[testcase]MACsec basic test #3571
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
This comment has been minimized.
This comment has been minimized.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
This pull request introduces 1 alert when merging 6fa54e4 into a26f2d5 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
This pull request introduces 1 alert when merging 83ee15b into 0845fb1 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
This pull request introduces 1 alert when merging c7ae21f into 432edc4 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
This pull request introduces 1 alert when merging ce8f061 into e6741d3 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
This pull request introduces 2 alerts when merging 956b1378b7298a15243ef0dfe56d27c533fe5bc2 into 8963001 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
macsec_test
branch
from
6613e82
to
dd2fa36
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
macsec_test
branch
from
f9f118f
to
e907e0b
Compare
|
This pull request introduces 1 alert when merging 0938857 into 481ff97 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Pterosaur
force-pushed
the
macsec_test
branch
from
4118330
to
197f466
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
jimmyzhai
previously approved these changes
Mar 1, 2022
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
judyjoseph
reviewed
Mar 2, 2022
| host.command(cmd) | ||
|
|
||
|
|
||
| def enable_macsec_port(host, port, profile_name): |
There was a problem hiding this comment.
@Pterosaur we could have all these helper API's are a separate macsec_helpers.py module and import it here in test_macsec.py. These are useful for other tests which we will develop.
jimmyzhai
approved these changes
Mar 2, 2022
Pterosaur
added a commit
that referenced
this pull request
Mar 2, 2022
<!-- Please make sure you've read and understood our contributing guidelines; https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md Please provide following information to help code review process a bit easier: --> <!-- - Please include a summary of the change and which issue is fixed. - Please also include relevant motivation and context. Where should reviewer start? background context? - List any dependencies that are required for this change. --> Summary: Fixes # (issue) Need the PR: sonic-net/sonic-buildimage#8554 <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [x] Test case(new/improvement) This PR includes the basic test, control plane and data plane, for MACsec. - Control plane 1. Check the control plane processes, wpa_supplicant, can running 2. Check the related entries in APP_DB 3. To virtual switch, Check the mka session by iproute2 - Data Plane 1. Check the traffic from down link to up link 2. Check the traffic from a neighbor device to others Build testbed of SONiC neighbor devices Please refer this document https://github.com/Azure/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md to 1setup your environment. the neighbor devices should be SONiC with the **latest image** and the vm_type should choose `vsonic` ``` ./testbed-cli.sh -m veos_vtb -n 4 -k vsonic start-vms server_1 password.txt ./testbed-cli.sh -t vtestbed.csv -m veos_vtb -k vsonic add-topo vms-kvm-t0 password.txt ./testbed-cli.sh -t vtestbed.csv -m veos_vtb deploy-mg vms-kvm-t0 veos_vtb password.txt ``` Verify health ``` ./run_tests.sh -u -n vms-kvm-t0 -d vlab-01 -c test_nbr_health.py -f vtestbed.csv -i veos_vtb -e "--neighbor_type=sonic --skip_sanity --disable_loganalyzer" ``` Run MACsec Test ``` ./run_tests.sh -u -n vms-kvm-t0 -d vlab-01 -c macsec/test_macsec.py -f vtestbed.csv -i veos_vtb -e "--neighbor_type=sonic --skip_sanity --disable_loganalyzer" ``` You should get ``` === Running tests in groups === /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature ============================================================================================= test session starts ============================================================================================== platform linux2 -- Python 2.7.17, pytest-4.6.5, py-1.11.0, pluggy-0.13.1 -- /usr/bin/python cachedir: .pytest_cache metadata: {'Python': '2.7.17', 'Platform': 'Linux-5.4.0-37-generic-x86_64-with-Ubuntu-18.04-bionic', 'Packages': {'py': '1.11.0', 'pytest': '4.6.5', 'pluggy': '0.13.1'}, 'Plugins': {u'repeat': u'0.9.1', u'ordering': u'0.6', u'ansible': u'2.2.2', u'xdist': u'1.28.0', u'al lure-pytest': u'2.8.22', u'html': u'1.22.1', u'forked': u'1.3.0', u'metadata': u'1.11.0'}} ansible: 2.8.12 rootdir: /data/sonic-mgmt_sonic_vm_topology/tests, inifile: pytest.ini plugins: forked-1.3.0, xdist-1.28.0, repeat-0.9.1, metadata-1.11.0, html-1.22.1, allure-pytest-2.8.22, ordering-0.6, ansible-2.2.2 collecting ... ['conf-name', 'group-name', 'topo', 'ptf_image_name', 'ptf', 'ptf_ip', 'ptf_ipv6', 'server', 'vm_base', 'dut', 'inv_name', 'auto_recover', 'comment'] Finished testbed info generating. /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature collecting 0 items ['conf-name', 'group-name', 'topo', 'ptf_image_name', 'ptf', 'pt f_ip', 'ptf_ipv6', 'server', 'vm_base', 'dut', 'inv_name', 'auto_recover', 'comment'] Finished testbed info generating. collected 40 items macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-128-security-true] PASSED [ 2%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-128-true] PASSED [ 5%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-128-true] PASSED [ 7%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-128-security-true] PASSED [ 10%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-128-security-true] PASSED [ 12%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-128-security-false] PASSED [ 15%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-128-false] PASSED [ 17%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-128-false] PASSED [ 20%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-128-security-false] PASSED [ 22%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-128-security-false] PASSED [ 25%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-256-security-false] PASSED [ 27%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-256-false] PASSED [ 30%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-256-false] PASSED [ 32%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-256-security-false] PASSED [ 35%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-256-security-false] PASSED [ 37%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-256-security-true] PASSED [ 40%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-256-true] PASSED [ 42%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-256-true] PASSED [ 45%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-256-security-true] PASSED [ 47%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-256-security-true] PASSED [ 50%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-128-security-false] PASSED [ 52%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-128-false] PASSED [ 55%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-128-false] PASSED [ 57%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-128-security-false] PASSED [ 60%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-128-security-false] PASSED [ 62%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-128-security-true] PASSED [ 65%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-128-true] PASSED [ 67%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-128-true] PASSED [ 70%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-128-security-true] PASSED [ 72%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-128-security-true] PASSED [ 75%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-256-security-false] PASSED [ 77%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-256-false] PASSED [ 80%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-256-false] PASSED [ 82%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-256-security-false] PASSED [ 85%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-256-security-false] PASSED [ 87%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-256-security-true] PASSED [ 90%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-256-true] PASSED [ 92%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-256-true] PASSED [ 95%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-256-security-true] PASSED [ 97%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-256-security-true] PASSED [100%] ``` Tested in Virtual Switch and Arista 7280 T0 #4885 <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of PR
Summary:
Fixes # (issue)
Need the PR: sonic-net/sonic-buildimage#8554
Type of change
Approach
What is the motivation for this PR?
This PR includes the basic test, control plane and data plane, for MACsec.
How did you do it?
How did you verify/test it?
Build testbed of SONiC neighbor devices
Please refer this document https://github.com/Azure/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md to 1setup your environment. the neighbor devices should be SONiC with the latest image and the vm_type should choose
vsonicVerify health
Run MACsec Test
You should get
Any platform specific information?
Tested in Virtual Switch and Arista 7280
Supported testbed topology if it's a new test case?
T0
Documentation
#4885