]> git.proxmox.com Git - mirror_frr.git/blob - tests/topotests/ospfv3_basic_functionality/test_ospfv3_authentication.py
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #13060 from opensourcerouting/feature/allow_peering_with_127.0.0.1
[mirror_frr.git] / tests / topotests / ospfv3_basic_functionality / test_ospfv3_authentication.py
1 #!/usr/bin/python
2 # SPDX-License-Identifier: ISC
3
4 #
5 # Copyright (c) 2021 by VMware, Inc. ("VMware")
6 # Used Copyright (c) 2018 by Network Device Education Foundation, Inc.
7 # ("NetDEF") in this file.
8 #
9
10
11 """OSPF Basic Functionality Automation."""
12 import os
13 import sys
14 import time
15 import pytest
16 from time import sleep
17 from copy import deepcopy
18 import json
19 from lib.topotest import frr_unicode
20
21 pytestmark = pytest.mark.ospf6d
22
23 # Save the Current Working Directory to find configuration files.
24 CWD = os.path.dirname(os.path.realpath(__file__))
25 sys.path.append(os.path.join(CWD, "../"))
26 sys.path.append(os.path.join(CWD, "../lib/"))
27
28 # pylint: disable=C0413
29 # Import topogen and topotest helpers
30 from lib.topogen import Topogen, get_topogen
31
32 # Import topoJson from lib, to create topology and initial configuration
33 from lib.common_config import (
34 start_topology,
35 write_test_header,
36 write_test_footer,
37 reset_config_on_routers,
38 step,
39 shutdown_bringup_interface,
40 )
41 from lib.topolog import logger
42 from lib.topojson import build_topo_from_json, build_config_from_json
43 from lib.ospf import verify_ospf6_neighbor, config_ospf6_interface, clear_ospf
44 from ipaddress import IPv4Address
45
46 # Global variables
47 topo = None
48 # Reading the data from JSON File for topology creation
49 jsonFile = "{}/ospfv3_authentication.json".format(CWD)
50 try:
51 with open(jsonFile, "r") as topoJson:
52 topo = json.load(topoJson)
53 except IOError:
54 assert False, "Could not read file {}".format(jsonFile)
55 """
56 TOPOOLOGY =
57 Please view in a fixed-width font such as Courier.
58 +---+ A1 +---+
59 +R1 +------------+R2 |
60 +-+-+- +--++
61 | -- -- |
62 | -- A0 -- |
63 A0| ---- |
64 | ---- | A2
65 | -- -- |
66 | -- -- |
67 +-+-+- +-+-+
68 +R0 +-------------+R3 |
69 +---+ A3 +---+
70
71 TESTCASES =
72 1. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
73 using MD5 manual key configuration.
74 2. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
75 using HMAC-SHA-256 manual key configuration.
76 3. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
77 using MD5 keychain configuration.
78 4. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
79 using HMAC-SHA-256 keychain configuration.
80
81 """
82
83
84 def setup_module(mod):
85 """
86 Sets up the pytest environment
87 * `mod`: module name
88 """
89 testsuite_run_time = time.asctime(time.localtime(time.time()))
90 logger.info("Testsuite start time: {}".format(testsuite_run_time))
91 logger.info("=" * 40)
92
93 logger.info("Running setup_module to create topology")
94
95 # This function initiates the topology build with Topogen...
96 json_file = "{}/ospfv3_single_area.json".format(CWD)
97 tgen = Topogen(json_file, mod.__name__)
98 global topo
99 topo = tgen.json_topo
100 # ... and here it calls Mininet initialization functions.
101
102 # Starting topology, create tmp files which are loaded to routers
103 # to start daemons and then start routers
104 start_topology(tgen)
105
106 # Creating configuration from JSON
107 build_config_from_json(tgen, topo)
108
109 # Don't run this test if we have any failure.
110 if tgen.routers_have_failure():
111 pytest.skip(tgen.errors)
112
113 ospf6_covergence = verify_ospf6_neighbor(tgen, topo)
114 assert ospf6_covergence is True, "setup_module :Failed \n Error: {}".format(
115 ospf6_covergence
116 )
117
118 logger.info("Running setup_module() done")
119
120
121 def teardown_module(mod):
122 """
123 Teardown the pytest environment.
124 * `mod`: module name
125 """
126
127 logger.info("Running teardown_module to delete topology")
128
129 tgen = get_topogen()
130
131 # Stop toplogy and Remove tmp files
132 tgen.stop_topology()
133
134 logger.info(
135 "Testsuite end time: {}".format(time.asctime(time.localtime(time.time())))
136 )
137 logger.info("=" * 40)
138
139
140 # ##################################
141 # Test cases start here.
