diff options
Diffstat (limited to 'sfc/tests/functest/README.tests')
-rw-r--r-- | sfc/tests/functest/README.tests | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/sfc/tests/functest/README.tests b/sfc/tests/functest/README.tests new file mode 100644 index 00000000..d4e3df3e --- /dev/null +++ b/sfc/tests/functest/README.tests @@ -0,0 +1,48 @@ +## These are the current available test cases ## + +## TEST ONE CHAIN - sfc_one_chain_two_service_functions ## + +We create one client and one server using nova. Then, 2 SFs are created using +tacker. A chain is created where both SFs are included. + +vxlan_tool is started in both SFs and HTTP traffic is sent from the client to +the server. If it works, the vxlan_tool is modified to block HTTP traffic. +It is tried again and it should fail because packets are dropped. Then, that +SF stops blocking and the other SF starts blocking HTTP and the connection is +tried again. + + +## TEST TWO CHAINS - sfc_two_chains_SSH_and_HTTP ## + +We create one client and one server using nova. Then, 2 SFs are created using +tacker. Two chains are created, having one SF each. + +vxlan_tool is started in both SFs, one SF blocks SSH traffic and the other SF +block HTTP traffic. First, the client traffic is classified to chain1, where +HTTP should work but SSH sould not. This is tested and after that the +classification is changed to classified to chain2, where HTTP should not work +but SSH should work. This is tested again. + + +## TEST SYMMETRIC - sfc_symmetric_chain ## + +One client and one server are created using nova. The server will be running +a web server on port 80. + +Then one Service Function (SF) is created using Tacker. This service function +will be running a firewall that blocks the traffic in a specific port (e.g. +33333). A symmetric service chain routing the traffic throught this SF will be +created as well. + +1st check: The client is able to reach the server using a source port different +from the one that the firewall blocks (e.g 22222), and the response gets back +to the client. + +2nd check: The client is able to reach the server using the source port that +the firewall blocks, but responses back from the server are blocked, as the +symmetric service chain makes them go through the firewall that blocks on the +destination port initially used as source port by the client (e.g. 33333). + +If the client is able to receive the response, it would be a symptom of the +symmetric chain not working, as traffic would be flowing from server to client +directly without traversing the SF. |