 "ospf6": {
241 "hash-algo": "md5",
242 "key": "ospf6",
243 "key-id": "10",
244 "del_action": True,
245 }
246 }
247 }
248 }
249 }
250 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
251 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
252
253 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
254 # wait till the dead timer expiry
255 sleep(6)
256 dut = "r2"
257 ospf6_covergence = verify_ospf6_neighbor(
258 tgen, topo, dut=dut, expected=False, retry_timeout=5
259 )
260 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
261 tc_name, ospf6_covergence
262 )
263
264 step("Again On R2 enable ospf6 on interface with message-digest auth")
265 r2_ospf6_auth = {
266 "r2": {
267 "links": {
268 "r1": {
269 "ospf6": {
270 "hash-algo": "md5",
271 "key": "ospf6",
272 "key-id": "10",
273 }
274 }
275 }
276 }
277 }
278 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
279 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
280
281 step(
282 "Verify that the neighbour is FULL between R1 and R2 using"
283 " show ip ospf6 neighbor cmd."
284 )
285
286 dut = "r2"
287 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
288 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
289 tc_name, ospf6_covergence
290 )
291
292 step("Shut no shut interface on R1")
293 dut = "r1"
294 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
295 shutdown_bringup_interface(tgen, dut, intf, False)
296
297 dut = "r2"
298 step(
299 "Verify that the neighbour is not FULL between R1 and R2 using "
300 "show ip ospf6 neighbor cmd."
301 )
302 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
303 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
304 tc_name, ospf6_covergence
305 )
306
307 dut = "r1"
308 shutdown_bringup_interface(tgen, dut, intf, True)
309
310 step(
311 "Verify that the neighbour is FULL between R1 and R2 using "
312 "show ip ospf6 neighbor cmd."
313 )
314
315 dut = "r2"
316 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
317 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
318 tc_name, ospf6_covergence
319 )
320
321 write_test_footer(tc_name)
322
323
324 def test_ospf6_auth_trailer_tc2_sha256(request):
325 """
326 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
327 using HMAC-SHA-256 manual key configuration.
328
329 """
330 tc_name = request.node.name
331 write_test_header(tc_name)
332 tgen = get_topogen()
333 global topo
334 step("Bring up the base config.")
335 reset_config_on_routers(tgen)
336 step(
337 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
338 "connected to R2 with auth trailer"
339 )
340
341 r1_ospf6_auth = {
342 "r1": {
343 "links": {
344 "r2": {
345 "ospf6": {
346 "hash-algo": "hmac-sha-256",
347 "key": "ospf6",
348 "key-id": "10",
349 }
350 }
351 }
352 }
353 }
354 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
355 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
356
357 step("Verify that the neighbour is not FULL between R1 and R2.")
358 # wait for dead time expiry.
359 sleep(6)
360 dut = "r1"
361 ospf6_covergence = verify_ospf6_neighbor(
362 tgen, topo, dut=dut, expected=False, retry_timeout=3
363 )
364 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
365 tc_name, ospf6_covergence
366 )
367
368 step(
369 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
370 "connected to R1 with auth trailer"
371 )
372
373 r2_ospf6_auth = {
374 "r2": {
375 "links": {
376 "r1": {
377 "ospf6": {
378 "hash-algo": "hmac-sha-256",
379 "key": "ospf6",
380 "key-id": "10",
381 }
382 }
383 }
384 }
385 }
386 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
387 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
388
389 step(
390 "Verify that the neighbour is FULL between R1 and R2 "
391 "using show ipv6 ospf6 neighbor cmd."
