]> git.proxmox.com Git - mirror_frr.git/blob - tests/topotests/ospfv3_basic_functionality/test_ospfv3_authentication.py
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #9224 from SaiGomathiN/saig
[mirror_frr.git] / tests / topotests / ospfv3_basic_functionality / test_ospfv3_authentication.py
1 #!/usr/bin/python
2
3 #
4 # Copyright (c) 2021 by VMware, Inc. ("VMware")
5 # Used Copyright (c) 2018 by Network Device Education Foundation, Inc.
6 # ("NetDEF") in this file.
7 #
8 # Permission to use, copy, modify, and/or distribute this software
9 # for any purpose with or without fee is hereby granted, provided
10 # that the above copyright notice and this permission notice appear
11 # in all copies.
12 #
13 # THE SOFTWARE IS PROVIDED "AS IS" AND VMWARE DISCLAIMS ALL WARRANTIES
14 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL VMWARE BE LIABLE FOR
16 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
17 # DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
18 # WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
19 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
20 # OF THIS SOFTWARE.
21 #
22
23
24 """OSPF Basic Functionality Automation."""
25 import os
26 import sys
27 import time
28 import pytest
29 from time import sleep
30 from copy import deepcopy
31 import json
32 from lib.topotest import frr_unicode
33
34 pytestmark = pytest.mark.ospf6d
35
36 # Save the Current Working Directory to find configuration files.
37 CWD = os.path.dirname(os.path.realpath(__file__))
38 sys.path.append(os.path.join(CWD, "../"))
39 sys.path.append(os.path.join(CWD, "../lib/"))
40
41 # pylint: disable=C0413
42 # Import topogen and topotest helpers
43 from lib.topogen import Topogen, get_topogen
44
45 # Import topoJson from lib, to create topology and initial configuration
46 from lib.common_config import (
47 start_topology,
48 write_test_header,
49 write_test_footer,
50 reset_config_on_routers,
51 step,
52 shutdown_bringup_interface,
53 topo_daemons,
54 )
55 from lib.topolog import logger
56 from lib.topojson import build_topo_from_json, build_config_from_json
57 from lib.ospf import verify_ospf6_neighbor, config_ospf6_interface, clear_ospf
58 from ipaddress import IPv4Address
59
60 # Global variables
61 topo = None
62 # Reading the data from JSON File for topology creation
63 jsonFile = "{}/ospfv3_authentication.json".format(CWD)
64 try:
65 with open(jsonFile, "r") as topoJson:
66 topo = json.load(topoJson)
67 except IOError:
68 assert False, "Could not read file {}".format(jsonFile)
69 """
70 TOPOOLOGY =
71 Please view in a fixed-width font such as Courier.
72 +---+ A1 +---+
73 +R1 +------------+R2 |
74 +-+-+- +--++
75 | -- -- |
76 | -- A0 -- |
77 A0| ---- |
78 | ---- | A2
79 | -- -- |
80 | -- -- |
81 +-+-+- +-+-+
82 +R0 +-------------+R3 |
83 +---+ A3 +---+
84
85 TESTCASES =
86 1. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
87 using MD5 manual key configuration.
88 2. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
89 using HMAC-SHA-256 manual key configuration.
90 3. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
91 using MD5 keychain configuration.
92 4. OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
93 using HMAC-SHA-256 keychain configuration.
94
95 """
96
97 def setup_module(mod):
98 """
99 Sets up the pytest environment
100 * `mod`: module name
101 """
102 testsuite_run_time = time.asctime(time.localtime(time.time()))
103 logger.info("Testsuite start time: {}".format(testsuite_run_time))
104 logger.info("=" * 40)
105
106 logger.info("Running setup_module to create topology")
107
108 # This function initiates the topology build with Topogen...
109 json_file = "{}/ospfv3_single_area.json".format(CWD)
110 tgen = Topogen(json_file, mod.__name__)
111 global topo
112 topo = tgen.json_topo
113 # ... and here it calls Mininet initialization functions.
114
115 # get list of daemons needs to be started for this suite.
116 daemons = topo_daemons(tgen, topo)
117
118 # Starting topology, create tmp files which are loaded to routers
119 # to start deamons and then start routers
120 start_topology(tgen, daemons)
121
122 # Creating configuration from JSON
123 build_config_from_json(tgen, topo)
124
125 # Don't run this test if we have any failure.
