CSIT/FuncTestPlan
Contents
CSIT Jenkins Jobs for Functional Tests
Three Jenkins jobs involving CSIT functional test cases:
-  task: verify vpp code changes as they come - functional tests
- job: vpp-csit-verify-virl
- triggers: gerrit change commit, "recheck" patch comment
- vpp code: vpp master branch PLUS gerrit change under test
- csit code: csit-verified-tag
- testbed: LF VIRL compute nodes
- status: WORKING
 
-  task: identify vpp-master-verified vpp build for csit-* jobs and provide trending reports – semiweekly
- job: csit-vpp-master-verify-semiweekly
- triggers: periodic semiweekly
-  vpp code: latest build from nexus repository (deposited by vpp-merge-master job)
- https://nexus.fd.io/content/repositories/fd.io.dev/io/fd/vpp/vpp/*
- on success: update vpp-master-verified vpp build reference in csit bootstrap scripts
 
- csit code: csit-verified-tag
- testbed: LF VIRL for functional and HW compute nodes for performance
- status: OPEN / PARTIAL
 
-  task: verify csit code changes as they come - functional tests
- job: csit-vpp-functional-virl
- triggers: gerrit change commit, "recheck" patch comment
- vpp code: vpp-master-verified vpp build
- csit code: csit master branch PLUS gerrit change
- testbed: LF VIRL compute nodes
- status: WORKING
 
-  task: verify csit code against vpp-master-verified vpp build – weekly
- job: csit-vpp-verify-weekly
- triggers: periodic weekly
- vpp code: vpp-master-verified vpp build
-  csit code: csit master branch
- on success: update csit-verified-tag
 
- testbed: LF HW compute nodes
- status: OPEN
 
Functional Test Cases - Working
- Working functional test cases - 29 working in FD.io today.
-  List of working functional test cases:
- ~/csit$ grep "^| [a-zA-Z]" -nr tests | grep -v Documentation | grep -vi " | " | grep -v performance
- tests/suites/honeycomb/interface_management.robot:30:| Honeycomb modifies interface state
- tests/suites/l2_xconnect/l2_xconnect_untagged.robot:26:| Vpp forwards packets via L2 xconnect in circular topology
- tests/suites/ipv6/ipv6_untagged.robot:33:| VPP replies to ICMPv6 echo request
- tests/suites/ipv6/ipv6_untagged.robot:37:| VPP can process ICMPv6 echo request from min to 1500B packet size with 1B increment
- tests/suites/ipv6/ipv6_untagged.robot:41:| VPP can process ICMPv6 echo request from 1500B to max packet size with 10B increment
- tests/suites/ipv6/ipv6_untagged.robot:59:| TG can route to first DUT egress interface
- tests/suites/ipv6/ipv6_untagged.robot:64:| TG can route to second DUT through first DUT
- tests/suites/ipv6/ipv6_untagged.robot:69:| TG can route to second DUT egress interface through first DUT
- tests/suites/ipv6/ipv6_untagged.robot:74:| TG can route to TG through first and second DUT
- tests/suites/ipv6/ipv6_untagged.robot:79:| VPP replies to IPv6 Neighbor Solicitation
- tests/suites/bridge_domain/bridge_domain_untagged.robot:40:| VPP reports interfaces
- tests/suites/bridge_domain/bridge_domain_untagged.robot:45:| Vpp forwards packets via L2 bridge domain 2 ports
- tests/suites/bridge_domain/bridge_domain_untagged.robot:60:| Vpp forwards packets via L2 bridge domain in circular topology
- tests/suites/bridge_domain/bridge_domain_untagged.robot:82:| Vpp forwards packets via L2 bridge domain in circular topology with static L2FIB entries
- tests/suites/bridge_domain/bridge_domain_untagged.robot:127:| Vpp forwards packets via L2 bridge domain with split-horizon groups set in circular topology
- tests/suites/bridge_domain/bridge_domain_untagged.robot:173:| VPP forwards packets through VM via two L2 bridge domains
- tests/suites/bridge_domain/bridge_domain_untagged.robot:200:| VPP forwards packets through VM via two L2 bridge domains with static L2FIB entries
- tests/suites/tagging/qinq_l2_xconnect.robot:32:| VPP can push and pop two VLAN tags to traffic transfering through xconnect
- tests/suites/vxlan/vxlan_bd_untagged.robot:30:| VPP can pass IPv4 bidirectionally through VXLAN
- tests/suites/vxlan/vxlan_bd_dot1q.robot:31:| VPP can encapsulate L2 in VXLAN over IPv4 over Dot1Q
- tests/suites/vxlan/vxlan_xconnect_untagged.robot:29:| VPP can pass IPv4 bidirectionally through VXLAN
- tests/suites/ipv4/ipv4_untagged.robot:30:| VPP replies to ICMPv4 echo request
- tests/suites/ipv4/ipv4_untagged.robot:39:| TG can route to DUT egress interface
- tests/suites/ipv4/ipv4_untagged.robot:48:| TG can route to DUT2 through DUT1
- tests/suites/ipv4/ipv4_untagged.robot:57:| TG can route to DUT2 egress interface through DUT1
- tests/suites/ipv4/ipv4_untagged.robot:66:| TG can route to TG through DUT1 and DUT2
- tests/suites/ipv4/ipv4_untagged.robot:87:| VPP can process ICMP echo request from min to 1500B packet size with 1B increment
- tests/suites/ipv4/ipv4_untagged.robot:91:| VPP can process ICMP echo request from 1500B to max packet size with 10B increment
- tests/suites/ipv4/ipv4_untagged.robot:109:| VPP responds to ARP request
 
