.. |br| raw:: html
Cop Address Security
--------------------
eth2p-ethip4-ip4base-copblklistbase-func
''''''''''''''''''''''''''''''''''''''''
**COP Security IPv4 Blacklist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv4-ICMPv4 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv4 routing and static routes. COP security black-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
| Name | Documentation | Status |
+=====================================================================+===============================================================================================================================================================================================================================================================================================================================================================================================================+========+
| TC01: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr | [Top] TG-DUT1-DUT2-TG. |br| [Enc] Eth-IPv4-ICMPv4. |br| [Cfg] On DUT1 configure interface IPv4 addresses and routes in the main routing domain, add COP blacklist on interface to TG with IPv4 src-addr matching packets generated by TG; on DUT2 configure L2 xconnect. |br| [Ver] Make TG send ICMPv4 Echo Req on its interface to DUT1; verify no ICMPv4 Echo Req pkts are received. |br| [Ref] | PASS |
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
eth2p-ethip4-ip4base-copwhlistbase-func
'''''''''''''''''''''''''''''''''''''''
**COP Security IPv4 Whitelist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv4-ICMPv4 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv4 routing and static routes. COP security white-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
| Name | Documentation | Status |
+=======================================================================+====================================================================================================================================================================================================================================================================================================================================================================================================================+========+
| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr | [Top] TG-DUT1-DUT2-TG. |br| [Enc] Eth-IPv4-ICMPv4. |br| [Cfg] On DUT1 configure interface IPv4 addresses and routes in the main routing domain, add COP whitelist on interface to TG with IPv4 src-addr matching packets generated by TG; on DUT2 configure L2 xconnect. |br| [Ver] Make TG send ICMPv4 Echo Req on its interface to DUT1; verify received ICMPv4 Echo Req pkts are correct. |br| [Ref] | PASS |
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
eth2p-ethip6-ip6base-copblklistbase-func
''''''''''''''''''''''''''''''''''''''''
**COP Security IPv6 Blacklist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv6-ICMPv6 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv6 routing and static routes. COP security black-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv6 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
| Name | Documentation | Status |
+=====================================================================+===============================================================================================================================================================================================================================================================================================================================================================================================================+========+
| TC01: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr | [Top] TG-DUT1-DUT2-TG. |br| [Enc] Eth-IPv6-ICMPv6. |br| [Cfg] On DUT1 configure interface IPv6 addresses and routes in the main routing domain, add COP blacklist on interface to TG with IPv6 src-addr matching packets generated by TG; on DUT2 configure L2 xconnect. |br| [Ver] Make TG send ICMPv6 Echo Req on its interface to DUT1; verify no ICMPv6 Echo Req pkts are received. |br| [Ref] | PASS |
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
eth2p-ethip6-ip6base-copwhlistbase-func
'''''''''''''''''''''''''''''''''''''''
**COP Security IPv6 Whitelist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv6-ICMPv6 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv6 routing and static routes. COP security white-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv6 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+
| Name | Documentation | Status |
+=======================================================================+====================================================================================================================================================================================================================================================================================================================================================================================================================+========+
| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr | [Top] TG-DUT1-DUT2-TG. |br| [Enc] Eth-IPv6-ICMPv6. |br| [Cfg] On DUT1 configure interface IPv6 addresses and routes in the main routing domain, add COP whitelist on interface to TG with IPv6 src-addr matching packets generated by TG; on DUT2 configure L2 xconnect. |br| [Ver] Make TG send ICMPv6 Echo Req on its interface to DUT1; verify received ICMPv6 Echo Req pkts are correct. |br| [Ref] | PASS |
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+