126 if tgen.routers_have_failure():
127 pytest.skip(tgen.errors)
128
129 ospf6_covergence = verify_ospf6_neighbor(tgen, topo)
130 assert ospf6_covergence is True, "setup_module :Failed \n Error:" " {}".format(
131 ospf6_covergence
132 )
133
134 logger.info("Running setup_module() done")
135
136
137 def teardown_module(mod):
138 """
139 Teardown the pytest environment.
140 * `mod`: module name
141 """
142
143 logger.info("Running teardown_module to delete topology")
144
145 tgen = get_topogen()
146
147 # Stop toplogy and Remove tmp files
148 tgen.stop_topology()
149
150 logger.info(
151 "Testsuite end time: {}".format(time.asctime(time.localtime(time.time())))
152 )
153 logger.info("=" * 40)
154
155
156 # ##################################
157 # Test cases start here.
158 # ##################################
159
160 def test_ospf6_auth_trailer_tc1_md5(request):
161 """
162 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
163 using MD5 manual key configuration.
164
165 """
166 tc_name = request.node.name
167 write_test_header(tc_name)
168 tgen = get_topogen()
169 global topo
170 step("Bring up the base config.")
171 reset_config_on_routers(tgen)
172 step(
173 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
174 "connected to R2 with auth trailer"
175 )
176
177 r1_ospf6_auth = {
178 "r1": {
179 "links": {
180 "r2": {
181 "ospf6": {
182 "hash-algo": "md5",
183 "key": "ospf6",
184 "key-id": "10",
185 }
186 }
187 }
188 }
189 }
190 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
191 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
192
193 step("Verify that the neighbour is not FULL between R1 and R2.")
194 # wait for dead time expiry.
195 sleep(6)
196 dut = "r1"
197 ospf6_covergence = verify_ospf6_neighbor(
198 tgen, topo, dut=dut, expected=False, retry_timeout=3
199 )
200 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
201 tc_name, ospf6_covergence
202 )
203
204 step(
205 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
206 "connected to R1 with auth trailer"
207 )
208
209 r2_ospf6_auth = {
210 "r2": {
211 "links": {
212 "r1": {
213 "ospf6": {
214 "hash-algo": "md5",
215 "key": "ospf6",
216 "key-id": "10",
217 }
218 }
219 }
220 }
221 }
222 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
223 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
224
225 step(
226 "Verify that the neighbour is FULL between R1 and R2 "
227 "using show ipv6 ospf6 neighbor cmd."
228 )
229
230 dut = "r2"
231 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
232 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
233 tc_name, ospf6_covergence
234 )
235
236 step(
237 "Disable authentication on R2 "
238 )
239
240 r2_ospf6_auth = {
241 "r2": {
242 "links": {
243 "r1": {
244 "ospf6": {
245 "hash-algo": "md5",
246 "key": "ospf6",
247 "key-id": "10",
248 "del_action": True
249 }
250 }
251 }
252 }
253 }
254 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
255 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
256
257 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
258 # wait till the dead timer expiry
259 sleep(6)
260 dut = "r2"
261 ospf6_covergence = verify_ospf6_neighbor(
262 tgen, topo, dut=dut, expected=False, retry_timeout=5
263 )
264 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
265 tc_name, ospf6_covergence
266 )
267
268 step("Again On R2 enable ospf6 on interface with message-digest auth")
269 r2_ospf6_auth = {
270 "r2": {
271 "links": {
272 "r1": {
273 "ospf6": {
274 "hash-algo": "md5",
275 "key": "ospf6",
276 "key-id": "10",
277 }
278 }
279 }
280 }
281 }
282 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
283 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
284
285 step(
286 "Verify that the neighbour is FULL between R1 and R2 using"
287 " show ip ospf6 neighbor cmd."
288 )
289
290 dut = "r2"
291 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
292 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
293 tc_name, ospf6_covergence
294 )
295
296 step("Shut no shut interface on R1")
297 dut = "r1"
298 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
299 shutdown_bringup_interface(tgen, dut, intf, False)
300
301 dut = "r2"
302 step(
303 "Verify that the neighbour is not FULL between R1 and R2 using "
304 "show ip ospf6 neighbor cmd."
305 )
306 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
307 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
308 tc_name, ospf6_covergence
309 )
310
311 dut = "r1"
312 shutdown_bringup_interface(tgen, dut, intf, True)
313
314 step(
315 "Verify that the neighbour is FULL between R1 and R2 using "
316 "show ip ospf6 neighbor cmd."
317 )
318
319 dut = "r2"
320 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
321 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
322 tc_name, ospf6_covergence
323 )
324
325 write_test_footer(tc_name)
326
327
328 def test_ospf6_auth_trailer_tc2_sha256(request):
329 """
330 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
331 using HMAC-SHA-256 manual key configuration.