392 )
393
394 dut = "r2"
395 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
396 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
397 tc_name, ospf6_covergence
398 )
399
400 step("Disable authentication on R2 ")
401
402 r2_ospf6_auth = {
403 "r2": {
404 "links": {
405 "r1": {
406 "ospf6": {
407 "hash-algo": "hmac-sha-256",
408 "key": "ospf6",
409 "key-id": "10",
410 "del_action": True,
411 }
412 }
413 }
414 }
415 }
416 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
417 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
418
419 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
420 # wait till the dead timer expiry
421 sleep(6)
422 dut = "r2"
423 ospf6_covergence = verify_ospf6_neighbor(
424 tgen, topo, dut=dut, expected=False, retry_timeout=5
425 )
426 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
427 tc_name, ospf6_covergence
428 )
429
430 step("Again On R2 enable ospf6 on interface with message-digest auth")
431 r2_ospf6_auth = {
432 "r2": {
433 "links": {
434 "r1": {
435 "ospf6": {
436 "hash-algo": "hmac-sha-256",
437 "key": "ospf6",
438 "key-id": "10",
439 }
440 }
441 }
442 }
443 }
444 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
445 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
446
447 step(
448 "Verify that the neighbour is FULL between R1 and R2 using"
449 " show ip ospf6 neighbor cmd."
450 )
451
452 dut = "r2"
453 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
454 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
455 tc_name, ospf6_covergence
456 )
457
458 step("Shut no shut interface on R1")
459 dut = "r1"
460 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
461 shutdown_bringup_interface(tgen, dut, intf, False)
462
463 dut = "r2"
464 step(
465 "Verify that the neighbour is not FULL between R1 and R2 using "
466 "show ip ospf6 neighbor cmd."
467 )
468 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
469 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
470 tc_name, ospf6_covergence
471 )
472
473 dut = "r1"
474 shutdown_bringup_interface(tgen, dut, intf, True)
475
476 step(
477 "Verify that the neighbour is FULL between R1 and R2 using "
478 "show ip ospf6 neighbor cmd."
479 )
480
481 dut = "r2"
482 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
483 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
484 tc_name, ospf6_covergence
485 )
486
487 write_test_footer(tc_name)
488
489
490 def test_ospf6_auth_trailer_tc3_keychain_md5(request):
491 """
492 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
493 using MD5 keychain configuration.
494
495 """
496 tc_name = request.node.name
497 write_test_header(tc_name)
498 tgen = get_topogen()
499 global topo
500 step("Bring up the base config.")
501 reset_config_on_routers(tgen)
502 step(
503 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
504 "connected to R2 with auth trailer"
505 )
506
507 router1 = tgen.gears["r1"]
508 router2 = tgen.gears["r2"]
509
510 router1.vtysh_cmd(
511 """configure terminal
512 key chain auth
513 key 10
514 key-string ospf6
515 cryptographic-algorithm md5"""
516 )
517
518 router2.vtysh_cmd(
519 """configure terminal
520 key chain auth
521 key 10
522 key-string ospf6
523 cryptographic-algorithm md5"""
524 )
525
526 r1_ospf6_auth = {
527 "r1": {
528 "links": {
529 "r2": {
530 "ospf6": {
531 "keychain": "auth",
532 }
533 }
534 }
535 }
536 }
537 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
538 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
539
540 step("Verify that the neighbour is not FULL between R1 and R2.")
541 # wait for dead time expiry.
542 sleep(6)
543 dut = "r1"
544 ospf6_covergence = verify_ospf6_neighbor(
545 tgen, topo, dut=dut, expected=False, retry_timeout=3
546 )
547 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
548 tc_name, ospf6_covergence
549 )
550
551 step(
552 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
553 "connected to R1 with auth trailer"
554 )
555
556 r2_ospf6_auth = {
557 "r2": {
558 "links": {
559 "r1": {
560 "ospf6": {
561 "keychain": "auth",
562 }
563 }
564 }
565 }
566 }
567 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
568 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
569
570 step(
571 "Verify that the neighbour is FULL between R1 and R2 "
572 "using show ipv6 ospf6 neighbor cmd."
573 )
574
575 dut = "r2"
576 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
577 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
578 tc_name, ospf6_covergence
579 )
580
581 step("Disable authentication on R2 ")
582
583 r2_ospf6_auth = {
584 "r2": {"links": {"r1": {"ospf6": {"keychain": "auth", "del_action": True}}}}
585 }
586 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
587 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
588
589 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
590 # wait till the dead timer expiry
591 sleep(6)
592 dut = "r2"
593 ospf6_covergence = verify_ospf6_neighbor(
594 tgen, topo, dut=dut, expected=False, retry_timeout=5
595 )
596 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
597 tc_name, ospf6_covergence
598 )
599
600 step("Again On R2 enable ospf6 on interface with message-digest auth")
601 r2_ospf6_auth = {
602 "r2": {
603 "links": {
604 "r1": {
605 "ospf6": {
606 "keychain": "auth",
607 }
608 }
609 }
610 }
611 }
612 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
613 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
614
615 step(
616 "Verify that the neighbour is FULL between R1 and R2 using"
617 " show ip ospf6 neighbor cmd."