142 # ##################################
143
144
145 def test_ospf6_auth_trailer_tc1_md5(request):
146 """
147 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
148 using MD5 manual key configuration.
149
150 """
151 tc_name = request.node.name
152 write_test_header(tc_name)
153 tgen = get_topogen()
154 global topo
155 step("Bring up the base config.")
156 reset_config_on_routers(tgen)
157 step(
158 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
159 "connected to R2 with auth trailer"
160 )
161
162 r1_ospf6_auth = {
163 "r1": {
164 "links": {
165 "r2": {
166 "ospf6": {
167 "hash-algo": "md5",
168 "key": "ospf6",
169 "key-id": "10",
170 }
171 }
172 }
173 }
174 }
175 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
176 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
177
178 step("Verify that the neighbour is not FULL between R1 and R2.")
179 # wait for dead time expiry.
180 sleep(6)
181 dut = "r1"
182 ospf6_covergence = verify_ospf6_neighbor(
183 tgen, topo, dut=dut, expected=False, retry_timeout=3
184 )
185 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
186 tc_name, ospf6_covergence
187 )
188
189 step(
190 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
191 "connected to R1 with auth trailer"
192 )
193
194 r2_ospf6_auth = {
195 "r2": {
196 "links": {
197 "r1": {
198 "ospf6": {
199 "hash-algo": "md5",
200 "key": "ospf6",
201 "key-id": "10",
202 }
203 }
204 }
205 }
206 }
207 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
208 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
209
210 step(
211 "Verify that the neighbour is FULL between R1 and R2 "
212 "using show ipv6 ospf6 neighbor cmd."
213 )
214
215 dut = "r2"
216 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
217 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
218 tc_name, ospf6_covergence
219 )
220
221 step("Disable authentication on R2 ")
222
223 r2_ospf6_auth = {
224 "r2": {
225 "links": {
226 "r1": {
227 "ospf6": {
228 "hash-algo": "md5",
229 "key": "ospf6",
230 "key-id": "10",
231 "del_action": True,
232 }
233 }
234 }
235 }
236 }
237 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
238 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
239
240 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
241 # wait till the dead timer expiry
242 sleep(6)
243 dut = "r2"
244 ospf6_covergence = verify_ospf6_neighbor(
245 tgen, topo, dut=dut, expected=False, retry_timeout=5
246 )
247 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
248 tc_name, ospf6_covergence
249 )
250
251 step("Again On R2 enable ospf6 on interface with message-digest auth")
252 r2_ospf6_auth = {
253 "r2": {
254 "links": {
255 "r1": {
256 "ospf6": {
257 "hash-algo": "md5",
258 "key": "ospf6",
259 "key-id": "10",
260 }
261 }
262 }
263 }
264 }
265 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
266 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
267
268 step(
269 "Verify that the neighbour is FULL between R1 and R2 using"
270 " show ip ospf6 neighbor cmd."
271 )
272
273 dut = "r2"
274 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
275 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
276 tc_name, ospf6_covergence
277 )
278
279 step("Shut no shut interface on R1")
280 dut = "r1"
281 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
282 shutdown_bringup_interface(tgen, dut, intf, False)
283
284 dut = "r2"
285 step(
286 "Verify that the neighbour is not FULL between R1 and R2 using "
287 "show ip ospf6 neighbor cmd."
288 )
289 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
290 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
291 tc_name, ospf6_covergence
292 )
293
294 dut = "r1"
295 shutdown_bringup_interface(tgen, dut, intf, True)
296
297 step(
298 "Verify that the neighbour is FULL between R1 and R2 using "
299 "show ip ospf6 neighbor cmd."
300 )
301
302 dut = "r2"
303 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
304 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
305 tc_name, ospf6_covergence
306 )
307
308 write_test_footer(tc_name)
309
310
311 def test_ospf6_auth_trailer_tc2_sha256(request):
312 """
313 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
314 using HMAC-SHA-256 manual key configuration.
315
316 """
317 tc_name = request.node.name
318 write_test_header(tc_name)
319 tgen = get_topogen()
320 global topo
321 step("Bring up the base config.")