332
333 """
334 tc_name = request.node.name
335 write_test_header(tc_name)
336 tgen = get_topogen()
337 global topo
338 step("Bring up the base config.")
339 reset_config_on_routers(tgen)
340 step(
341 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
342 "connected to R2 with auth trailer"
343 )
344
345 r1_ospf6_auth = {
346 "r1": {
347 "links": {
348 "r2": {
349 "ospf6": {
350 "hash-algo": "hmac-sha-256",
351 "key": "ospf6",
352 "key-id": "10",
353 }
354 }
355 }
356 }
357 }
358 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
359 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
360
361 step("Verify that the neighbour is not FULL between R1 and R2.")
362 # wait for dead time expiry.
363 sleep(6)
364 dut = "r1"
365 ospf6_covergence = verify_ospf6_neighbor(
366 tgen, topo, dut=dut, expected=False, retry_timeout=3
367 )
368 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
369 tc_name, ospf6_covergence
370 )
371
372 step(
373 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
374 "connected to R1 with auth trailer"
375 )
376
377 r2_ospf6_auth = {
378 "r2": {
379 "links": {
380 "r1": {
381 "ospf6": {
382 "hash-algo": "hmac-sha-256",
383 "key": "ospf6",
384 "key-id": "10",
385 }
386 }
387 }
388 }
389 }
390 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
391 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
392
393 step(
394 "Verify that the neighbour is FULL between R1 and R2 "
395 "using show ipv6 ospf6 neighbor cmd."
396 )
397
398 dut = "r2"
399 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
400 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
401 tc_name, ospf6_covergence
402 )
403
404 step(
405 "Disable authentication on R2 "
406 )
407
408 r2_ospf6_auth = {
409 "r2": {
410 "links": {
411 "r1": {
412 "ospf6": {
413 "hash-algo": "hmac-sha-256",
414 "key": "ospf6",
415 "key-id": "10",
416 "del_action": True
417 }
418 }
419 }
420 }
421 }
422 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
423 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
424
425 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
426 # wait till the dead timer expiry
427 sleep(6)
428 dut = "r2"
429 ospf6_covergence = verify_ospf6_neighbor(
430 tgen, topo, dut=dut, expected=False, retry_timeout=5
431 )
432 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
433 tc_name, ospf6_covergence
434 )
435
436 step("Again On R2 enable ospf6 on interface with message-digest auth")
437 r2_ospf6_auth = {
438 "r2": {
439 "links": {
440 "r1": {
441 "ospf6": {
442 "hash-algo": "hmac-sha-256",
443 "key": "ospf6",
444 "key-id": "10",
445 }
446 }
447 }
448 }
449 }
450 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
451 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
452
453 step(
454 "Verify that the neighbour is FULL between R1 and R2 using"
455 " show ip ospf6 neighbor cmd."
456 )
457
458 dut = "r2"
459 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
460 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
461 tc_name, ospf6_covergence
462 )
463
464 step("Shut no shut interface on R1")
465 dut = "r1"
466 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
467 shutdown_bringup_interface(tgen, dut, intf, False)
468
469 dut = "r2"
470 step(
471 "Verify that the neighbour is not FULL between R1 and R2 using "
472 "show ip ospf6 neighbor cmd."
473 )
474 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
475 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
476 tc_name, ospf6_covergence
477 )
478
479 dut = "r1"
480 shutdown_bringup_interface(tgen, dut, intf, True)
481
482 step(
483 "Verify that the neighbour is FULL between R1 and R2 using "
484 "show ip ospf6 neighbor cmd."
485 )
486
487 dut = "r2"
488 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
489 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
490 tc_name, ospf6_covergence
491 )
492
493 write_test_footer(tc_name)
494
495 def test_ospf6_auth_trailer_tc3_keychain_md5(request):
496 """
497 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
498 using MD5 keychain configuration.
499
500 """
501 tc_name = request.node.name
502 write_test_header(tc_name)
503 tgen = get_topogen()
504 global topo
505 step("Bring up the base config.")
506 reset_config_on_routers(tgen)
507 step(
508 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
509 "connected to R2 with auth trailer"
510 )
511
512 router1 = tgen.gears["r1"]
513 router2 = tgen.gears["r2"]
514
515 router1.vtysh_cmd(
516 """configure terminal
517 key chain auth
518 key 10
519 key-string ospf6
520 cryptographic-algorithm md5"""
521 )
522
523 router2.vtysh_cmd(
524 """configure terminal
525 key chain auth
526 key 10
527 key-string ospf6
528 cryptographic-algorithm md5"""
529 )
530
531 r1_ospf6_auth = {
532 "r1": {
533 "links": {
534 "r2": {
535 "ospf6": {
536 "keychain": "auth",
537 }
538 }
539 }
540 }
541 }
542 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
543 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
544
545 step("Verify that the neighbour is not FULL between R1 and R2.")