Functional Test Cases - Plan and ?Status
Below laundry list of functions that could/should be tested - need to prioritize based on FD.io community needs and feedback, and scheduled for CSIT development. To work and be useful, CSIT development should be done in coordination with VPP Release Candidate content and release schedule.
Each test case and CSIT development work items prefixed with status and/or proposed priority relative to FD.io VPP release:
-  [Pn-Rm] – Proposed coverage of VPP functionality by FD.io CSIT functional and performance test cases.
- Pn – CSIT development and integration priority; n=0,1,2, 0-for-MUST, 1-for-SHOULD, 2-for-COULD.
- Rm – VPP major release, R1 stands for the first FD.io VPP release, R2 for the 2nd FD.io VPP release.
 
Plan execution tracked on CSIT jira
VPP network functions:
-  IP4 data plane
-  [DONE-R1] baseline routing [rfc791]
- [DONE-R1] TG packets routed to DUT ingress interface
- [DONE-R1] TG packets routed to DUT egress interface
- [DONE-R1] TG packets routed to DUT2 through DUT1
- [DONE-R1] TG packets routed to DUT2 egress interface through DUT1
- [DONE-R1] TG packets routed to TG through DUT1 and DUT2
 
-  [P2-R1] vpn baseline routed forwarding (VRF)
- [P2-R1] TG packets routed to DUT ingress interface, VPP configured with two VRFs
- [P2-R1] TG packets routed to DUT egress interface, VPP configured with two VRFs
- [P2-R1] TG packets routed to DUT2 through DUT1, VPP configured with two VRFs
- [P2-R1] TG packets routed to DUT2 egress interface through DUT1, VPP configured with two VRFs
- [P2-R1] TG packets routed to TG through DUT1 and DUT2, VPP configured with two VRFs
 
-  [P1-R2] vpn extranet baseline routed forwarding (VRF)
- [P1-R2] TG packets routed to DUT ingress interface, VPP configured with two extranet VRFs
- [P1-R2] TG packets routed to DUT egress interface, VPP configured with two extranet VRFs
- [P1-R2] TG packets routed to DUT2 through DUT1, VPP configured with two extranet VRFs
- [P1-R2] TG packets routed to DUT2 egress interface through DUT1, VPP configured with two extranet VRFs
- [P1-R2] TG packets routed to TG through DUT1 and DUT2, VPP configured with two extranet VRFs
 