322 reset_config_on_routers(tgen)
323 step(
324 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
325 "connected to R2 with auth trailer"
326 )
327
328 r1_ospf6_auth = {
329 "r1": {
330 "links": {
331 "r2": {
332 "ospf6": {
333 "hash-algo": "hmac-sha-256",
334 "key": "ospf6",
335 "key-id": "10",
336 }
337 }
338 }
339 }
340 }
341 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
342 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
343
344 step("Verify that the neighbour is not FULL between R1 and R2.")
345 # wait for dead time expiry.
346 sleep(6)
347 dut = "r1"
348 ospf6_covergence = verify_ospf6_neighbor(
349 tgen, topo, dut=dut, expected=False, retry_timeout=3
350 )
351 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
352 tc_name, ospf6_covergence
353 )
354
355 step(
356 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
357 "connected to R1 with auth trailer"
358 )
359
360 r2_ospf6_auth = {
361 "r2": {
362 "links": {
363 "r1": {
364 "ospf6": {
365 "hash-algo": "hmac-sha-256",
366 "key": "ospf6",
367 "key-id": "10",
368 }
369 }
370 }
371 }
372 }
373 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
374 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
375
376 step(
377 "Verify that the neighbour is FULL between R1 and R2 "
378 "using show ipv6 ospf6 neighbor cmd."
379 )
380
381 dut = "r2"
382 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
383 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
384 tc_name, ospf6_covergence
385 )
386
387 step("Disable authentication on R2 ")
388
389 r2_ospf6_auth = {
390 "r2": {
391 "links": {
392 "r1": {
393 "ospf6": {
394 "hash-algo": "hmac-sha-256",
395 "key": "ospf6",
396 "key-id": "10",
397 "del_action": True,
398 }
399 }
400 }
401 }
402 }
403 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
404 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
405
406 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
407 # wait till the dead timer expiry
408 sleep(6)
409 dut = "r2"
410 ospf6_covergence = verify_ospf6_neighbor(
411 tgen, topo, dut=dut, expected=False, retry_timeout=5
412 )
413 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
414 tc_name, ospf6_covergence
415 )
416
417 step("Again On R2 enable ospf6 on interface with message-digest auth")
418 r2_ospf6_auth = {
419 "r2": {
420 "links": {
421 "r1": {
422 "ospf6": {
423 "hash-algo": "hmac-sha-256",
424 "key": "ospf6",
425 "key-id": "10",
426 }
427 }
428 }
429 }
430 }
431 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
432 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
433
434 step(
435 "Verify that the neighbour is FULL between R1 and R2 using"
436 " show ip ospf6 neighbor cmd."
437 )
438
439 dut = "r2"
440 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
441 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
442 tc_name, ospf6_covergence
443 )
444
445 step("Shut no shut interface on R1")
446 dut = "r1"
447 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
448 shutdown_bringup_interface(tgen, dut, intf, False)
449
450 dut = "r2"
451 step(
452 "Verify that the neighbour is not FULL between R1 and R2 using "
453 "show ip ospf6 neighbor cmd."
454 )
455 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
456 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
457 tc_name, ospf6_covergence
458 )
459
460 dut = "r1"
461 shutdown_bringup_interface(tgen, dut, intf, True)
462
463 step(
464 "Verify that the neighbour is FULL between R1 and R2 using "
465 "show ip ospf6 neighbor cmd."
466 )
467
468 dut = "r2"
469 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
470 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
471 tc_name, ospf6_covergence
472 )
473
474 write_test_footer(tc_name)
475
476
477 def test_ospf6_auth_trailer_tc3_keychain_md5(request):
478 """
479 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
480 using MD5 keychain configuration.
481
482 """
483 tc_name = request.node.name
484 write_test_header(tc_name)
485 tgen = get_topogen()
486 global topo
487 step("Bring up the base config.")
488 reset_config_on_routers(tgen)
489 step(
490 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
491 "connected to R2 with auth trailer"
492 )
493
494 router1 = tgen.gears["r1"]
495 router2 = tgen.gears["r2"]
496
497 router1.vtysh_cmd(
498 """configure terminal
499 key chain auth
500 key 10
501 key-string ospf6
502 cryptographic-algorithm md5"""
503 )
504
505 router2.vtysh_cmd(
506 """configure terminal
507 key chain auth
508 key 10
509 key-string ospf6
510 cryptographic-algorithm md5"""
511 )
512
513 r1_ospf6_auth = {
514 "r1": {
515 "links": {
516 "r2": {
517 "ospf6": {
518 "keychain": "auth",
519 }
520 }
521 }
522 }
523 }
524 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
525 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
526
527 step("Verify that the neighbour is not FULL between R1 and R2.")