546 # wait for dead time expiry.
547 sleep(6)
548 dut = "r1"
549 ospf6_covergence = verify_ospf6_neighbor(
550 tgen, topo, dut=dut, expected=False, retry_timeout=3
551 )
552 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
553 tc_name, ospf6_covergence
554 )
555
556 step(
557 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
558 "connected to R1 with auth trailer"
559 )
560
561 r2_ospf6_auth = {
562 "r2": {
563 "links": {
564 "r1": {
565 "ospf6": {
566 "keychain": "auth",
567 }
568 }
569 }
570 }
571 }
572 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
573 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
574
575 step(
576 "Verify that the neighbour is FULL between R1 and R2 "
577 "using show ipv6 ospf6 neighbor cmd."
578 )
579
580 dut = "r2"
581 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
582 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
583 tc_name, ospf6_covergence
584 )
585
586 step(
587 "Disable authentication on R2 "
588 )
589
590 r2_ospf6_auth = {
591 "r2": {
592 "links": {
593 "r1": {
594 "ospf6": {
595 "keychain": "auth",
596 "del_action": True
597 }
598 }
599 }
600 }
601 }
602 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
603 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
604
605 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
606 # wait till the dead timer expiry
607 sleep(6)
608 dut = "r2"
609 ospf6_covergence = verify_ospf6_neighbor(
610 tgen, topo, dut=dut, expected=False, retry_timeout=5
611 )
612 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
613 tc_name, ospf6_covergence
614 )
615
616 step("Again On R2 enable ospf6 on interface with message-digest auth")
617 r2_ospf6_auth = {
618 "r2": {
619 "links": {
620 "r1": {
621 "ospf6": {
622 "keychain": "auth",
623 }
624 }
625 }
626 }
627 }
628 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
629 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
630
631 step(
632 "Verify that the neighbour is FULL between R1 and R2 using"
633 " show ip ospf6 neighbor cmd."
634 )
635
636 dut = "r2"
637 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
638 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
639 tc_name, ospf6_covergence
640 )
641
642 step("Shut no shut interface on R1")
643 dut = "r1"
644 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
645 shutdown_bringup_interface(tgen, dut, intf, False)
646
647 dut = "r2"
648 step(
649 "Verify that the neighbour is not FULL between R1 and R2 using "
650 "show ip ospf6 neighbor cmd."
651 )
652 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
653 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
654 tc_name, ospf6_covergence
655 )
656
657 dut = "r1"
658 shutdown_bringup_interface(tgen, dut, intf, True)
659
660 step(
661 "Verify that the neighbour is FULL between R1 and R2 using "
662 "show ip ospf6 neighbor cmd."
663 )
664
665 dut = "r2"
666 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
667 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
668 tc_name, ospf6_covergence
669 )
670
671 write_test_footer(tc_name)
672
673 def test_ospf6_auth_trailer_tc4_keychain_sha256(request):
674 """
675 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
676 using HMAC-SHA-256 keychain configuration.
677
678 """
679 tc_name = request.node.name
680 write_test_header(tc_name)
681 tgen = get_topogen()
682 global topo
683 step("Bring up the base config.")
684 reset_config_on_routers(tgen)
685 step(
686 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
687 "connected to R2 with auth trailer"
688 )
689
690 router1 = tgen.gears["r1"]
691 router2 = tgen.gears["r2"]
692
693 router1.vtysh_cmd(
694 """configure terminal
695 key chain auth
696 key 10
697 key-string ospf6
698 cryptographic-algorithm hmac-sha-256"""
699 )
700
701 router2.vtysh_cmd(
702 """configure terminal
703 key chain auth
704 key 10
705 key-string ospf6
706 cryptographic-algorithm hmac-sha-256"""
707 )
708
709 r1_ospf6_auth = {
710 "r1": {
711 "links": {
712 "r2": {
713 "ospf6": {
714 "keychain": "auth",
715 }
716 }
717 }
718 }
719 }
720 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
721 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
722
723 step("Verify that the neighbour is not FULL between R1 and R2.")
724 # wait for dead time expiry.