-  [TBD] routing multipath
- [TBD] equal cost multi-path (ECMP)
- [TBD] unequal cost multi-path (UECMP)
 
-  [P0-R1] security - iacl with n-tuple classification
- [P0-R1] VPP drops packets based on IPv4 source addresses (src-addr); JIRA: CSIT-15
- [P0-R1] VPP drops packets based on IPv4 destination addresses (dst-addr); JIRA: CSIT-15
- [P0-R1] VPP drops packets based on IPv4 src-addr and dst-addr; JIRA: CSIT-15
- [P2-R1] VPP drops packets based on IPv4 protocol (TCP/UDP)
- [P2-R1] VPP drops packets based on IPv4 TCP src ports
- [P2-R1] VPP drops packets based on IPv4 TCP dst ports
- [P2-R1] VPP drops packets based on IPv4 TCP src+dst ports
- [P2-R1] VPP drops packets based on IPv4 UDP src ports
- [P2-R1] VPP drops packets based on IPv4 UDP dst ports
- [P2-R1] VPP drops packets based on IPv4 UDP src+dst ports
- [P2-R1] VPP drops packets based on MAC src addr
 
- [P0-R1] security - cop white-/black-lists
-  [P2-R1] security - source IPv4 Reverse Path Forwarding (RPF)
- [P2-R1] VPP source RPF check on IPv4 src-addr
 
-  [P1-R1] qos - ingress policing - 1r2c-(cb,ca), 2r3c-(cb,ca) policers (cb=color-blind, ca=color-aware)
- [P1-R1] VPP 1r2c-cb policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-ca policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P1-R1] VPP 2r3c-cb policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-ca policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-cb policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-ca policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-cb policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-ca policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
 
- [TBD] qos - egress policing - 1r2c-(cb,ca), 2r3c-(cb,ca) policers
-  [P1-R1] carrier grade nat 44, CGN44 [rfc6598], [rfc6888]
- [P1-R1] CGN address-only
- [P1-R1] CGN address-and-port
- [TBD] CGN address-only and application layer gateway (ALG)
- [TBD] CGN address-and-port and ALG
 
 
-  [DONE-R1] baseline routing [rfc791]
-  IP4 control plane
-  [P1-R1] ARP
- [DONE-R1] VPP responds to ARP request [rfc826]
- [P1-R1] VPP sends ARP requests for unknown destinations
 
-  [P1-R1] Proxy ARP
- [P1-R1] VPP responds to ARP requests on behalf of host present on another VPP interface.
 
-  [DONE-R1] ICMPv4
- [DONE-R1] VPP can process ICMP echo request from min to 1500B packet size with 1B increment
- [DONE-R1] VPP can process ICMP echo request from 1500B to max packet size with 10B increment
- [DONE-R1] VPP replies to ICMPv4 echo request [rfc792]
 
-  [P2-R1] DHCPv4 proxy
- [P2-R1] VPP proxies valid DHCPv4 request to DHCPv4 server
- [P2-R1] VPP proxy ignores invalid DHCPv4 request
 
-  [P2-R1] DHCPv4 client
- [P2-R1] VPP sends DHCPv4 Discover
- [P2-R1] VPP sends DHCPv4 Request after Offer
- [P2-R1] VPP honors DHCPv4 lease time
- [P2-R1] VPP releases allocated address
- [P2-R1] VPP retries DHCPv4 Discover ???times until ???total second timeout
- [P2-R1] VPP retries DHCPv4 Request ???times until ???total second timeout
 
-  [P1-R2] IKEv2
- [P1-R2] psk auth
- [P1-R2] rsa key auth
- [P1-R2] ID type IPv4 address
- [P1-R2] ID type (email) [rfc822]
- [P1-R2] ID type key-id
- [P1-R2] test various supported encryption/prf/integrity algs, DH groups, extended sequence number
 
