frrouting/frr
1
0
Fork 0
Code Activity
frr/tests/topotests/ospf_basic_functionality/test_ospf_authentication.py
Daniel Baumann 3124f89aed
Adding upstream version 10.1.1. 
Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-02-05 10:03:58 +01:00

1333 lines
39 KiB
Python
Raw Blame History

#!/usr/bin/python
# SPDX-License-Identifier: ISC
#
# Copyright (c) 2020 by VMware, Inc. ("VMware")
# Used Copyright (c) 2018 by Network Device Education Foundation, Inc.
# ("NetDEF") in this file.
#
"""OSPF Basic Functionality Automation."""
import os
import sys
import time
import pytest
from time import sleep
from copy import deepcopy
from lib.topotest import frr_unicode
# Save the Current Working Directory to find configuration files.
CWD = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(CWD, "../"))
sys.path.append(os.path.join(CWD, "../lib/"))
# pylint: disable=C0413
# Import topogen and topotest helpers
from lib.topogen import Topogen, get_topogen
# Import topoJson from lib, to create topology and initial configuration
from lib.common_config import (
start_topology,
write_test_header,
write_test_footer,
reset_config_on_routers,
step,
shutdown_bringup_interface,
)
from lib.topolog import logger
from lib.topojson import build_config_from_json
from lib.ospf import verify_ospf_neighbor, config_ospf_interface, clear_ospf
from ipaddress import IPv4Address
pytestmark = [pytest.mark.ospfd]
# Global variables
topo = None
"""
TOPOOLOGY =
Please view in a fixed-width font such as Courier.
+---+ A1 +---+
+R1 +------------+R2 |
+-+-+- +--++
| -- -- |
| -- A0 -- |
A0| ---- |
| ---- | A2
| -- -- |
| -- -- |
+-+-+- +-+-+
+R0 +-------------+R3 |
+---+ A3 +---+
TESTCASES =
1. Verify ospf authentication with Simple password authentication.
2. Verify ospf authentication with MD5 authentication.
3. Verify ospf authentication with MD5 keychain authentication.
4. Verify ospf authentication with SHA256 keychain authentication.
5. Verify ospf authentication with different authentication methods.
"""
def setup_module(mod):
"""
Sets up the pytest environment
* `mod`: module name
"""
testsuite_run_time = time.asctime(time.localtime(time.time()))
logger.info("Testsuite start time: {}".format(testsuite_run_time))
logger.info("=" * 40)
logger.info("Running setup_module to create topology")
# This function initiates the topology build with Topogen...
json_file = "{}/ospf_authentication.json".format(CWD)
tgen = Topogen(json_file, mod.__name__)
global topo
topo = tgen.json_topo
# ... and here it calls Mininet initialization functions.
# Starting topology, create tmp files which are loaded to routers
# to start daemons and then start routers
start_topology(tgen)
# Creating configuration from JSON
build_config_from_json(tgen, topo)
# Don't run this test if we have any failure.
if tgen.routers_have_failure():
pytest.skip(tgen.errors)
ospf_covergence = verify_ospf_neighbor(tgen, topo)
assert ospf_covergence is True, "setup_module :Failed \n Error {}".format(
ospf_covergence
)
logger.info("Running setup_module() done")
def teardown_module(mod):
"""
Teardown the pytest environment.
* `mod`: module name
"""
logger.info("Running teardown_module to delete topology")
tgen = get_topogen()
# Stop toplogy and Remove tmp files
tgen.stop_topology()
logger.info(
"Testsuite end time: {}".format(time.asctime(time.localtime(time.time())))
)
logger.info("=" * 40)
# ##################################
# Test cases start here.
# ##################################
def test_ospf_authentication_simple_pass_tc28_p1(request):
"""
OSPF Authentication - Verify ospf authentication with Simple
password authentication.
"""
tc_name = request.node.name
write_test_header(tc_name)
tgen = get_topogen()
global topo
step("Bring up the base config.")
reset_config_on_routers(tgen)
step(
"Configure ospf with on R1 and R2, enable ospf on R1 interface"
"connected to R2 with simple password authentication using ip ospf "
"authentication Simple password cmd."
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("clear ip ospf after configuring the authentication.")
clear_ospf(tgen, "r1")
step("Verify that the neighbour is not FULL between R1 and R2.")
dut = "r1"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut, expected=False)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"On R2 enable ospf on interface with simple password authentication "
"using ip ospf authentication Simple password cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 "
"using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"Disable simple password authentication on R2 using no ip ospf "
"authentication Simple password cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": True,
"authentication-key": "ospf",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify on R1 neighbour is deleted for R2 after dead interval expiry")
# wait till the dead time expiry
sleep(6)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=10
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Again On R2 enable ospf on interface with Simple password auth")
r2_ospf_auth = {
"r2": {
"links": {
"r1": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 using"
" show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Shut no shut interface on R1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
dut = "r2"
step(
"Verify that the neighbour is not FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut, expected=False)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
dut = "r1"
shutdown_bringup_interface(tgen, dut, intf, True)
step(
"Verify that the neighbour is FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change Ip address on R1 and R2")
topo_modify_change_ip = deepcopy(topo)
intf_ip = topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"]
topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"] = str(
IPv4Address(frr_unicode(intf_ip.split("/")[0])) + 3
) + "/{}".format(intf_ip.split("/")[1])
build_config_from_json(tgen, topo_modify_change_ip, save_bkup=False)
reset_config_on_routers(tgen, routerName="r1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
shutdown_bringup_interface(tgen, dut, intf, True)