725 sleep(6)
726 dut = "r1"
727 ospf6_covergence = verify_ospf6_neighbor(
728 tgen, topo, dut=dut, expected=False, retry_timeout=3
729 )
730 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
731 tc_name, ospf6_covergence
732 )
733
734 step(
735 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
736 "connected to R1 with auth trailer"
737 )
738
739 r2_ospf6_auth = {
740 "r2": {
741 "links": {
742 "r1": {
743 "ospf6": {
744 "keychain": "auth",
745 }
746 }
747 }
748 }
749 }
750 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
751 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
752
753 step(
754 "Verify that the neighbour is FULL between R1 and R2 "
755 "using show ipv6 ospf6 neighbor cmd."
756 )
757
758 dut = "r2"
759 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
760 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
761 tc_name, ospf6_covergence
762 )
763
764 step(
765 "Disable authentication on R2 "
766 )
767
768 r2_ospf6_auth = {
769 "r2": {
770 "links": {
771 "r1": {
772 "ospf6": {
773 "keychain": "auth",
774 "del_action": True
775 }
776 }
777 }
778 }
779 }
780 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
781 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
782
783 step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
784 # wait till the dead timer expiry
785 sleep(6)
786 dut = "r2"
787 ospf6_covergence = verify_ospf6_neighbor(
788 tgen, topo, dut=dut, expected=False, retry_timeout=5
789 )
790 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
791 tc_name, ospf6_covergence
792 )
793
794 step("Again On R2 enable ospf6 on interface with message-digest auth")
795 r2_ospf6_auth = {
796 "r2": {
797 "links": {
798 "r1": {
799 "ospf6": {
800 "keychain": "auth",
801 }
802 }
803 }
804 }
805 }
806 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
807 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
808
809 step(
810 "Verify that the neighbour is FULL between R1 and R2 using"
811 " show ip ospf6 neighbor cmd."
812 )
813
814 dut = "r2"
815 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
816 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
817 tc_name, ospf6_covergence
818 )
819
820 step("Shut no shut interface on R1")
821 dut = "r1"
822 intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
823 shutdown_bringup_interface(tgen, dut, intf, False)
824
825 dut = "r2"
826 step(
827 "Verify that the neighbour is not FULL between R1 and R2 using "
828 "show ip ospf6 neighbor cmd."
829 )
830 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut, expected=False)
831 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
832 tc_name, ospf6_covergence
833 )
834
835 dut = "r1"
836 shutdown_bringup_interface(tgen, dut, intf, True)
837
838 step(
839 "Verify that the neighbour is FULL between R1 and R2 using "
840 "show ip ospf6 neighbor cmd."
841 )
842
843 dut = "r2"
844 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
845 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
846 tc_name, ospf6_covergence
847 )
848
849 write_test_footer(tc_name)
850
851 def test_ospf6_auth_trailer_tc5_md5_keymissmatch(request):
852 """
853 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
854 using MD5 manual key configuration.
855
856 """
857 tc_name = request.node.name
858 write_test_header(tc_name)
859 tgen = get_topogen()
860 global topo
861 step("Bring up the base config.")
862 reset_config_on_routers(tgen)
863 step(
864 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
865 "connected to R2 with auth trailer"
866 )
867
868 r1_ospf6_auth = {
869 "r1": {
870 "links": {
871 "r2": {
872 "ospf6": {
873 "hash-algo": "md5",
874 "key": "ospf6",
875 "key-id": "10",
876 }
877 }
878 }
879 }
880 }
881 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
882 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
883
884 step("Verify that the neighbour is not FULL between R1 and R2.")
885 # wait for dead time expiry.
886 sleep(6)
887 dut = "r1"
888 ospf6_covergence = verify_ospf6_neighbor(
889 tgen, topo, dut=dut, expected=False, retry_timeout=3
890 )
891 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
892 tc_name, ospf6_covergence
893 )
894
895 step(
896 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
897 "connected to R1 with auth trailer wrong key"
898 )
899
900 r2_ospf6_auth = {
901 "r2": {
902 "links": {
903 "r1": {
904 "ospf6": {
905 "hash-algo": "md5",
906 "key": "ospf6-missmatch",
907 "key-id": "10",
908 }
909 }
910 }
911 }
912 }
913 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
914 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
915
916 step(
917 "Verify that the neighbour is not FULL between R1 and R2 "
918 "using show ipv6 ospf6 neighbor cmd."
919 )
920
921 step("Verify that the neighbour is FULL between R1 and R2.")
922 # wait for dead time expiry.
923 sleep(6)
924 dut = "r2"
925 ospf6_covergence = verify_ospf6_neighbor(
926 tgen, topo, dut=dut, expected=False, retry_timeout=3
927 )
928 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
929 tc_name, ospf6_covergence
930 )
931
932 step(
933 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
934 "connected to R1 with auth trailer correct key"
935 )
936
937 r2_ospf6_auth = {
938 "r2": {
939 "links": {
940 "r1": {
941 "ospf6": {
942 "hash-algo": "md5",
943 "key": "ospf6",
944 "key-id": "10",
945 }
946 }
947 }
948 }
949 }
950 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
951 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
952
953 step(
954 "Verify that the neighbour is FULL between R1 and R2 "
955 "using show ipv6 ospf6 neighbor cmd."
