.. |br| raw:: html
.. |prein| raw:: html
.. |preout| raw:: html
Cop Address Security
--------------------
eth2p-ethip4-ip4base-copblklistbase-func
''''''''''''''''''''''''''''''''''''''''
**COP Security IPv4 Blacklist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv4-ICMPv4 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv4 routing and static routes. COP security black-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+---------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | VPP API Test (VAT) Commands History - Commands Used Per Test Case |
+=====================================================================+===============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| TC01: DUT drops IPv4 pkts with COP blacklist set with IPv4 src-addr | |prein| **DUT1:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 |br| sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 |br| ip_neighbor_add_del sw_if_index 1 dst 192.168.1.2 mac fa:16:3e:6a:a9:9f |br| ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:12:d2:d2 |br| ip_add_del_route 32.0.0.1/24 via 192.168.2.2 sw_if_index 3 resolve-attempts 10 count 1 |br| ip_add_del_route 16.0.0.0/24 drop vrf 1 create-vrf |br| cop_whitelist_enable_disable sw_if_index 1 ip4 fib-id 1 |br| cop_interface_enable_disable sw_if_index 1 |br| |br| **DUT2:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 |br| sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 |br| |preout| |
+---------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
eth2p-ethip4-ip4base-copwhlistbase-func
'''''''''''''''''''''''''''''''''''''''
**COP Security IPv4 Whitelist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv4-ICMPv4 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv4 routing and static routes. COP security white-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv4 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | VPP API Test (VAT) Commands History - Commands Used Per Test Case |
+=======================================================================+================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| TC01: DUT permits IPv4 pkts with COP whitelist set with IPv4 src-addr | |prein| **DUT1:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_add_del_address sw_if_index 1 192.168.1.1/24 |br| sw_interface_add_del_address sw_if_index 3 192.168.2.1/24 |br| ip_neighbor_add_del sw_if_index 1 dst 192.168.1.2 mac fa:16:3e:6a:a9:9f |br| ip_neighbor_add_del sw_if_index 3 dst 192.168.2.2 mac fa:16:3e:12:d2:d2 |br| ip_add_del_route 32.0.0.1/24 via 192.168.2.2 sw_if_index 3 resolve-attempts 10 count 1 |br| ip_add_del_route 16.0.0.0/24 local vrf 1 create-vrf |br| cop_whitelist_enable_disable sw_if_index 1 ip4 fib-id 1 |br| cop_interface_enable_disable sw_if_index 1 |br| |br| **DUT2:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 |br| sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 |br| |preout| |
+-----------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
eth2p-ethip6-ip6base-copblklistbase-func
''''''''''''''''''''''''''''''''''''''''
**COP Security IPv6 Blacklist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv6-ICMPv6 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv6 routing and static routes. COP security black-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv6 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | VPP API Test (VAT) Commands History - Commands Used Per Test Case |
+=====================================================================+=============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| TC01: DUT drops IPv6 pkts with COP blacklist set with IPv6 src-addr | |prein| **DUT1:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 |br| sw_interface_set_flags sw_if_index 3 admin-up |br| ip_neighbor_add_del sw_if_index 1 dst 3ffe:62::2 mac fa:16:3e:6a:a9:9f |br| ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:12:d2:d2 |br| ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2 sw_if_index 3 resolve-attempts 10 count 1 |br| sw_interface_ip6nd_ra_config sw_if_index 4 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 2 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 3 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 1 surpress |br| ip_add_del_route 3ffe:61::/64 drop vrf 1 create-vrf |br| cop_whitelist_enable_disable sw_if_index 1 ip6 fib-id 1 |br| cop_interface_enable_disable sw_if_index 1 |br| |br| **DUT2:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 |br| sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 |br| sw_interface_add_del_address sw_if_index 3 3ffe:72::1/64 |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_add_del_address sw_if_index 1 3ffe:73::1/64 |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_ip6nd_ra_config sw_if_index 4 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 2 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 3 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 1 surpress |br| |preout| |
+---------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
eth2p-ethip6-ip6base-copwhlistbase-func
'''''''''''''''''''''''''''''''''''''''
**COP Security IPv6 Whitelist Tests**
- **[Top] Network Topologies:** TG-DUT1-DUT2-TG 3-node circular topology with single links between nodes.
- **[Enc] Packet Encapsulations:** Eth-IPv6-ICMPv6 on all links.
- **[Cfg] DUT configuration:** DUT1 is configured with IPv6 routing and static routes. COP security white-lists are applied on DUT1 ingress interface from TG. DUT2 is configured with L2XC.
- **[Ver] TG verification:** Test ICMPv6 Echo Request packets are sent in one direction by TG on link to DUT1; on receive TG verifies packets for correctness and drops as applicable.
- **[Ref] Applicable standard specifications:**
+-----------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name | VPP API Test (VAT) Commands History - Commands Used Per Test Case |
+=======================================================================+==============================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+
| TC01: DUT permits IPv6 pkts with COP whitelist set with IPv6 src-addr | |prein| **DUT1:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_add_del_address sw_if_index 1 3ffe:62::1/64 |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_add_del_address sw_if_index 3 3ffe:63::1/64 |br| sw_interface_set_flags sw_if_index 3 admin-up |br| ip_neighbor_add_del sw_if_index 1 dst 3ffe:62::2 mac fa:16:3e:6a:a9:9f |br| ip_neighbor_add_del sw_if_index 3 dst 3ffe:63::2 mac fa:16:3e:12:d2:d2 |br| ip_add_del_route 3ffe:64::1/64 via 3ffe:63::2 sw_if_index 3 resolve-attempts 10 count 1 |br| sw_interface_ip6nd_ra_config sw_if_index 4 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 2 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 3 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 1 surpress |br| ip_add_del_route 3ffe:61::/64 local vrf 1 create-vrf |br| cop_whitelist_enable_disable sw_if_index 1 ip6 fib-id 1 |br| cop_interface_enable_disable sw_if_index 1 |br| |br| **DUT2:** |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_dump |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_set_l2_xconnect rx_sw_if_index 3 tx_sw_if_index 1 |br| sw_interface_set_l2_xconnect rx_sw_if_index 1 tx_sw_if_index 3 |br| sw_interface_add_del_address sw_if_index 3 3ffe:72::1/64 |br| sw_interface_set_flags sw_if_index 3 admin-up |br| sw_interface_add_del_address sw_if_index 1 3ffe:73::1/64 |br| sw_interface_set_flags sw_if_index 1 admin-up |br| sw_interface_ip6nd_ra_config sw_if_index 4 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 2 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 3 surpress |br| sw_interface_ip6nd_ra_config sw_if_index 1 surpress |br| |preout| |
+-----------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+