528 # wait for dead time expiry.
529 sleep(6)
530 dut = "r1"
531 ospf6_covergence = verify_ospf6_neighbor(
532 tgen, topo, dut=dut, expected=False, retry_timeout=3
533 )
534 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
535 tc_name, ospf6_covergence
536 )
537
538 step(
539 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
540 "connected to R1 with auth trailer"
541 )
542
543 r2_ospf6_auth = {
544 "r2": {
545 "links": {
546 "r1": {
547 "ospf6": {
548 "keychain": "auth",
549 }
550 }
551 }
552 }
553 }
554 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
555 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
556
557 step(
558 "Verify that the neighbour is FULL between R1 and R2 "
559 "using show ipv6 ospf6 neighbor cmd."
560 )
561
562 dut = "r2"
563 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
564 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
565 tc_name, ospf6_covergence
566 )
567
568 step("Disable authentication on R2 ")
569
570 r2_ospf6_auth = {
571 "r2": {"links": {"r1": {"ospf6": {"keychain": "auth", "del_action": True}}}}
572 }
573 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
574 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
575
576 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
577 # wait till the dead timer expiry
578 sleep(6)
579 dut = "r2"
580 ospf6_covergence = verify_ospf6_neighbor(
581 tgen, topo, dut=dut, expected=False, retry_timeout=5
582 )
583 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
584 tc_name, ospf6_covergence
585 )
586
587 step("Again On R2 enable ospf6 on interface with message-digest auth")
588 r2_ospf6_auth = {
589 "r2": {
590 "links": {
591 "r1": {
592 "ospf6": {
593 "keychain": "auth",
594 }
595 }
596 }
597 }
598 }
599 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
600 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
601
602 step(
603 "Verify that the neighbour is FULL between R1 and R2 using"
604 " show ip ospf6 neighbor cmd."
605 )
606
607 dut = "r2"
608 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
609 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
610 tc_name, ospf6_covergence
611 )
612
613 step("Shut no shut interface on R1")
614 dut = "r1"
615 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
616 shutdown_bringup_interface(tgen, dut, intf, False)
617
618 dut = "r2"
619 step(
620 "Verify that the neighbour is not FULL between R1 and R2 using "
621 "show ip ospf6 neighbor cmd."
622 )
623 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
624 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
625 tc_name, ospf6_covergence
626 )
627
628 dut = "r1"
629 shutdown_bringup_interface(tgen, dut, intf, True)
630
631 step(
632 "Verify that the neighbour is FULL between R1 and R2 using "
633 "show ip ospf6 neighbor cmd."
634 )
635
636 dut = "r2"
637 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
638 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
639 tc_name, ospf6_covergence
640 )
641
642 write_test_footer(tc_name)
643
644
645 def test_ospf6_auth_trailer_tc4_keychain_sha256(request):
646 """
647 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
648 using HMAC-SHA-256 keychain configuration.
649
650 """
651 tc_name = request.node.name
652 write_test_header(tc_name)
653 tgen = get_topogen()
654 global topo
655 step("Bring up the base config.")
656 reset_config_on_routers(tgen)
657 step(
658 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
659 "connected to R2 with auth trailer"
660 )
661
662 router1 = tgen.gears["r1"]
663 router2 = tgen.gears["r2"]
664
665 router1.vtysh_cmd(
666 """configure terminal
667 key chain auth
668 key 10
669 key-string ospf6
670 cryptographic-algorithm hmac-sha-256"""
671 )
672
673 router2.vtysh_cmd(
674 """configure terminal
675 key chain auth
676 key 10
677 key-string ospf6
678 cryptographic-algorithm hmac-sha-256"""
679 )
680
681 r1_ospf6_auth = {
682 "r1": {
683 "links": {
684 "r2": {
685 "ospf6": {
686 "keychain": "auth",
687 }
688 }
689 }
690 }
691 }
692 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
693 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
694
695 step("Verify that the neighbour is not FULL between R1 and R2.")
696 # wait for dead time expiry.