618 )
619
620 dut = "r2"
621 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
622 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
623 tc_name, ospf6_covergence
624 )
625
626 step("Shut no shut interface on R1")
627 dut = "r1"
628 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
629 shutdown_bringup_interface(tgen, dut, intf, False)
630
631 dut = "r2"
632 step(
633 "Verify that the neighbour is not FULL between R1 and R2 using "
634 "show ip ospf6 neighbor cmd."
635 )
636 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
637 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
638 tc_name, ospf6_covergence
639 )
640
641 dut = "r1"
642 shutdown_bringup_interface(tgen, dut, intf, True)
643
644 step(
645 "Verify that the neighbour is FULL between R1 and R2 using "
646 "show ip ospf6 neighbor cmd."
647 )
648
649 dut = "r2"
650 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
651 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
652 tc_name, ospf6_covergence
653 )
654
655 write_test_footer(tc_name)
656
657
658 def test_ospf6_auth_trailer_tc4_keychain_sha256(request):
659 """
660 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
661 using HMAC-SHA-256 keychain configuration.
662
663 """
664 tc_name = request.node.name
665 write_test_header(tc_name)
666 tgen = get_topogen()
667 global topo
668 step("Bring up the base config.")
669 reset_config_on_routers(tgen)
670 step(
671 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
672 "connected to R2 with auth trailer"
673 )
674
675 router1 = tgen.gears["r1"]
676 router2 = tgen.gears["r2"]
677
678 router1.vtysh_cmd(
679 """configure terminal
680 key chain auth
681 key 10
682 key-string ospf6
683 cryptographic-algorithm hmac-sha-256"""
684 )
685
686 router2.vtysh_cmd(
687 """configure terminal
688 key chain auth
689 key 10
690 key-string ospf6
691 cryptographic-algorithm hmac-sha-256"""
692 )
693
694 r1_ospf6_auth = {
695 "r1": {
696 "links": {
697 "r2": {
698 "ospf6": {
699 "keychain": "auth",
700 }
701 }
702 }
703 }
704 }
705 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
706 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
707
708 step("Verify that the neighbour is not FULL between R1 and R2.")
709 # wait for dead time expiry.
710 sleep(6)
711 dut = "r1"
712 ospf6_covergence = verify_ospf6_neighbor(
713 tgen, topo, dut=dut, expected=False, retry_timeout=3
714 )
715 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
716 tc_name, ospf6_covergence
717 )
718
719 step(
720 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
721 "connected to R1 with auth trailer"
722 )
723
724 r2_ospf6_auth = {
725 "r2": {
726 "links": {
727 "r1": {
728 "ospf6": {
729 "keychain": "auth",
730 }
731 }
732 }
733 }
734 }
735 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
736 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
737
738 step(
739 "Verify that the neighbour is FULL between R1 and R2 "
740 "using show ipv6 ospf6 neighbor cmd."
741 )
742
743 dut = "r2"
744 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
745 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
746 tc_name, ospf6_covergence
747 )
748
749 step("Disable authentication on R2 ")
750
751 r2_ospf6_auth = {
752 "r2": {"links": {"r1": {"ospf6": {"keychain": "auth", "del_action": True}}}}
753 }
754 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
755 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
756
757 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
758 # wait till the dead timer expiry
759 sleep(6)
760 dut = "r2"
761 ospf6_covergence = verify_ospf6_neighbor(
762 tgen, topo, dut=dut, expected=False, retry_timeout=5
763 )
764 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
765 tc_name, ospf6_covergence
766 )
767
768 step("Again On R2 enable ospf6 on interface with message-digest auth")
769 r2_ospf6_auth = {
770 "r2": {
771 "links": {
772 "r1": {
773 "ospf6": {
774 "keychain": "auth",
775 }
776 }
777 }
778 }
779 }
780 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
781 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
782
783 step(
784 "Verify that the neighbour is FULL between R1 and R2 using"
785 " show ip ospf6 neighbor cmd."
