1

Network Test Automation- Reduce double check -

@otahi2015-04-23

Network Programability Study #4

2

Self Introduction● @otahi

– A network engineer?● Charged in (mainly) DC internal network

– Sunday programmer● Weekends and early mornings only

– Favorite language● Ruby

3

Network Engineer?Type Related to How many people at this

study?SDN OpenFlow, OpenStack 20 people

Internet BGP 10 peopleIntranet WAN, Inter DC 15 people

DC internal Firewall, Loadbalancer,L2/L3 switch

30 people

Platform Service DNS, mail, proxy 20 people

Server Linux, Windows, 20 people

Application Web Service, MailService

10 people

4

What is Network Programmability?● SDN

– OpenFlow– OpenStack

● Configuration automation– NETCONF– Rest API– SSH

● Test automation– RSpec

5

SDN● “SDN” gives:

– Agility– Flexibility

● Difficulties– Old network devices– No time to change

6

Configuration Automation● “Configuration automation” gives:

– Reducing procedures to check– Reducing miss takes to configure– Reducing effort to configure devices

● Difficulties– Old network devices– Intermediate states

● They need procedures to configure– Affects network connectivity

7

Test Automation● “Test automation” gives:

– Confidence to change– Reducing double check!!

● Difficulties?:– Old network devices? → No problem– No time to change → No problem– Intermediate states? → No problem– Affects network connectivity? → No problem

8

How to Test?● You can test your network with tools

– Language: Ruby– Test framework: RSpec– Target servers: No Ruby needed

Testing server

Target server 1

Target server 2

Ruby & RSpec

tooltooltooltool

SSH/HTTP

(S)/D

NS

Target network

9

Example for Test ToolsType Test target Remarks

Serverspec Servers(static)

Infrataster Servers(dynamic)

Infrataster-plugin-dns(Rspec-dns)

DNS servers

Infrataster-plugin-firewall Firewalls Traget server needs:tcpdump, netcat

Lbspec Load Balancers(L4-L7) Target server needs:ngrep, netcat

Rspec-ssltls SSL/TLS

10

Serverspecdescribe host('target.example.jp') do

# ping

it { should be_reachable }

# tcp port 22

it { should be_reachable.with( port: 22 ) }

# set protocol explicitly

it { should be_reachable.with( port: 22, proto: 'tcp' ) }

end

11

Lbspecdescribe 'vhost_c:80' do

it { should transfer(['node_b', 'node_c']])).port(80) }

it { should respond('404') }

end

describe 'loadbalancer' do

it do should healthcheck('node_c')

.include('/test/healthcheck').from('192.168.1.10')

end

end

12

Infrataster-plugin-firewalldescribe server(:src) do

describe firewall(server(:dst)) do

it { is_expected.to be_reachable }

it { is_expected.to be_reachable.dest_port(80) }

it { is_expected.to be_reachable.tcp.dest_port(80) }

it { is_expected.to be_reachable.udp.dest_port(53) }

end

end

13

You can get test results$ bundle exec rspec

server 'src'

via firewall

should reach to server 'dst'

should reach to server 'dst' dest_port: 80

should reach to server 'dst' tcp dest_port: 80

should reach to server 'dst' udp dest_port: 53

Finished in 15.87 seconds (files took 0.58711 seconds to load)

4 examples, 0 failures

$

14

Try New Things

● Simple and regression → automation● Focus to complex and critical● Try new things and go home early!

Simple and regression test

Complex and critical test

Try new things

15

Future Development● TDD with SDN

– Test on SDN experimental environment– When “ALL GREEN” deploy to production

environment

16

Thank you!