697 sleep(6)
698 dut = "r1"
699 ospf6_covergence = verify_ospf6_neighbor(
700 tgen, topo, dut=dut, expected=False, retry_timeout=3
701 )
702 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
703 tc_name, ospf6_covergence
704 )
705
706 step(
707 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
708 "connected to R1 with auth trailer"
709 )
710
711 r2_ospf6_auth = {
712 "r2": {
713 "links": {
714 "r1": {
715 "ospf6": {
716 "keychain": "auth",
717 }
718 }
719 }
720 }
721 }
722 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
723 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
724
725 step(
726 "Verify that the neighbour is FULL between R1 and R2 "
727 "using show ipv6 ospf6 neighbor cmd."
728 )
729
730 dut = "r2"
731 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
732 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
733 tc_name, ospf6_covergence
734 )
735
736 step("Disable authentication on R2 ")
737
738 r2_ospf6_auth = {
739 "r2": {"links": {"r1": {"ospf6": {"keychain": "auth", "del_action": True}}}}
740 }
741 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
742 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
743
744 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
745 # wait till the dead timer expiry
746 sleep(6)
747 dut = "r2"
748 ospf6_covergence = verify_ospf6_neighbor(
749 tgen, topo, dut=dut, expected=False, retry_timeout=5
750 )
751 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
752 tc_name, ospf6_covergence
753 )
754
755 step("Again On R2 enable ospf6 on interface with message-digest auth")
756 r2_ospf6_auth = {
757 "r2": {
758 "links": {
759 "r1": {
760 "ospf6": {
761 "keychain": "auth",
762 }
763 }
764 }
765 }
766 }
767 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
768 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
769
770 step(
771 "Verify that the neighbour is FULL between R1 and R2 using"
772 " show ip ospf6 neighbor cmd."
773 )
774
775 dut = "r2"
776 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
777 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
778 tc_name, ospf6_covergence
779 )
780
781 step("Shut no shut interface on R1")
782 dut = "r1"
783 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
784 shutdown_bringup_interface(tgen, dut, intf, False)
785
786 dut = "r2"
787 step(
788 "Verify that the neighbour is not FULL between R1 and R2 using "
789 "show ip ospf6 neighbor cmd."
790 )
791 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
792 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
793 tc_name, ospf6_covergence
794 )
795
796 dut = "r1"
797 shutdown_bringup_interface(tgen, dut, intf, True)
798
799 step(
800 "Verify that the neighbour is FULL between R1 and R2 using "
801 "show ip ospf6 neighbor cmd."
802 )
803
804 dut = "r2"
805 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
806 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
807 tc_name, ospf6_covergence
808 )
809
810 write_test_footer(tc_name)
811
812
813 def test_ospf6_auth_trailer_tc5_md5_keymissmatch(request):
814 """
815 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
816 using MD5 manual key configuration.
817
818 """
819 tc_name = request.node.name
820 write_test_header(tc_name)
821 tgen = get_topogen()
822 global topo
823 step("Bring up the base config.")
824 reset_config_on_routers(tgen)
825 step(
826 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
827 "connected to R2 with auth trailer"
828 )
829
830 r1_ospf6_auth = {
831 "r1": {
832 "links": {
833 "r2": {
834 "ospf6": {
835 "hash-algo": "md5",
836 "key": "ospf6",
837 "key-id": "10",
838 }
839 }
840 }
841 }
842 }
843 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
844 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
845
846 step("Verify that the neighbour is not FULL between R1 and R2.")
847 # wait for dead time expiry.
848 sleep(6)
849 dut = "r1"
850 ospf6_covergence = verify_ospf6_neighbor(
851 tgen, topo, dut=dut, expected=False, retry_timeout=3
852 )
853 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
854 tc_name, ospf6_covergence
855 )
856
857 step(
858 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
859 "connected to R1 with auth trailer wrong key"
860 )
861
862 r2_ospf6_auth = {
863 "r2": {
864 "links": {
865 "r1": {
866 "ospf6": {
867 "hash-algo": "md5",
868 "key": "ospf6-missmatch",
869 "key-id": "10",
870 }
871 }
872 }
873 }
874 }
875 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
876 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
877
878 step(
879 "Verify that the neighbour is not FULL between R1 and R2 "
880 "using show ipv6 ospf6 neighbor cmd."
881 )
882
883 step("Verify that the neighbour is FULL between R1 and R2.")
884 # wait for dead time expiry.