956 )
957
958 dut = "r2"
959 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
960 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
961 tc_name, ospf6_covergence
962 )
963
964 write_test_footer(tc_name)
965
966 def test_ospf6_auth_trailer_tc6_sha256_mismatch(request):
967 """
968 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
969 using HMAC-SHA-256 manual key configuration.
970
971 """
972 tc_name = request.node.name
973 write_test_header(tc_name)
974 tgen = get_topogen()
975 global topo
976 step("Bring up the base config.")
977 reset_config_on_routers(tgen)
978 step(
979 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
980 "connected to R2 with auth trailer"
981 )
982
983 r1_ospf6_auth = {
984 "r1": {
985 "links": {
986 "r2": {
987 "ospf6": {
988 "hash-algo": "hmac-sha-256",
989 "key": "ospf6",
990 "key-id": "10",
991 }
992 }
993 }
994 }
995 }
996 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
997 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
998
999 step("Verify that the neighbour is not FULL between R1 and R2.")
1000 # wait for dead time expiry.
1001 sleep(6)
1002 dut = "r1"
1003 ospf6_covergence = verify_ospf6_neighbor(
1004 tgen, topo, dut=dut, expected=False, retry_timeout=3
1005 )
1006 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1007 tc_name, ospf6_covergence
1008 )
1009
1010 step(
1011 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
1012 "connected to R1 with auth trailer wrong key"
1013 )
1014
1015 r2_ospf6_auth = {
1016 "r2": {
1017 "links": {
1018 "r1": {
1019 "ospf6": {
1020 "hash-algo": "hmac-sha-256",
1021 "key": "ospf6-missmatch",
1022 "key-id": "10",
1023 }
1024 }
1025 }
1026 }
1027 }
1028 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1029 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1030
1031 step("Verify that the neighbour is not FULL between R1 and R2.")
1032 # wait for dead time expiry.
1033 sleep(6)
1034 dut = "r2"
1035 ospf6_covergence = verify_ospf6_neighbor(
1036 tgen, topo, dut=dut, expected=False, retry_timeout=3
1037 )
1038 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1039 tc_name, ospf6_covergence
1040 )
1041
1042 step(
1043 "Configure ospf6 with on R1 and R2, enable ospf6 on R2 interface "
1044 "connected to R1 with auth trailer wrong key"
1045 )
1046
1047 r2_ospf6_auth = {
1048 "r2": {
1049 "links": {
1050 "r1": {
1051 "ospf6": {
1052 "hash-algo": "hmac-sha-256",
1053 "key": "ospf6",
1054 "key-id": "10",
1055 }
1056 }
1057 }
1058 }
1059 }
1060 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1061 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1062
1063 step(
1064 "Verify that the neighbour is FULL between R1 and R2 "
1065 "using show ipv6 ospf6 neighbor cmd."
1066 )
1067
1068 dut = "r2"
1069 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1070 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1071 tc_name, ospf6_covergence
1072 )
1073
1074 write_test_footer(tc_name)
1075
1076 def test_ospf6_auth_trailer_tc7_keychain_md5_missmatch(request):
1077 """
1078 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1079 using MD5 keychain configuration.
1080
1081 """
1082 tc_name = request.node.name
1083 write_test_header(tc_name)
1084 tgen = get_topogen()
1085 global topo
1086 step("Bring up the base config.")
1087 reset_config_on_routers(tgen)
1088 step(
1089 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1090 "connected to R2 with auth trailer"
1091 )
1092
1093 router1 = tgen.gears["r1"]
1094 router2 = tgen.gears["r2"]
1095
1096 router1.vtysh_cmd(
1097 """configure terminal
1098 key chain auth
1099 key 10
1100 key-string ospf6
1101 cryptographic-algorithm md5"""
1102 )
1103
1104 router2.vtysh_cmd(
1105 """configure terminal
1106 key chain auth
1107 key 10
1108 key-string ospf6
1109 cryptographic-algorithm md5"""
1110 )
1111
1112 router2.vtysh_cmd(
1113 """configure terminal
1114 key chain auth-missmatch
1115 key 10
1116 key-string ospf6-missmatch
1117 cryptographic-algorithm md5"""
1118 )
1119
1120 r1_ospf6_auth = {
1121 "r1": {
1122 "links": {
1123 "r2": {
1124 "ospf6": {
1125 "keychain": "auth",
1126 }
1127 }
1128 }
1129 }
1130 }
1131 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1132 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1133
1134 step("Verify that the neighbour is not FULL between R1 and R2.")
