Network Test Automation - Net Ops Coding 2015

Network Test Automation - Net Ops Coding 2015

• 1.
  1 Network Test Automation @otahi 2015-10-30 NetOps Coding #1
• 2.
  2 Self Introduction ● @otahi –A network engineer? ● Trying to be an SDN engineer ● Charged in (mainly) DC internal network – Programmer ● Weekends and early mornings only + Weekdays – Favorite language ● Ruby
• 3.
  3 Net Ops +Coding? ● SDN – OpenFlow – OpenStack ● Configuration automation – NETCONF – Rest API – SSH ● Test automation – RSpec
• 4.
  4 Test Automation ● “Testautomation” gives: – Confidence to change – Reducing double checks!! ● Difficulties?: – Old network devices? → No problem – No time to change → No problem – Intermediate states? → No problem – Affects network connectivity? → No problem ✔ ✔ ✔ ✔
• 5.
  5 How to Test? ●You can test your network with tools – Language: Ruby – Test framework: RSpec – Target servers: No Ruby needed Testing server Target server 1 Target server 2 Ruby & RSpec tooltooltooltool SSH/HTTP(S)/DNS Target network
• 6.
  6 Test Tools Type Testtarget Remarks Serverspec Servers(static) Infrataster Servers(dynamic) Infrataster-plugin-dns (Rspec-dns) DNS servers Infrataster-plugin-firewall Firewalls Traget server needs: tcpdump, netcat Lbspec Load Balancers(L4-L7) Target server needs: ngrep, netcat Rspec-ssltls SSL/TLS
• 7.
  7 Serverspec describe host('target.example.jp') do #ping it { should be_reachable } # tcp port 22 it { should be_reachable.with( port: 22 ) } # set protocol explicitly it { should be_reachable.with( port: 22, proto: 'tcp' ) } end
• 8.
  8 Infrataster-plugin-dns describe server(:dns) do describedns('www.example.com') do it do is_expected.to have_entry.with_type('A') .and_address('192.0.2.4') end end describe dns('192.0.2.4') do it do is_expected.to have_entry.with_type('PTR') .and_domainname('www.example.com') end end end
• 9.
  9 Infrataster-plugin-firewall describe server(:src) do describefirewall(server(:dst)) do it { is_expected.to be_reachable } it { is_expected.to be_reachable.dest_port(80) } it { is_expected.to be_reachable.tcp.dest_port(80) } it { is_expected.to be_reachable.udp.dest_port(53) } end end
• 10.
  10 Lbspec describe 'vhost_c:80' do it{ should transfer(['node_b', 'node_c']])).port(80) } it { should respond('404') } end describe 'loadbalancer' do it do should healthcheck('node_c') .include('/test/healthcheck').from('192.168.1.10') end end
• 11.
  11 Rspec-ssltls describe 'www.example.com:443' do itdo is_expected.to have_certificate .subject(CN: '*.example.com').valid_at('2020/09/12 19:00:05 JST') end it { is_expected.to support_protocol('TLSv1_2') } it { is_expected.to support_cipher('AES256-SHA').protocol('TLSv1') } it { is_expected.to support_cipher('DES-CBC3-SHA').protocol('SSLv3') } it do is_expected.to choose_cipher('DES-CBC3-SHA') .protocol('TLSv1') .from(['AES256-SHA', 'AES128-SHA', 'DES-CBC3-SHA']) end end
• 12.
  12 You can gettest results $ bundle exec rspec server 'src' via firewall should reach to server 'dst' should reach to server 'dst' dest_port: 80 should reach to server 'dst' tcp dest_port: 80 should reach to server 'dst' udp dest_port: 53 Finished in 15.87 seconds (files took 0.58711 seconds to load) 4 examples, 0 failures $
• 13.
  13 Thank you!