786 )
787
788 dut = "r2"
789 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
790 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
791 tc_name, ospf6_covergence
792 )
793
794 step("Shut no shut interface on R1")
795 dut = "r1"
796 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
797 shutdown_bringup_interface(tgen, dut, intf, False)
798
799 dut = "r2"
800 step(
801 "Verify that the neighbour is not FULL between R1 and R2 using "
802 "show ip ospf6 neighbor cmd."
803 )
804 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
805 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
806 tc_name, ospf6_covergence
807 )
808
809 dut = "r1"
810 shutdown_bringup_interface(tgen, dut, intf, True)
811
812 step(
813 "Verify that the neighbour is FULL between R1 and R2 using "
814 "show ip ospf6 neighbor cmd."
815 )
816
817 dut = "r2"
818 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
819 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
820 tc_name, ospf6_covergence
821 )
822
823 write_test_footer(tc_name)
824
825
826 def test_ospf6_auth_trailer_tc5_md5_keymissmatch(request):
827 """
828 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
829 using MD5 manual key configuration.
830
831 """
832 tc_name = request.node.name
833 write_test_header(tc_name)
834 tgen = get_topogen()
835 global topo
836 step("Bring up the base config.")
837 reset_config_on_routers(tgen)
838 step(
839 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
840 "connected to R2 with auth trailer"
841 )
842
843 r1_ospf6_auth = {
844 "r1": {
845 "links": {
846 "r2": {
847 "ospf6": {
848 "hash-algo": "md5",
849 "key": "ospf6",
850 "key-id": "10",
851 }
852 }
853 }
854 }
855 }
856 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
857 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
858
859 step("Verify that the neighbour is not FULL between R1 and R2.")
860 # wait for dead time expiry.
861 sleep(6)
862 dut = "r1"
863 ospf6_covergence = verify_ospf6_neighbor(
864 tgen, topo, dut=dut, expected=False, retry_timeout=3
865 )
866 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
867 tc_name, ospf6_covergence
868 )
869
870 step(
871 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
872 "connected to R1 with auth trailer wrong key"
873 )
874
875 r2_ospf6_auth = {
876 "r2": {
877 "links": {
878 "r1": {
879 "ospf6": {
880 "hash-algo": "md5",
881 "key": "ospf6-missmatch",
882 "key-id": "10",
883 }
884 }
885 }
886 }
887 }
888 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
889 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
890
891 step(
892 "Verify that the neighbour is not FULL between R1 and R2 "
893 "using show ipv6 ospf6 neighbor cmd."
894 )
895
896 step("Verify that the neighbour is FULL between R1 and R2.")
897 # wait for dead time expiry.
898 sleep(6)
899 dut = "r2"
900 ospf6_covergence = verify_ospf6_neighbor(
901 tgen, topo, dut=dut, expected=False, retry_timeout=3
902 )
903 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
904 tc_name, ospf6_covergence
905 )
906
907 step(
908 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
909 "connected to R1 with auth trailer correct key"
910 )
911
912 r2_ospf6_auth = {
913 "r2": {
914 "links": {
915 "r1": {
916 "ospf6": {
917 "hash-algo": "md5",
918 "key": "ospf6",
919 "key-id": "10",
920 }
921 }
922 }
923 }
924 }
925 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
926 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
927
928 step(
929 "Verify that the neighbour is FULL between R1 and R2 "
930 "using show ipv6 ospf6 neighbor cmd."
931 )
932
933 dut = "r2"
934 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
935 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
936 tc_name, ospf6_covergence
937 )
938
939 write_test_footer(tc_name)
940
941
942 def test_ospf6_auth_trailer_tc6_sha256_mismatch(request):
943 """
944 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
945 using HMAC-SHA-256 manual key configuration.
