This test plan covers the required testcases for newly introduced ACL Table type - L3V4V6
The test is targeting a running SONIC system with fully functioning configuration. The purpose of the test is to cover test cases for functional testing of ACL Table type L4V4V6 on SONiC system, making sure that traffic flows correctly, according to the V4 & V6 ACL Rules configuration.
| Command | Comment |
|---|---|
| Configuration commands | |
| config acl add table <table_name> L3V4V6 acl-loader update full <File_Name> |
|
| Show commands | |
| show acl table <table_name> aclshow -a |
Example ACL rules in config_db for ACL Table type L3V4V6
{
"ACL_TABLE": {
"DATAACL": {
"policy_desc": "L3V4V6 DATAACL",
"ports": [
"Ethernet100",
"Ethernet104",
"Ethernet92",
"Ethernet96",
"Ethernet28"
],
"type": "L3V4V6",
"stage": "ingress"
}
}
"ACL_RULE": {
"DATAACL|RULE_1": {
"PRIORITY": "100",
"SRC_IP": "10.0.0.10/32",
"IP_TYPE": "IPV4",
"PACKET_ACTION": "FORWARD"
},
"DATAACL|RULE_2": {
"PRIORITY": "100",
"IP_TYPE": "IPV4",
"DST_IP": "20.0.0.10/32",
"PACKET_ACTION": "DROP"
},
"DATAACL|RULE_3": {
"PRIORITY": "100",
"IP_TYPE": "IPV6",
"SRC_IPV6": "2010:0:1:0::1/128",
"PACKET_ACTION": "DROP"
},
"DATAACL|RULE_4": {
"PRIORITY": "100",
"IP_TYPE": "IPV6",
"DST_IPV6": "2011:0:1:0::1/128",
"PACKET_ACTION": "FORWARD"
}
}
}
}
NA
The test will run on the t0 testbed:
- Before starting the test, Acl capability of STATE_DB will be checked. If the platform does not support L3V4V6 ACL Table Type, then further testing will be skipped.
- Creating below given ACL Table will have the specified ACL Match Fields
| ACL Table Type | ACL table stage: ingress | ACL table stage: egress |
|---|---|---|
| L3V4V6 | MATCH_SRC_IP MATCH_DST_IP MATCH_SRC_IPV6 MATCH_DST_IPV6 MATCH_OUTER_VLAN_ID MATCH_L4_SRC_PORT MATCH_L4_DST_PORT MATCH_ETHER_TYPE MATCH_IP_PROTOCOL MATCH_TCP_FLAGS MATCH_ACL_IP_TYPE MATCH_ICMP_TYPE MATCH_ICMP_CODE MATCH_ICMPV6_TYPE MATCH_ICMPV6_CODE MATCH_IPV6_NEXT_HEADER |
MATCH_SRC_IP MATCH_DST_IP MATCH_SRC_IPV6 MATCH_DST_IPV6 MATCH_OUTER_VLAN_ID MATCH_L4_SRC_PORT MATCH_L4_DST_PORT MATCH_ETHER_TYPE MATCH_IP_PROTOCOL MATCH_TCP_FLAGS MATCH_ACL_IP_TYPE MATCH_ICMP_TYPE MATCH_ICMP_CODE MATCH_ICMPV6_TYPE MATCH_ICMPV6_CODE MATCH_IPV6_NEXT_HEADER |
Test objective
- To verify IPv4 match fields for upstream neighbors, downstream hosts in both Ingress & Egress stages of L3V4V6 ACL TABLE
Test description
| # | Test Description | Expected Result |
|---|---|---|
| 1. | Create ACL table of type L3V4V6 | ACL Table should be created |
| 2. | Configure ACL Rules for all the supported match fields for IPv4 | Configuration should be successful |
| 3. | Associate the table to upstream neighbors in Ingress & Egress stages | Config should be successful |
| 4. | Send traffic to verify appropriate IPv4 match fields | Traffic should be matched against the respective ACL Rules |
| 5. | Send traffic not matching the appropriate IPv4 match fields | Traffic should not be matched against the respective ACL Rules |
| 6. | Associate the table to downstream hosts in Ingress & Egress stages | Config should be successful |
| 7. | Send traffic to verify appropriate IPv4 match fields | Traffic should be matched against the respective ACL Rules |
| 8. | Send traffic not matching the appropriate IPv4 match fields | Traffic should not be matched against the respective ACL Rules |
| 9. | Verify "aclshow" and ensure counters are reflected correctly | Counters should be incremented only for matched traffic |
| 10. | Verify "show acl table <table_name> and ensure table_type is displaying as L3V4V6 | Counters should be incremented only for matched traffic |
