-
Notifications
You must be signed in to change notification settings - Fork 714
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[testcase]MACsec basic test #3571
Conversation
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
This comment has been minimized.
This comment has been minimized.
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
This pull request introduces 1 alert when merging 6fa54e4 into a26f2d5 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
This pull request introduces 1 alert when merging 83ee15b into 0845fb1 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
This pull request introduces 1 alert when merging c7ae21f into 432edc4 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
This pull request introduces 1 alert when merging ce8f061 into e6741d3 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
This pull request introduces 2 alerts when merging 956b1378b7298a15243ef0dfe56d27c533fe5bc2 into 8963001 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
/azp run |
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
6613e82
to
dd2fa36
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
f9f118f
to
e907e0b
Compare
This pull request introduces 1 alert when merging 0938857 into 481ff97 - view on LGTM.com new alerts:
|
Signed-off-by: Ze Gan <ganze718@gmail.com>
4118330
to
197f466
Compare
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
Signed-off-by: Ze Gan <ganze718@gmail.com>
host.command(cmd) | ||
|
||
|
||
def enable_macsec_port(host, port, profile_name): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Pterosaur we could have all these helper API's are a separate macsec_helpers.py module and import it here in test_macsec.py. These are useful for other tests which we will develop.
<!-- Please make sure you've read and understood our contributing guidelines; https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md Please provide following information to help code review process a bit easier: --> <!-- - Please include a summary of the change and which issue is fixed. - Please also include relevant motivation and context. Where should reviewer start? background context? - List any dependencies that are required for this change. --> Summary: Fixes # (issue) Need the PR: sonic-net/sonic-buildimage#8554 <!-- - Fill x for your type of change. - e.g. - [x] Bug fix --> - [ ] Bug fix - [ ] Testbed and Framework(new/improvement) - [x] Test case(new/improvement) This PR includes the basic test, control plane and data plane, for MACsec. - Control plane 1. Check the control plane processes, wpa_supplicant, can running 2. Check the related entries in APP_DB 3. To virtual switch, Check the mka session by iproute2 - Data Plane 1. Check the traffic from down link to up link 2. Check the traffic from a neighbor device to others Build testbed of SONiC neighbor devices Please refer this document https://github.com/Azure/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md to 1setup your environment. the neighbor devices should be SONiC with the **latest image** and the vm_type should choose `vsonic` ``` ./testbed-cli.sh -m veos_vtb -n 4 -k vsonic start-vms server_1 password.txt ./testbed-cli.sh -t vtestbed.csv -m veos_vtb -k vsonic add-topo vms-kvm-t0 password.txt ./testbed-cli.sh -t vtestbed.csv -m veos_vtb deploy-mg vms-kvm-t0 veos_vtb password.txt ``` Verify health ``` ./run_tests.sh -u -n vms-kvm-t0 -d vlab-01 -c test_nbr_health.py -f vtestbed.csv -i veos_vtb -e "--neighbor_type=sonic --skip_sanity --disable_loganalyzer" ``` Run MACsec Test ``` ./run_tests.sh -u -n vms-kvm-t0 -d vlab-01 -c macsec/test_macsec.py -f vtestbed.csv -i veos_vtb -e "--neighbor_type=sonic --skip_sanity --disable_loganalyzer" ``` You should get ``` === Running tests in groups === /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature ============================================================================================= test session starts ============================================================================================== platform linux2 -- Python 2.7.17, pytest-4.6.5, py-1.11.0, pluggy-0.13.1 -- /usr/bin/python cachedir: .pytest_cache metadata: {'Python': '2.7.17', 'Platform': 'Linux-5.4.0-37-generic-x86_64-with-Ubuntu-18.04-bionic', 'Packages': {'py': '1.11.0', 'pytest': '4.6.5', 'pluggy': '0.13.1'}, 'Plugins': {u'repeat': u'0.9.1', u'ordering': u'0.6', u'ansible': u'2.2.2', u'xdist': u'1.28.0', u'al lure-pytest': u'2.8.22', u'html': u'1.22.1', u'forked': u'1.3.0', u'metadata': u'1.11.0'}} ansible: 2.8.12 rootdir: /data/sonic-mgmt_sonic_vm_topology/tests, inifile: pytest.ini plugins: forked-1.3.0, xdist-1.28.0, repeat-0.9.1, metadata-1.11.0, html-1.22.1, allure-pytest-2.8.22, ordering-0.6, ansible-2.2.2 collecting ... ['conf-name', 'group-name', 'topo', 'ptf_image_name', 'ptf', 'ptf_ip', 'ptf_ipv6', 'server', 