946
947 """
948 tc_name = request.node.name
949 write_test_header(tc_name)
950 tgen = get_topogen()
951 global topo
952 step("Bring up the base config.")
953 reset_config_on_routers(tgen)
954 step(
955 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
956 "connected to R2 with auth trailer"
957 )
958
959 r1_ospf6_auth = {
960 "r1": {
961 "links": {
962 "r2": {
963 "ospf6": {
964 "hash-algo": "hmac-sha-256",
965 "key": "ospf6",
966 "key-id": "10",
967 }
968 }
969 }
970 }
971 }
972 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
973 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
974
975 step("Verify that the neighbour is not FULL between R1 and R2.")
976 # wait for dead time expiry.
977 sleep(6)
978 dut = "r1"
979 ospf6_covergence = verify_ospf6_neighbor(
980 tgen, topo, dut=dut, expected=False, retry_timeout=3
981 )
982 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
983 tc_name, ospf6_covergence
984 )
985
986 step(
987 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
988 "connected to R1 with auth trailer wrong key"
989 )
990
991 r2_ospf6_auth = {
992 "r2": {
993 "links": {
994 "r1": {
995 "ospf6": {
996 "hash-algo": "hmac-sha-256",
997 "key": "ospf6-missmatch",
998 "key-id": "10",
999 }
1000 }
1001 }
1002 }
1003 }
1004 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1005 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1006
1007 step("Verify that the neighbour is not FULL between R1 and R2.")
1008 # wait for dead time expiry.
1009 sleep(6)
1010 dut = "r2"
1011 ospf6_covergence = verify_ospf6_neighbor(
1012 tgen, topo, dut=dut, expected=False, retry_timeout=3
1013 )
1014 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1015 tc_name, ospf6_covergence
1016 )
1017
1018 step(
1019 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
1020 "connected to R1 with auth trailer wrong key"
1021 )
1022
1023 r2_ospf6_auth = {
1024 "r2": {
1025 "links": {
1026 "r1": {
1027 "ospf6": {
1028 "hash-algo": "hmac-sha-256",
1029 "key": "ospf6",
1030 "key-id": "10",
1031 }
1032 }
1033 }
1034 }
1035 }
1036 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1037 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1038
1039 step(
1040 "Verify that the neighbour is FULL between R1 and R2 "
1041 "using show ipv6 ospf6 neighbor cmd."
1042 )
1043
1044 dut = "r2"
1045 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1046 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1047 tc_name, ospf6_covergence
1048 )
1049
1050 write_test_footer(tc_name)
1051
1052
1053 def test_ospf6_auth_trailer_tc7_keychain_md5_missmatch(request):
1054 """
1055 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1056 using MD5 keychain configuration.
1057
1058 """
1059 tc_name = request.node.name
1060 write_test_header(tc_name)
1061 tgen = get_topogen()
1062 global topo
1063 step("Bring up the base config.")
1064 reset_config_on_routers(tgen)
1065 step(
1066 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1067 "connected to R2 with auth trailer"
1068 )
1069
1070 router1 = tgen.gears["r1"]
1071 router2 = tgen.gears["r2"]
1072
1073 router1.vtysh_cmd(
1074 """configure terminal
1075 key chain auth
1076 key 10
1077 key-string ospf6
1078 cryptographic-algorithm md5"""
1079 )
1080
1081 router2.vtysh_cmd(
1082 """configure terminal
1083 key chain auth
1084 key 10
1085 key-string ospf6
1086 cryptographic-algorithm md5"""
1087 )
1088
1089 router2.vtysh_cmd(
1090 """configure terminal
1091 key chain auth-missmatch
1092 key 10
1093 key-string ospf6-missmatch
1094 cryptographic-algorithm md5"""
1095 )
1096
1097 r1_ospf6_auth = {
1098 "r1": {
1099 "links": {
1100 "r2": {
1101 "ospf6": {
1102 "keychain": "auth",
1103 }
1104 }
1105 }
1106 }
1107 }
1108 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1109 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1110
1111 step("Verify that the neighbour is not FULL between R1 and R2.")
1112 # wait for dead time expiry.