885 sleep(6)
886 dut = "r2"
887 ospf6_covergence = verify_ospf6_neighbor(
888 tgen, topo, dut=dut, expected=False, retry_timeout=3
889 )
890 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
891 tc_name, ospf6_covergence
892 )
893
894 step(
895 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
896 "connected to R1 with auth trailer correct key"
897 )
898
899 r2_ospf6_auth = {
900 "r2": {
901 "links": {
902 "r1": {
903 "ospf6": {
904 "hash-algo": "md5",
905 "key": "ospf6",
906 "key-id": "10",
907 }
908 }
909 }
910 }
911 }
912 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
913 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
914
915 step(
916 "Verify that the neighbour is FULL between R1 and R2 "
917 "using show ipv6 ospf6 neighbor cmd."
918 )
919
920 dut = "r2"
921 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
922 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
923 tc_name, ospf6_covergence
924 )
925
926 write_test_footer(tc_name)
927
928
929 def test_ospf6_auth_trailer_tc6_sha256_mismatch(request):
930 """
931 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
932 using HMAC-SHA-256 manual key configuration.
933
934 """
935 tc_name = request.node.name
936 write_test_header(tc_name)
937 tgen = get_topogen()
938 global topo
939 step("Bring up the base config.")
940 reset_config_on_routers(tgen)
941 step(
942 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
943 "connected to R2 with auth trailer"
944 )
945
946 r1_ospf6_auth = {
947 "r1": {
948 "links": {
949 "r2": {
950 "ospf6": {
951 "hash-algo": "hmac-sha-256",
952 "key": "ospf6",
953 "key-id": "10",
954 }
955 }
956 }
957 }
958 }
959 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
960 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
961
962 step("Verify that the neighbour is not FULL between R1 and R2.")
963 # wait for dead time expiry.
964 sleep(6)
965 dut = "r1"
966 ospf6_covergence = verify_ospf6_neighbor(
967 tgen, topo, dut=dut, expected=False, retry_timeout=3
968 )
969 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
970 tc_name, ospf6_covergence
971 )
972
973 step(
974 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
975 "connected to R1 with auth trailer wrong key"
976 )
977
978 r2_ospf6_auth = {
979 "r2": {
980 "links": {
981 "r1": {
982 "ospf6": {
983 "hash-algo": "hmac-sha-256",
984 "key": "ospf6-missmatch",
985 "key-id": "10",
986 }
987 }
988 }
989 }
990 }
991 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
992 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
993
994 step("Verify that the neighbour is not FULL between R1 and R2.")
995 # wait for dead time expiry.
996 sleep(6)
997 dut = "r2"
998 ospf6_covergence = verify_ospf6_neighbor(
999 tgen, topo, dut=dut, expected=False, retry_timeout=3
1000 )
1001 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1002 tc_name, ospf6_covergence
1003 )
1004
1005 step(
1006 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
1007 "connected to R1 with auth trailer wrong key"
1008 )
1009
1010 r2_ospf6_auth = {
1011 "r2": {
1012 "links": {
1013 "r1": {
1014 "ospf6": {
1015 "hash-algo": "hmac-sha-256",
1016 "key": "ospf6",
1017 "key-id": "10",
1018 }
1019 }
1020 }
1021 }
1022 }
1023 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1024 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1025
1026 step(
1027 "Verify that the neighbour is FULL between R1 and R2 "
1028 "using show ipv6 ospf6 neighbor cmd."
1029 )
1030
1031 dut = "r2"
1032 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1033 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
1034 tc_name, ospf6_covergence
1035 )
1036
1037 write_test_footer(tc_name)
1038
1039
1040 def test_ospf6_auth_trailer_tc7_keychain_md5_missmatch(request):
1041 """
1042 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1043 using MD5 keychain configuration.
1044
1045 """
1046 tc_name = request.node.name
1047 write_test_header(tc_name)
1048 tgen = get_topogen()
1049 global topo
1050 step("Bring up the base config.")
1051 reset_config_on_routers(tgen)
1052 step(
1053 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1054 "connected to R2 with auth trailer"
1055 )
1056
1057 router1 = tgen.gears["r1"]
1058 router2 = tgen.gears["r2"]
1059
1060 router1.vtysh_cmd(
1061 """configure terminal
1062 key chain auth
1063 key 10
1064 key-string ospf6
1065 cryptographic-algorithm md5"""
1066 )
1067
1068 router2.vtysh_cmd(
1069 """configure terminal
1070 key chain auth
1071 key 10
1072 key-string ospf6
1073 cryptographic-algorithm md5"""
1074 )
1075
1076 router2.vtysh_cmd(
1077 """configure terminal
1078 key chain auth-missmatch
1079 key 10
1080 key-string ospf6-missmatch
1081 cryptographic-algorithm md5"""
1082 )
1083
1084 r1_ospf6_auth = {
1085 "r1": {
1086 "links": {
1087 "r2": {
1088 "ospf6": {
1089 "keychain": "auth",
1090 }
1091 }
1092 }
1093 }
1094 }
1095 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1096 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1097
1098 step("Verify that the neighbour is not FULL between R1 and R2.")