 
-  [P1-R1] ARP
-  IP4 encapsulations
- [P1-R1] ip4-gre-ip4
-  [P1-R2] ip4-ipsec-ip4
- [P1-R2] basic connectivity test - create ipsec SA and policy on VPP, test different encryption and integrity algorithms; JIRA: CSIT-28
- [P1-R2] add/del SA and policy tests; JIRA: CSIT-28
- [P1-R2] encryprion/integrity key update test; JIRA: CSIT-28
- [P1-R2] some negative tests (each side has different enryption/integrity alg); JIRA: CSIT-28
 
 
-  ip6 data plane
-  [DONE-R1] baseline routing [rfc2460]
- [DONE-R1] TG can route to first DUT egress interface
- [DONE-R1] TG can route to second DUT through first DUT
- [DONE-R1] TG can route to second DUT egress interface through first DUT
- [DONE-R1] TG can route to TG through first and second DUT
 
-  [P2-R1] vpn baseline routed forwarding (VRF)
- [P2-R1] TG can ping to DUT ingress interface, VPP configured with two VRFs
- [P2-R1] TG can ping to DUT egress interface, VPP configured with two VRFs
- [P2-R1] TG can ping to DUT2 through DUT1, VPP configured with two VRFs
- [P2-R1] TG can ping to DUT2 egress interface through DUT1, VPP configured with two VRFs
- [P2-R1] TG can ping to TG through DUT1 and DUT2, VPP configured with two VRFs
 
-  [P0-R1] security - iacl with n-tuple classification
- [P0-R1] VPP can drop packets based on IPv6 src-addr; JIRA: CSIT-16
- [P0-R1] VPP can drop packets based on IPv6 dst-addr; JIRA: CSIT-16
- [P0-R1] VPP can drop packets based on IPv6 src-addr and dst-addr; JIRA: CSIT-16
- [P2-R1] VPP can drop packets based on IPv6 protocol (TCP/UDP)
- [P2-R1] VPP can drop packets based on IPv6 TCP src port
- [P2-R1] VPP can drop packets based on IPv6 TCP dst port
- [P2-R1] VPP can drop packets based on IPv6 TCP src+dst port
- [P2-R1] VPP can drop packets based on IPv6 UDP src port
- [P2-R1] VPP can drop packets based on IPv6 UDP dst port
- [P2-R1] VPP can drop packets based on IPv6 UDP src+dst port
- [P2-R1] VPP can drop packets based on src MAC + IPv6 UDP src+dst port
 
- [P0-R1] security - cop white-/black-lists
-  [P2-R1] security - source IPv6 Reverse Path Forwarding (RPF)
- [P2-R1] - source RPF check on IPv6 src-addr
 
-  [P1-R1] qos traffic conditioning - ingress rate metering, marking and rate-limiting - 1r2c-(cb,ca), 2r3c-(cb,ca) policers (cb=color-blind, ca=color-aware) [rfc2475], [rfc2697], [rfc2698]
- [P1-R1] VPP 1r2c-cb policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-ca policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P1-R1] VPP 2r3c-cb policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-ca policing packets based on DiffServ marking - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-cb policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 1r2c-ca policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-cb policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
- [P2-R1] VPP 2r3c-ca policing packets based on packet classify - [TBD-VPP] depends on VPP code ready
 
 
-  [DONE-R1] baseline routing [rfc2460]
-  ip6 control plane
-  [P0-R1] router advertisement
- [P0-R1] VPP transmits RA from IPv6 enabled interface
- [P0-R1] ??? ^ retransmits ???
- [P0-R1] VPP ??? handles RA ???
 