1113 sleep(6)
1114 dut = "r1"
1115 ospf6_covergence = verify_ospf6_neighbor(
1116 tgen, topo, dut=dut, expected=False, retry_timeout=3
1117 )
1118 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1119 tc_name, ospf6_covergence
1120 )
1121
1122 step(
1123 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1124 "connected to R1 with auth trailer with wrong keychain"
1125 )
1126
1127 r2_ospf6_auth = {
1128 "r2": {
1129 "links": {
1130 "r1": {
1131 "ospf6": {
1132 "keychain": "auth-missmatch",
1133 }
1134 }
1135 }
1136 }
1137 }
1138 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1139 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1140
1141 step("Verify that the neighbour is not FULL between R1 and R2.")
1142 # wait for dead time expiry.
1143 sleep(6)
1144 dut = "r2"
1145 ospf6_covergence = verify_ospf6_neighbor(
1146 tgen, topo, dut=dut, expected=False, retry_timeout=3
1147 )
1148 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1149 tc_name, ospf6_covergence
1150 )
1151
1152 step(
1153 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1154 "connected to R1 with auth trailer with correct keychain"
1155 )
1156
1157 r2_ospf6_auth = {
1158 "r2": {
1159 "links": {
1160 "r1": {
1161 "ospf6": {
1162 "keychain": "auth",
1163 }
1164 }
1165 }
1166 }
1167 }
1168 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1169 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1170
1171 step(
1172 "Verify that the neighbour is FULL between R1 and R2 "
1173 "using show ipv6 ospf6 neighbor cmd."
1174 )
1175
1176 dut = "r2"
1177 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1178 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1179 tc_name, ospf6_covergence
1180 )
1181
1182 write_test_footer(tc_name)
1183
1184
1185 def test_ospf6_auth_trailer_tc8_keychain_sha256_missmatch(request):
1186 """
1187 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1188 using HMAC-SHA-256 keychain configuration.
1189
1190 """
1191 tc_name = request.node.name
1192 write_test_header(tc_name)
1193 tgen = get_topogen()
1194 global topo
1195 step("Bring up the base config.")
1196 reset_config_on_routers(tgen)
1197 step(
1198 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1199 "connected to R2 with auth trailer"
1200 )
1201
1202 router1 = tgen.gears["r1"]
1203 router2 = tgen.gears["r2"]
1204
1205 router1.vtysh_cmd(
1206 """configure terminal
1207 key chain auth
1208 key 10
1209 key-string ospf6
1210 cryptographic-algorithm hmac-sha-256"""
1211 )
1212
1213 router2.vtysh_cmd(
1214 """configure terminal
1215 key chain auth
1216 key 10
1217 key-string ospf6
1218 cryptographic-algorithm hmac-sha-256"""
1219 )
1220
1221 router2.vtysh_cmd(
1222 """configure terminal
1223 key chain auth-missmatch
1224 key 10
1225 key-string ospf6-missmatch
1226 cryptographic-algorithm hmac-sha-256"""
1227 )
1228
1229 r1_ospf6_auth = {
1230 "r1": {
1231 "links": {
1232 "r2": {
1233 "ospf6": {
1234 "keychain": "auth",
1235 }
1236 }
1237 }
1238 }
1239 }
1240 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1241 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1242
1243 step("Verify that the neighbour is not FULL between R1 and R2.")
1244 # wait for dead time expiry.
1245 sleep(6)
1246 dut = "r1"
1247 ospf6_covergence = verify_ospf6_neighbor(
1248 tgen, topo, dut=dut, expected=False, retry_timeout=3
1249 )
1250 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1251 tc_name, ospf6_covergence
1252 )
1253
1254 step(
1255 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1256 "connected to R1 with auth trailer wrong keychain"
1257 )
1258
1259 r2_ospf6_auth = {
1260 "r2": {
1261 "links": {
1262 "r1": {
1263 "ospf6": {
1264 "keychain": "auth-missmatch",
1265 }
1266 }
1267 }
1268 }
1269 }
1270 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1271 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1272
1273 step("Verify that the neighbour is not FULL between R1 and R2.")
1274 # wait for dead time expiry.