1135 # wait for dead time expiry.
1136 sleep(6)
1137 dut = "r1"
1138 ospf6_covergence = verify_ospf6_neighbor(
1139 tgen, topo, dut=dut, expected=False, retry_timeout=3
1140 )
1141 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1142 tc_name, ospf6_covergence
1143 )
1144
1145 step(
1146 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1147 "connected to R1 with auth trailer with wrong keychain"
1148 )
1149
1150 r2_ospf6_auth = {
1151 "r2": {
1152 "links": {
1153 "r1": {
1154 "ospf6": {
1155 "keychain": "auth-missmatch",
1156 }
1157 }
1158 }
1159 }
1160 }
1161 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1162 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1163
1164 step("Verify that the neighbour is not FULL between R1 and R2.")
1165 # wait for dead time expiry.
1166 sleep(6)
1167 dut = "r2"
1168 ospf6_covergence = verify_ospf6_neighbor(
1169 tgen, topo, dut=dut, expected=False, retry_timeout=3
1170 )
1171 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1172 tc_name, ospf6_covergence
1173 )
1174
1175 step(
1176 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1177 "connected to R1 with auth trailer with correct keychain"
1178 )
1179
1180 r2_ospf6_auth = {
1181 "r2": {
1182 "links": {
1183 "r1": {
1184 "ospf6": {
1185 "keychain": "auth",
1186 }
1187 }
1188 }
1189 }
1190 }
1191 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1192 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1193
1194 step(
1195 "Verify that the neighbour is FULL between R1 and R2 "
1196 "using show ipv6 ospf6 neighbor cmd."
1197 )
1198
1199 dut = "r2"
1200 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1201 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1202 tc_name, ospf6_covergence
1203 )
1204
1205 write_test_footer(tc_name)
1206
1207 def test_ospf6_auth_trailer_tc8_keychain_sha256_missmatch(request):
1208 """
1209 OSPFv3 Authentication Trailer - Verify ospfv3 authentication trailer
1210 using HMAC-SHA-256 keychain configuration.
1211
1212 """
1213 tc_name = request.node.name
1214 write_test_header(tc_name)
1215 tgen = get_topogen()
1216 global topo
1217 step("Bring up the base config.")
1218 reset_config_on_routers(tgen)
1219 step(
1220 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1221 "connected to R2 with auth trailer"
1222 )
1223
1224 router1 = tgen.gears["r1"]
1225 router2 = tgen.gears["r2"]
1226
1227 router1.vtysh_cmd(
1228 """configure terminal
1229 key chain auth
1230 key 10
1231 key-string ospf6
1232 cryptographic-algorithm hmac-sha-256"""
1233 )
1234
1235 router2.vtysh_cmd(
1236 """configure terminal
1237 key chain auth
1238 key 10
1239 key-string ospf6
1240 cryptographic-algorithm hmac-sha-256"""
1241 )
1242
1243 router2.vtysh_cmd(
1244 """configure terminal
1245 key chain auth-missmatch
1246 key 10
1247 key-string ospf6-missmatch
1248 cryptographic-algorithm hmac-sha-256"""
1249 )
1250
1251 r1_ospf6_auth = {
1252 "r1": {
1253 "links": {
1254 "r2": {
1255 "ospf6": {
1256 "keychain": "auth",
1257 }
1258 }
1259 }
1260 }
1261 }
1262 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1263 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1264
1265 step("Verify that the neighbour is not FULL between R1 and R2.")
1266 # wait for dead time expiry.
1267 sleep(6)
1268 dut = "r1"
1269 ospf6_covergence = verify_ospf6_neighbor(
1270 tgen, topo, dut=dut, expected=False, retry_timeout=3
1271 )
1272 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1273 tc_name, ospf6_covergence
1274 )
1275
1276 step(
1277 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1278 "connected to R1 with auth trailer wrong keychain"
1279 )
1280
1281 r2_ospf6_auth = {
1282 "r2": {
1283 "links": {
1284 "r1": {
1285 "ospf6": {
1286 "keychain": "auth-missmatch",
1287 }
1288 }
1289 }
1290 }
1291 }
1292 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1293 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1294
1295 step("Verify that the neighbour is not FULL between R1 and R2.")
1296 # wait for dead time expiry.