'vm_base', 'dut', 'inv_name', 'auto_recover', 'comment'] Finished testbed info generating. /usr/local/lib/python2.7/dist-packages/ansible/parsing/vault/__init__.py:44: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. from cryptography.exceptions import InvalidSignature collecting 0 items ['conf-name', 'group-name', 'topo', 'ptf_image_name', 'ptf', 'pt f_ip', 'ptf_ipv6', 'server', 'vm_base', 'dut', 'inv_name', 'auto_recover', 'comment'] Finished testbed info generating. collected 40 items macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-128-security-true] PASSED [ 2%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-128-true] PASSED [ 5%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-128-true] PASSED [ 7%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-128-security-true] PASSED [ 10%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-128-security-true] PASSED [ 12%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-128-security-false] PASSED [ 15%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-128-false] PASSED [ 17%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-128-false] PASSED [ 20%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-128-security-false] PASSED [ 22%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-128-security-false] PASSED [ 25%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-256-security-false] PASSED [ 27%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-256-false] PASSED [ 30%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-256-false] PASSED [ 32%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-256-security-false] PASSED [ 35%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-256-security-false] PASSED [ 37%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-256-security-true] PASSED [ 40%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-256-true] PASSED [ 42%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-256-true] PASSED [ 45%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-256-security-true] PASSED [ 47%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-256-security-true] PASSED [ 50%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-128-security-false] PASSED [ 52%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-128-false] PASSED [ 55%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-128-false] PASSED [ 57%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-128-security-false] PASSED [ 60%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-128-security-false] PASSED [ 62%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-128-security-true] PASSED [ 65%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-128-true] PASSED [ 67%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-128-true] PASSED [ 70%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-128-security-true] PASSED [ 72%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-128-security-true] PASSED [ 75%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-256-security-false] PASSED [ 77%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-256-false] PASSED [ 80%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-256-false] PASSED [ 82%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-256-security-false] PASSED [ 85%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-256-security-false] PASSED [ 87%] macsec/test_macsec.py::TestControlPlane::test_wpa_supplicant_processes[GCM-AES-XPN-256-security-true] PASSED [ 90%] macsec/test_macsec.py::TestControlPlane::test_appl_db[security-GCM-AES-XPN-256-true] PASSED [ 92%] macsec/test_macsec.py::TestControlPlane::test_mka_session[security-GCM-AES-XPN-256-true] PASSED [ 95%] macsec/test_macsec.py::TestDataPlane::test_server_to_neighbor[GCM-AES-XPN-256-security-true] PASSED [ 97%] macsec/test_macsec.py::TestDataPlane::test_neighbor_to_neighbor[GCM-AES-XPN-256-security-true] PASSED [100%] ``` Tested in Virtual Switch and Arista 7280 T0 #4885 <!-- (If it's a new feature, new test case) Did you update documentation/Wiki relevant to your implementation? Link to the wiki page? -->
Description of PR
Summary:
Fixes # (issue)
Need the PR: sonic-net/sonic-buildimage#8554
Type of change
Approach
What is the motivation for this PR?
This PR includes the basic test, control plane and data plane, for MACsec.
How did you do it?
How did you verify/test it?
Build testbed of SONiC neighbor devices
Please refer this document https://github.com/Azure/sonic-mgmt/blob/master/docs/testbed/README.testbed.VsSetup.md to 1setup your environment. the neighbor devices should be SONiC with the latest image and the vm_type should choose
vsonic
Verify health
Run MACsec Test
You should get
Any platform specific information?
Tested in Virtual Switch and Arista 7280
Supported testbed topology if it's a new test case?
T0
Documentation
#4885