| 11. | Save the config, do reload and verify traffic again | No deviation from the above expected results should be observed |
| 12. | Flap the ACL associated ports and verify traffic again | No deviation from the above expected results should be observed |
Test objective
- To verify IPv6 match fields for upstream neighbors, downstream hosts in both Ingress & Egress stages of L3V4V6 ACL TABLE
Test description
| # | Test Description | Expected Result |
|---|---|---|
| 1. | Create ACL table of type L3V4V6 | ACL Table should be created |
| 2. | Configure ACL Rules for all the supported match fields for IPv6 | Configuration should be successful |
| 3. | Associate the table to upstream neighbors in Ingress & Egress stages | Config should be successful |
| 4. | Send traffic to verify appropriate IPV6 match fields | Traffic should be matched against the respective ACL Rules |
| 5. | Send traffic not matching the appropriate IPV6 match fields | Traffic should not be matched against the respective ACL Rules |
| 6. | Associate the table to downstream hosts in Ingress & Egress stages | Config should be successful |
| 7. | Send traffic to verify appropriate IPV6 match fields | Traffic should be matched against the respective ACL Rules |
| 8. | Send traffic not matching the appropriate IPV6 match fields | Traffic should not be matched against the respective ACL Rules |
| 9. | Verify "aclshow" and ensure counters are reflected correctly | Counters should be incremented only for matched traffic |
| 10. | Verify "show acl table <table_name> and ensure table_type is displaying as L3V4V6 | Counters should be incremented only for matched traffic |
| 11. | Save the config, do reload and verify traffic again | No deviation from the above expected results should be observed |
| 12. | Flap the ACL associated ports and verify traffic again | No deviation from the above expected results should be observed |
Test objective
- To verify both IPv4 & IPv6 match fields in L3V4V6 ACL TABLE
Test description
| # | Test Description | Expected Result |
|---|---|---|
| 1. | Create ACL table of type L3V4V6 | ACL Table should be created |
| 2. | Configure ACL Rules for all the supported match fields for IPv4 & IPv6 | Configuration should be successful |
| 3. | Associate the table to upstream neighbors in Ingress & Egress stages | Config should be successful |
| 4. | Send traffic to verify appropriate IPv4 & IPv6 match fields | Traffic should be matched against the respective ACL Rules |
| 5. | Send traffic not matching the appropriate IPv4 & IPv6 match fields | Traffic should not be matched against the respective ACL Rules |
| 6. | Associate the table to downstream hosts in Ingress & Egress stages | Config should be successful |
| 7. | Send traffic to verify appropriate IPv4 & IPv6 match fields | Traffic should be matched against the respective ACL Rules |
| 8. | Send traffic not matching the appropriate IPv4 & IPv6 match fields | Traffic should not be matched against the respective ACL Rules |
| 9. | Verify "aclshow" and ensure counters are reflected correctly | Counters should be incremented only for matched traffic |
| 10. | Verify "show acl table <table_name> and ensure table_type is displaying as L3V4V6 | Counters should be incremented only for matched traffic |
| 11. | Save the config, do reload and verify traffic again | No deviation from the above expected results should be observed |
| 12. | Flap the ACL associated ports and verify traffic again | No deviation from the above expected results should be observed |