-  [DONE-R1] neighbor discovery [rfc4861]
- [DONE-R1] VPP validates and replies to IPv6 NS/NA messages
 
-  [DONE-R1] ICMPv6
- [DONE-R1] VPP replies to ICMPv6 echo request
- [DONE-R1] VPP can process ICMPv6 echo request from min to 1500B packet size with 1B increment
- [DONE-R1] VPP can process ICMPv6 echo request from 1500B to max packet size with 10B increment
 
- [TBD] ip6-ioam (in-band OAM)
-  [P1-R2] DHCPv6 proxy
- [P1-R2] VPP proxies valid DHCPv6 request to DHCPv6 server
- [P1-R2] VPP proxy ignores invalid DHCPv6 request
 
 
-  [P0-R1] router advertisement
-  ip6 encapsulations
-  [P1-R1] ip4-o-ip6 softwire
- [P1-R1] lightweight46 [rfc7596]
- [P2-R1] map-e [rfc7597]
- [P2-R1] map-t [rfc7599]
 
- [TBD] ip6-segment-routing
-  [P1-R2] ip6-ipsec-ip6
- [P1-R2] basic connectivity test - create ipsec SA and policy on VPP, test different encryption and integrity algorithms
- [P1-R2] add/del SA and policy tests
- [P1-R2] encryprion/integrity key update test
- [P1-R2] some negative tests (each side has different enryption/integrity alg)
 
 
-  [P1-R1] ip4-o-ip6 softwire
-  l2 data plane
-  [DONE-R1] L2 xconnect
- [DONE-R1] VPP forwards packets via L2 xconnect in 3-node topology
- [P2-R1] VPP forwards packets via L2 xconnect with VLAN tag acrobatics a'la MEF EVC - 1-to-1, dot1q-to-dot1q
- [P2-R1] VPP forwards packets via L2 xconnect with VLAN tag acrobatics a'la MEF EVC - 1-to-2, dot1q-to-dot1ad
- [P2-R1] VPP forwards packets via L2 xconnect with VLAN tag acrobatics a'la MEF EVC - 2-to-1, dot1ad-to-dot1q
- [P2-R1] VPP forwards packets via L2 xconnect with VLAN tag acrobatics a'la MEF EVC - 2-to-2, dot1ad-to-dot1ad7
 
-  [DONE-R1] Bridge domain
- [DONE-R1] VPP forwards packets via L2 bridge domain 2 ports
- [DONE-R1] VPP forwards packets via L2 bridge domain in 3-node topology
- [DONE-R1] VPP forwards packets via L2 bridge domain in 3-node topology with static L2FIB entries
- [P2-R1] VPP forwards packets via L2 bridge domain with VLAN tag acrobatics a'la MEF EVC - 1-to-1, dot1q-to-dot1q
- [P2-R1] VPP forwards packets via L2 bridge domain with VLAN tag acrobatics a'la MEF EVC - 1-to-2, dot1q-to-dot1ad
- [P2-R1] VPP forwards packets via L2 bridge domain with VLAN tag acrobatics a'la MEF EVC - 2-to-1, dot1ad-to-dot1q
- [P2-R1] VPP forwards packets via L2 bridge domain with VLAN tag acrobatics a'la MEF EVC - 2-to-2, dot1ad-to-dot1ad
 
-  [TBD] irb
- [TBD] TG can route to DUT ingress irb interface
- [TBD] TG can route to DUT egress irb interface
- [TBD] TG can route to DUT2 through DUT1, both DUTs using irb interfaces
- [TBD] TG can route to DUT2 egress irb interface through DUT1
- [TBD] TG can route to TG through DUT1 and DUT2, both DUTs using irb interfaces
 
 
-  [DONE-R1] L2 xconnect
-  l2 control plane
- [DONE-R1] MAC learning
- [P0-R1] MAC split-horizon; JIRA: CSIT-19
- [TBD] cdp/lldp
 
-  l2 encapsulations
-  [DONE-R1] l2-vxlan-ipv4
- [DONE-R1] VPP can encapsulate L2 in VXLAN over V4 using bridge-domain
- [DONE-R1] VPP can pass IPv4 bidirectionally through VXLAN tunnel using l2-xconnect
 