1099 # wait for dead time expiry.
1100 sleep(6)
1101 dut = "r1"
1102 ospf6_covergence = verify_ospf6_neighbor(
1103 tgen, topo, dut=dut, expected=False, retry_timeout=3
1104 )
1105 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1106 tc_name, ospf6_covergence
1107 )
1108
1109 step(
1110 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1111 "connected to R1 with auth trailer with wrong keychain"
1112 )
1113
1114 r2_ospf6_auth = {
1115 "r2": {
1116 "links": {
1117 "r1": {
1118 "ospf6": {
1119 "keychain": "auth-missmatch",
1120 }
1121 }
1122 }
1123 }
1124 }
1125 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1126 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1127
1128 step("Verify that the neighbour is not FULL between R1 and R2.")
1129 # wait for dead time expiry.
1130 sleep(6)
1131 dut = "r2"
1132 ospf6_covergence = verify_ospf6_neighbor(
1133 tgen, topo, dut=dut, expected=False, retry_timeout=3
1134 )
1135 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1136 tc_name, ospf6_covergence
1137 )
1138
1139 step(
1140 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1141 "connected to R1 with auth trailer with correct keychain"
1142 )
1143
1144 r2_ospf6_auth = {
1145 "r2": {
1146 "links": {
1147 "r1": {
1148 "ospf6": {
1149 "keychain": "auth",
1150 }
1151 }
1152 }
1153 }
1154 }
1155 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1156 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1157
1158 step(
1159 "Verify that the neighbour is FULL between R1 and R2 "
1160 "using show ipv6 ospf6 neighbor cmd."
1161 )
1162
1163 dut = "r2"
1164 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1165 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
1166 tc_name, ospf6_covergence
1167 )
1168
1169 write_test_footer(tc_name)
1170
1171
1172 def test_ospf6_auth_trailer_tc8_keychain_sha256_missmatch(request):
1173 """
1174 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1175 using HMAC-SHA-256 keychain configuration.
1176
1177 """
1178 tc_name = request.node.name
1179 write_test_header(tc_name)
1180 tgen = get_topogen()
1181 global topo
1182 step("Bring up the base config.")
1183 reset_config_on_routers(tgen)
1184 step(
1185 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1186 "connected to R2 with auth trailer"
1187 )
1188
1189 router1 = tgen.gears["r1"]
1190 router2 = tgen.gears["r2"]
1191
1192 router1.vtysh_cmd(
1193 """configure terminal
1194 key chain auth
1195 key 10
1196 key-string ospf6
1197 cryptographic-algorithm hmac-sha-256"""
1198 )
1199
1200 router2.vtysh_cmd(
1201 """configure terminal
1202 key chain auth
1203 key 10
1204 key-string ospf6
1205 cryptographic-algorithm hmac-sha-256"""
1206 )
1207
1208 router2.vtysh_cmd(
1209 """configure terminal
1210 key chain auth-missmatch
1211 key 10
1212 key-string ospf6-missmatch
1213 cryptographic-algorithm hmac-sha-256"""
1214 )
1215
1216 r1_ospf6_auth = {
1217 "r1": {
1218 "links": {
1219 "r2": {
1220 "ospf6": {
1221 "keychain": "auth",
1222 }
1223 }
1224 }
1225 }
1226 }
1227 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1228 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1229
1230 step("Verify that the neighbour is not FULL between R1 and R2.")
1231 # wait for dead time expiry.
1232 sleep(6)
1233 dut = "r1"
1234 ospf6_covergence = verify_ospf6_neighbor(
1235 tgen, topo, dut=dut, expected=False, retry_timeout=3
1236 )
1237 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1238 tc_name, ospf6_covergence
1239 )
1240
1241 step(
1242 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1243 "connected to R1 with auth trailer wrong keychain"
1244 )
1245
1246 r2_ospf6_auth = {
1247 "r2": {
1248 "links": {
1249 "r1": {
1250 "ospf6": {
1251 "keychain": "auth-missmatch",
1252 }
1253 }
1254 }
1255 }
1256 }
1257 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1258 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1259
1260 step("Verify that the neighbour is not FULL between R1 and R2.")