# clear ip ospf after configuring the authentication.
clear_ospf(tgen, "r1")
r1_ospf_auth = {
"r1": {
"links": {
"r2": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 with new "
"ip address using show ip ospf "
)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
write_test_footer(tc_name)
def test_ospf_authentication_md5_tc29_p1(request):
"""
OSPF Authentication - Verify ospf authentication with MD5 authentication.
"""
tc_name = request.node.name
write_test_header(tc_name)
tgen = get_topogen()
global topo
step("Bring up the base config.")
reset_config_on_routers(tgen)
step(
"Configure ospf with on R1 and R2, enable ospf on R1 interface "
"connected to R2 with message-digest authentication using ip "
"ospf authentication message-digest cmd."
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify that the neighbour is not FULL between R1 and R2.")
# wait for dead time expiry.
sleep(6)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=6
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"On R2 enable ospf on interface with message-digest authentication"
" using ip ospf authentication message-digest password cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 "
"using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"Disable message-digest authentication on R2 using no ip ospf "
"authentication message-digest password cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
# wait till the dead timer expiry
sleep(6)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=10
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Again On R2 enable ospf on interface with message-digest auth")
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 using"
" show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Shut no shut interface on R1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
dut = "r2"
step(
"Verify that the neighbour is not FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut, expected=False)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
dut = "r1"
shutdown_bringup_interface(tgen, dut, intf, True)
step(
"Verify that the neighbour is FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change Ip address on R1 and R2")
topo_modify_change_ip = deepcopy(topo)
intf_ip = topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"]
topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"] = str(
IPv4Address(frr_unicode(intf_ip.split("/")[0])) + 3
) + "/{}".format(intf_ip.split("/")[1])
build_config_from_json(tgen, topo_modify_change_ip, save_bkup=False)
reset_config_on_routers(tgen, routerName="r1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
shutdown_bringup_interface(tgen, dut, intf, True)
clear_ospf(tgen, "r1")
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 with new "
"ip address using show ip ospf "
)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
write_test_footer(tc_name)
def test_ospf_authentication_md5_keychain_tc30_p1(request):
"""
OSPF Authentication - Verify ospf authentication with MD5 authentication.
"""
tc_name = request.node.name
write_test_header(tc_name)
tgen = get_topogen()
global topo
step("Bring up the base config.")
reset_config_on_routers(tgen)
step(
"Configure ospf with on R1 and R2, enable ospf on R1 interface "
"connected to R2 with message-digest authentication using ip "
"ospf authentication key-chain cmd."
)
router1 = tgen.gears["r1"]
router2 = tgen.gears["r2"]
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm md5"""
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify that the neighbour is not FULL between R1 and R2.")
# wait for dead time expiry.
sleep(6)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=6
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"On R2 enable ospf on interface with message-digest authentication"
" using ip ospf authentication message-digest password cmd."
)
router2.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm md5"""
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 "
"using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"Disable message-digest authentication on R2 using no ip ospf "
"authentication key-chain cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
# wait till the dead timer expiry
sleep(6)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=10
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Again On R2 enable ospf on interface with key-chain auth")
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 using"
" show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Shut no shut interface on R1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
dut = "r2"
step(
"Verify that the neighbour is not FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut, expected=False)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
dut = "r1"
shutdown_bringup_interface(tgen, dut, intf, True)
step(
"Verify that the neighbour is FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change Ip address on R1 and R2")
topo_modify_change_ip = deepcopy(topo)
intf_ip = topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"]
topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"] = str(
IPv4Address(frr_unicode(intf_ip.split("/")[0])) + 3
) + "/{}".format(intf_ip.split("/")[1])
build_config_from_json(tgen, topo_modify_change_ip, save_bkup=False)
reset_config_on_routers(tgen, routerName="r1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
shutdown_bringup_interface(tgen, dut, intf, True)
clear_ospf(tgen, "r1")
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm md5"""
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 with new "
"ip address using show ip ospf "
)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
write_test_footer(tc_name)
def test_ospf_authentication_sha256_keychain_tc32_p1(request):
"""
OSPF Authentication - Verify ospf authentication with MD5 authentication.
"""
tc_name = request.node.name
write_test_header(tc_name)
tgen = get_topogen()
global topo
step("Bring up the base config.")
reset_config_on_routers(tgen)
step(
"Configure ospf with on R1 and R2, enable ospf on R1 interface "
"connected to R2 with message-digest authentication using ip "
"ospf authentication key-chain cmd."
)
router1 = tgen.gears["r1"]
router2 = tgen.gears["r2"]
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm hmac-sha-256"""
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify that the neighbour is not FULL between R1 and R2.")
