aboutsummaryrefslogtreecommitdiffstats
path: root/sfc/tests/functest/README.tests
blob: d4e3df3ec91fc9ebb321da479e150e2a172ec2d3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

## These are the current available test cases ##

## TEST ONE CHAIN - sfc_one_chain_two_service_functions ##

We create one client and one server using nova. Then, 2 SFs are created using
tacker. A chain is created where both SFs are included.

vxlan_tool is started in both SFs and HTTP traffic is sent from the client to
the server. If it works, the vxlan_tool is modified to block HTTP traffic.
It is tried again and it should fail because packets are dropped. Then, that
SF stops blocking and the other SF starts blocking HTTP and the connection is
tried again.


## TEST TWO CHAINS - sfc_two_chains_SSH_and_HTTP ##

We create one client and one server using nova. Then, 2 SFs are created using
tacker. Two chains are created, having one SF each.

vxlan_tool is started in both SFs, one SF blocks SSH traffic and the other SF
block HTTP traffic. First, the client traffic is classified to chain1, where
HTTP should work but SSH sould not. This is tested and after that the
classification is changed to classified to chain2, where HTTP should not work
but SSH should work. This is tested again.


## TEST SYMMETRIC - sfc_symmetric_chain ##

One client and one server are created using nova. The server will be running
a web server on port 80.

Then one Service Function (SF) is created using Tacker. This service function
will be running a firewall that blocks the traffic in a specific port (e.g.
33333). A symmetric service chain routing the traffic throught this SF will be
created as well.

1st check: The client is able to reach the server using a source port different
from the one that the firewall blocks (e.g 22222), and the response gets back
to the client.

2nd check: The client is able to reach the server using the source port that
the firewall blocks, but responses back from the server are blocked, as the
symmetric service chain makes them go through the firewall that blocks on the
destination port initially used as source port by the client (e.g. 33333).

If the client is able to receive the response, it would be a symptom of the
symmetric chain not working, as traffic would be flowing from server to client
directly without traversing the SF.