- [TBD] l2-eth-l2tpv3-ip4
- [TBD] l2-eth-l2tpv3-ip6
- [TBD] l2-eth-gre-ip4
- [TBD] l2-eth-gre-ip6
 
-  [DONE-R1] l2-vxlan-ipv4
-  l2 management plane
- [DONE-R1] VPP reports interfaces
 
-  mpls
- [TBD] vpnv4-mpls-gre-ip4
- [TBD] mpls-o-eth
 
-  nsh
- [TBD] ip4-nsh-gre-ip4
- [TBD] ip4-nsh-vxlan-gpe-ip4
 
VPP deployment topologies:
- [DONE-R1] Phy1-VPP-Phy2, VPP in host user-mode
- [P0-R1] Phy1-VPP-VM-VPP-Phy2, VPP in host user-mode; JIRA: CSIT-20
- [TBD] Phy1-pcipt-VPPVM-pcipt-Phy2, VPP in guest user-mode
- [TBD] VPP in container
- [TBD] VPP as vSwitch for containers
VPP negative testing:
- [TBD] physical interfaces down/up
- [TBD] virtual interfaces down/up
- [TBD] VPP crash recovery
Other tests:
- [TBD] Memory utilization tests
- [TBD] Memory leak tests
- [TBD] Consistency of memory footprint for selected configs
Honeycomb
-  Interfaces - Basic interface management
- [DONE] Honeycomb (modifies) CONFIGURES and READS interface state; JIRA: CSIT-40
- [P0-R1] Honeycomb modifies interface configuration - IPv4; JIRA: CSIT-37
- [P0-R1] Honeycomb modifies interface configuration - IPv6; JIRA: CSIT-38
- [P0-R1] Honeycomb modifies interface configuration - ethernet, routing; JIRA: CSIT-39
 
- Bridge domain
-  VXLAN
- [P0-R1] Honeycomb configures VXLAN; JIRA: CSIT-45
 
-  Honeycomb items for GBP
- [TBD] Honeycomb provides vhostuser support
- [TBD] Honeycomb checks VXLAN Tunneling
- [TBD] Provider networks (VLAN)
- [TBD] Policy - security groups
- [TBD] Policy - security group rules
 
Non-coding work items
- design docs
- usability docs
Functional tests infra work areas
CSIT Golden Branch
- Name of the CSIT branch is "csit-verified".
- It is created by CSIT team in CSIT gerrit project.
- It represents the version of CSIT code that is tested and verified to work perfectly.
- At the moment, csit-verified is a git branch, stored in gerrit.fd.io, that points to concrete version of master branch of CSIT project.
- Link to branch: https://gerrit.fd.io/r/gitweb?p=csit.git;a=shortlog;h=refs%2Fheads%2Fcsit-verified
- In future, we plan to switch from using branch to tag, because is suites gerrit better than branching (since we use the branch only to point to a version in master).
Run testcases based on vpp code change (no clear ideas yet)
- for now execute all baseline tests - l2, ip4, ip6
- future per code change functional and vpp node graph dependencies
Gathering of stats/logs/core dumps from DUTs/TGs after test execution:
- naming schemes, storage, packaging
- collection of TELEMETRY
-  plain text - structured
- one-time snapshot of the system
- for human driven hand-crafted debugging
- for human driven part-automated debugging
- for machine driven fully-automated analysis
 
- use Network Data Analytics engine in the future
Honeycomb tests framework
-  NETCONF FrameWork
- library that understands netconf and ssh
 
-  Existing CSIT RF (Robot-Framework) and Python libraries / tools extension to use HC/VAT/CLI "driver" to execute things
-  the same logical code - execute across different driver APIs
- HC, VAT, CLI
 
 
-  the same logical code - execute across different driver APIs
VPP project
- plannig and coordinating with code development
-  specifying and identifying dependencies to/from
- deployment use cases
- CSIT
 
Honeycomb project
- plannig and coordinating with code development
-  specifying and identifying dependencies to/from
- deployment use cases
- CSIT
 