# wait for dead time expiry.
sleep(6)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=6
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"On R2 enable ospf on interface with message-digest authentication"
" using ip ospf authentication message-digest password cmd."
)
router2.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm hmac-sha-256"""
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 "
"using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"Disable message-digest authentication on R2 using no ip ospf "
"authentication key-chain cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step("Verify on R1 ,nbr is deleted for R2 after dead interval expiry")
# wait till the dead timer expiry
sleep(6)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=10
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Again On R2 enable ospf on interface with key-chain auth")
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 using"
" show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Shut no shut interface on R1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
dut = "r2"
step(
"Verify that the neighbour is not FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut, expected=False)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
dut = "r1"
shutdown_bringup_interface(tgen, dut, intf, True)
step(
"Verify that the neighbour is FULL between R1 and R2 using "
"show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change Ip address on R1 and R2")
topo_modify_change_ip = deepcopy(topo)
intf_ip = topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"]
topo_modify_change_ip["routers"]["r1"]["links"]["r2"]["ipv4"] = str(
IPv4Address(frr_unicode(intf_ip.split("/")[0])) + 3
) + "/{}".format(intf_ip.split("/")[1])
build_config_from_json(tgen, topo_modify_change_ip, save_bkup=False)
reset_config_on_routers(tgen, routerName="r1")
dut = "r1"
intf = topo["routers"]["r1"]["links"]["r2"]["interface"]
shutdown_bringup_interface(tgen, dut, intf, False)
shutdown_bringup_interface(tgen, dut, intf, True)
clear_ospf(tgen, "r1")
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm hmac-sha-256"""
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 with new "
"ip address using show ip ospf "
)
dut = "r1"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
write_test_footer(tc_name)
def test_ospf_authentication_different_auths_tc35_p1(request):
"""
OSPF Authentication - Verify ospf authentication with different
authentication methods.
"""
tc_name = request.node.name
write_test_header(tc_name)
tgen = get_topogen()
global topo
step("Bring up the base config.")
reset_config_on_routers(tgen)
step(
"Configure ospf with on R1 and R2, enable ospf on R1 interface "
"connected to R2 with message-digest authentication using ip "
"ospf authentication message-digest cmd."
)
router1 = tgen.gears["r1"]
router2 = tgen.gears["r2"]
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
# wait for dead timer expiry
sleep(6)
step("Verify that the neighbour is not FULL between R1 and R2.")
dut = "r1"
ospf_covergence = verify_ospf_neighbor(
tgen, topo, dut=dut, expected=False, retry_timeout=10
)
assert ospf_covergence is not True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(
"On R2 enable ospf on interface with message-digest authentication"
" using ip ospf authentication message-digest password cmd."
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 "
"using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step(" Delete the configured password on both the routers.")
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "message-digest",
"authentication-key": "ospf",
"message-digest-key": "10",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the deletion is successful and neighbour is FULL"
" between R1 and R2 using show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change the authentication type to simple password.")
r1_ospf_auth = {
"r1": {
"links": {
"r2": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {"ospf": {"authentication": True, "authentication-key": "ospf"}}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the deletion is successful and neighbour is"
" FULL between R1 and R2 using show ip "
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change the password in simple password.")
r1_ospf_auth = {
"r1": {
"links": {
"r2": {"ospf": {"authentication": True, "authentication-key": "OSPFv4"}}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {"ospf": {"authentication": True, "authentication-key": "OSPFv4"}}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the deletion is successful and neighbour is"
" FULL between R1 and R2 using show ip "
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Delete the password authentication on the interface ")
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": True,
"authentication-key": "OSPFv4",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": True,
"authentication-key": "OSPFv4",
"del_action": True,
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the deletion is successful and neighbour is"
" FULL between R1 and R2 using show ip "
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Enable SHA-256 authentication on the interface")
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm hmac-sha-256"""
)
r1_ospf_auth = {
"r1": {
"links": {
"r2": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r1_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
router2.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string ospf
cryptographic-algorithm hmac-sha-256"""
)
r2_ospf_auth = {
"r2": {
"links": {
"r1": {
"ospf": {
"authentication": "key-chain",
"keychain": "auth",
}
}
}
}
}
result = config_ospf_interface(tgen, topo, r2_ospf_auth)
assert result is True, "Testcase {} :Failed \n Error: {}".format(tc_name, result)
step(
"Verify that the neighbour is FULL between R1 and R2 using"
" show ip ospf neighbor cmd."
)
dut = "r2"
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
step("Change the SHA-256 authentication password")
router1.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string OSPFv4
cryptographic-algorithm hmac-sha-512"""
)
router2.vtysh_cmd(
"""configure terminal
key chain auth
key 10
key-string OSPFv4
cryptographic-algorithm hmac-sha-512"""
)
ospf_covergence = verify_ospf_neighbor(tgen, topo, dut=dut)
assert ospf_covergence is True, "Testcase Failed \n Error {}".format(
ospf_covergence
)
write_test_footer(tc_name)
if __name__ == "__main__":
args = ["-s"] + sys.argv[1:]
sys.exit(pytest.main(args))
View git blame Copy permalink