1297 sleep(6)
1298 dut = "r2"
1299 ospf6_covergence = verify_ospf6_neighbor(
1300 tgen, topo, dut=dut, expected=False, retry_timeout=3
1301 )
1302 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1303 tc_name, ospf6_covergence
1304 )
1305
1306 step(
1307 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1308 "connected to R1 with auth trailer correct keychain"
1309 )
1310
1311 r2_ospf6_auth = {
1312 "r2": {
1313 "links": {
1314 "r1": {
1315 "ospf6": {
1316 "keychain": "auth",
1317 }
1318 }
1319 }
1320 }
1321 }
1322 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1323 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1324
1325 step(
1326 "Verify that the neighbour is FULL between R1 and R2 "
1327 "using show ipv6 ospf6 neighbor cmd."
1328 )
1329
1330 dut = "r2"
1331 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1332 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1333 tc_name, ospf6_covergence
1334 )
1335
1336 write_test_footer(tc_name)
1337
1338 def test_ospf6_auth_trailer_tc9_keychain_not_configured(request):
1339 """
1340 OSPFv3 Neighborship without Authentication Trailer -
1341 Verify ospfv3 neighborship when no authentication trailer is configured.
1342
1343 """
1344 tc_name = request.node.name
1345 write_test_header(tc_name)
1346 tgen = get_topogen()
1347 global topo
1348 step("Bring up the base config.")
1349 reset_config_on_routers(tgen)
1350 step(
1351 "Configure ospf6 between R1 and R2, enable ospf6 auth on R1 interface "
1352 "connected to R2 with auth trailer"
1353 )
1354
1355 router1 = tgen.gears["r1"]
1356 router2 = tgen.gears["r2"]
1357
1358 r1_ospf6_auth = {
1359 "r1": {
1360 "links": {
1361 "r2": {
1362 "ospf6": {
1363 "keychain": "auth",
1364 }
1365 }
1366 }
1367 }
1368 }
1369 result = config_ospf6_interface(tgen, topo, r1_ospf6_auth)
1370 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1371
1372 step("Verify that the neighbour is not FULL between R1 and R2.")
1373 # wait for dead time expiry.
1374 sleep(6)
1375 dut = "r1"
1376 ospf6_covergence = verify_ospf6_neighbor(
1377 tgen, topo, dut=dut, expected=False, retry_timeout=3
1378 )
1379 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1380 tc_name, ospf6_covergence
1381 )
1382
1383 step(
1384 "Configure ospf6 between R1 and R2, enable ospf6 on R2 interface "
1385 "connected to R1 with auth trailer non existing keychain"
1386 )
1387
1388 r2_ospf6_auth = {
1389 "r2": {
1390 "links": {
1391 "r1": {
1392 "ospf6": {
1393 "keychain": "auth",
1394 }
1395 }
1396 }
1397 }
1398 }
1399 result = config_ospf6_interface(tgen, topo, r2_ospf6_auth)
1400 assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
1401
1402 step("Verify that the neighbour is not FULL between R1 and R2.")
1403 # wait for dead time expiry.
1404 sleep(6)
1405 dut = "r2"
1406 ospf6_covergence = verify_ospf6_neighbor(
1407 tgen, topo, dut=dut, expected=False, retry_timeout=3
1408 )
1409 assert ospf6_covergence is not True, "Testcase {} :Failed \n Error:" " {}".format(
1410 tc_name, ospf6_covergence
1411 )
1412
1413 write_test_footer(tc_name)
1414
1415 def test_ospf6_auth_trailer_tc10_no_auth_trailer(request):
1416 """
1417 OSPFv3 Neighborship without Authentication Trailer -
1418 Verify ospfv3 neighborship when no authentication trailer is configured.
1419
1420 """
1421 tc_name = request.node.name
1422 write_test_header(tc_name)
1423 tgen = get_topogen()
1424 global topo
1425 step("Bring up the base config.")
1426 reset_config_on_routers(tgen)
1427
1428 router1 = tgen.gears["r1"]
1429 router2 = tgen.gears["r2"]
1430
1431 step(
1432 "Verify that the neighbour is FULL between R1 and R2 "
1433 "using show ipv6 ospf6 neighbor cmd."
1434 )
1435
1436 dut = "r2"
1437 ospf6_covergence = verify_ospf6_neighbor(tgen, topo, dut=dut)
1438 assert ospf6_covergence is True, "Testcase {} :Failed \n Error:" " {}".format(
1439 tc_name, ospf6_covergence
1440 )
1441
1442 write_test_footer(tc_name)
1443
1444 if __name__ == "__main__":
1445 args = ["-s"] + sys.argv[1:]
1446 sys.exit(pytest.main(args))
FRRouting mirror