1275 sleep(6)
1276 dut = "r2"
1277 ospf6_covergence = verify_ospf6_neighbor(
1278 tgen, topo, dut=dut, expected=False, retry_timeout=3
1279 )
1280 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1281 tc_name, ospf6_covergence
1282 )
1283
1284 step(
1285 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1286 "connected to R1 with auth trailer correct keychain"
1287 )
1288
1289 r2_ospf6_auth = {
1290 "r2": {
1291 "links": {
1292 "r1": {
1293 "ospf6": {
1294 "keychain": "auth",
1295 }
1296 }
1297 }
1298 }
1299 }
1300 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1301 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1302
1303 step(
1304 "Verify that the neighbour is FULL between R1 and R2 "
1305 "using show ipv6 ospf6 neighbor cmd."
1306 )
1307
1308 dut = "r2"
1309 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1310 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1311 tc_name, ospf6_covergence
1312 )
1313
1314 write_test_footer(tc_name)
1315
1316
1317 def test_ospf6_auth_trailer_tc9_keychain_not_configured(request):
1318 """
1319 OSPFv3 Neighborship without Authentication Trailer -
1320 Verify ospfv3 neighborship when no authentication trailer is configured.
1321
1322 """
1323 tc_name = request.node.name
1324 write_test_header(tc_name)
1325 tgen = get_topogen()
1326 global topo
1327 step("Bring up the base config.")
1328 reset_config_on_routers(tgen)
1329 step(
1330 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1331 "connected to R2 with auth trailer"
1332 )
1333
1334 router1 = tgen.gears["r1"]
1335 router2 = tgen.gears["r2"]
1336
1337 r1_ospf6_auth = {
1338 "r1": {
1339 "links": {
1340 "r2": {
1341 "ospf6": {
1342 "keychain": "auth",
1343 }
1344 }
1345 }
1346 }
1347 }
1348 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1349 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1350
1351 step("Verify that the neighbour is not FULL between R1 and R2.")
1352 # wait for dead time expiry.
1353 sleep(6)
1354 dut = "r1"
1355 ospf6_covergence = verify_ospf6_neighbor(
1356 tgen, topo, dut=dut, expected=False, retry_timeout=3
1357 )
1358 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1359 tc_name, ospf6_covergence
1360 )
1361
1362 step(
1363 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1364 "connected to R1 with auth trailer non existing keychain"
1365 )
1366
1367 r2_ospf6_auth = {
1368 "r2": {
1369 "links": {
1370 "r1": {
1371 "ospf6": {
1372 "keychain": "auth",
1373 }
1374 }
1375 }
1376 }
1377 }
1378 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1379 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1380
1381 step("Verify that the neighbour is not FULL between R1 and R2.")
1382 # wait for dead time expiry.
1383 sleep(6)
1384 dut = "r2"
1385 ospf6_covergence = verify_ospf6_neighbor(
1386 tgen, topo, dut=dut, expected=False, retry_timeout=3
1387 )
1388 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1389 tc_name, ospf6_covergence
1390 )
1391
1392 write_test_footer(tc_name)
1393
1394
1395 def test_ospf6_auth_trailer_tc10_no_auth_trailer(request):
1396 """
1397 OSPFv3 Neighborship without Authentication Trailer -
1398 Verify ospfv3 neighborship when no authentication trailer is configured.
1399
1400 """
1401 tc_name = request.node.name
1402 write_test_header(tc_name)
1403 tgen = get_topogen()
1404 global topo
1405 step("Bring up the base config.")
1406 reset_config_on_routers(tgen)
1407
1408 router1 = tgen.gears["r1"]
1409 router2 = tgen.gears["r2"]
1410
1411 step(
1412 "Verify that the neighbour is FULL between R1 and R2 "
1413 "using show ipv6 ospf6 neighbor cmd."
1414 )
1415
1416 dut = "r2"
1417 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1418 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1419 tc_name, ospf6_covergence
1420 )
1421
1422 write_test_footer(tc_name)
1423
1424
1425 if __name__ == "__main__":
1426 args = ["-s"] + sys.argv[1:]
1427 sys.exit(pytest.main(args))
FRRouting mirror