1261 # wait for dead time expiry.
1262 sleep(6)
1263 dut = "r2"
1264 ospf6_covergence = verify_ospf6_neighbor(
1265 tgen, topo, dut=dut, expected=False, retry_timeout=3
1266 )
1267 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1268 tc_name, ospf6_covergence
1269 )
1270
1271 step(
1272 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1273 "connected to R1 with auth trailer correct keychain"
1274 )
1275
1276 r2_ospf6_auth = {
1277 "r2": {
1278 "links": {
1279 "r1": {
1280 "ospf6": {
1281 "keychain": "auth",
1282 }
1283 }
1284 }
1285 }
1286 }
1287 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1288 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1289
1290 step(
1291 "Verify that the neighbour is FULL between R1 and R2 "
1292 "using show ipv6 ospf6 neighbor cmd."
1293 )
1294
1295 dut = "r2"
1296 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1297 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
1298 tc_name, ospf6_covergence
1299 )
1300
1301 write_test_footer(tc_name)
1302
1303
1304 def test_ospf6_auth_trailer_tc9_keychain_not_configured(request):
1305 """
1306 OSPFv3 Neighborship without Authentication Trailer -
1307 Verify ospfv3 neighborship when no authentication trailer is configured.
1308
1309 """
1310 tc_name = request.node.name
1311 write_test_header(tc_name)
1312 tgen = get_topogen()
1313 global topo
1314 step("Bring up the base config.")
1315 reset_config_on_routers(tgen)
1316 step(
1317 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1318 "connected to R2 with auth trailer"
1319 )
1320
1321 router1 = tgen.gears["r1"]
1322 router2 = tgen.gears["r2"]
1323
1324 r1_ospf6_auth = {
1325 "r1": {
1326 "links": {
1327 "r2": {
1328 "ospf6": {
1329 "keychain": "auth",
1330 }
1331 }
1332 }
1333 }
1334 }
1335 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1336 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1337
1338 step("Verify that the neighbour is not FULL between R1 and R2.")
1339 # wait for dead time expiry.
1340 sleep(6)
1341 dut = "r1"
1342 ospf6_covergence = verify_ospf6_neighbor(
1343 tgen, topo, dut=dut, expected=False, retry_timeout=3
1344 )
1345 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1346 tc_name, ospf6_covergence
1347 )
1348
1349 step(
1350 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1351 "connected to R1 with auth trailer non existing keychain"
1352 )
1353
1354 r2_ospf6_auth = {
1355 "r2": {
1356 "links": {
1357 "r1": {
1358 "ospf6": {
1359 "keychain": "auth",
1360 }
1361 }
1362 }
1363 }
1364 }
1365 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1366 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1367
1368 step("Verify that the neighbour is not FULL between R1 and R2.")
1369 # wait for dead time expiry.
1370 sleep(6)
1371 dut = "r2"
1372 ospf6_covergence = verify_ospf6_neighbor(
1373 tgen, topo, dut=dut, expected=False, retry_timeout=3
1374 )
1375 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error: {}".format(
1376 tc_name, ospf6_covergence
1377 )
1378
1379 write_test_footer(tc_name)
1380
1381
1382 def test_ospf6_auth_trailer_tc10_no_auth_trailer(request):
1383 """
1384 OSPFv3 Neighborship without Authentication Trailer -
1385 Verify ospfv3 neighborship when no authentication trailer is configured.
1386
1387 """
1388 tc_name = request.node.name
1389 write_test_header(tc_name)
1390 tgen = get_topogen()
1391 global topo
1392 step("Bring up the base config.")
1393 reset_config_on_routers(tgen)
1394
1395 router1 = tgen.gears["r1"]
1396 router2 = tgen.gears["r2"]
1397
1398 step(
1399 "Verify that the neighbour is FULL between R1 and R2 "
1400 "using show ipv6 ospf6 neighbor cmd."
1401 )
1402
1403 dut = "r2"
1404 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1405 assert ospf6_covergence is True, "Testcase {} :Failed \n Error: {}".format(
1406 tc_name, ospf6_covergence
1407 )
1408
1409 write_test_footer(tc_name)
1410
1411
1412 if __name__ == "__main__":
1413 args = ["-s"] + sys.argv[1:]
1414 sys.exit(pytest.main(args))
FRRouting mirror