University of Pennsylvania: Campus Core Router Test Plan
Initial Setup (4 days)
1. Install processor modules, control modules,
interface modules, power supplies etc.
2. Power on system
3. Obtain console access to system
4. Verify boot screen output
5. Verify component inventory
6. Setup lab network testbed
7. Attach system to testbed
Test items:
1. Routing Protocols (4 days)
- IPv4 OSPFv2
Test protocol compliance and vendor interoperability
Test failed link detection and protocol convergence
Test use of LSA types 1-5 and 7
Test metrics and equal cost multipathing
Test multi-area OSPF topologies
- IPv6 OSPFv3
(same)
- IPv4 and IPv6 Integrated IS-IS
Test protocol compliance and vendor interoperability
Test metrics, wide metrics, load sharing on equal cost paths,
reference bandwidths
Test HMAC-MD5 authentication of protocol updates (RFC 3576)
Injecting default routes into IS-IS
Test routing protocol weighting and co-existence with OSPFv2
Test IS-IS policies
Test multi-area IS-IS topologies and route summarization
Test multi-topology IS-IS to support non-congruent IPv4/v6
unicast routing topologies
- IPv6 specific functionality
Test stateless address auto-configuration, neighbor discovery,
router advertisement etc.
Test IPv6 enabled flow export (netflow version 9?)
- BGP and Multi-protocol BGP
Test protocol compliance and vendor interoperability
Test BGP authentication w/ TCP-MD5 option
Test BGP TTL hack if available
Test a variety of BGP policy configurations
Test internal BGP peering topologies
Is it feasible to carry 2 full Internet routing tables (from
our 2 ISPs) in the core routers? How much RAM is needed
on RE/SUP cards and FIB/PFE cards for this to happen?
2. IP Multicast Routing (4 days)
Test/configure PIM sparse mode with various RP configurations:
single static, multiple static w/ anycast and MSDP,
PIM-BSR (no auto-RP)
Test/configure MSDP
Test/configure IGMPv2
Test/configure IGMPv3 and PIM-SSM
Test sourcing and receiving multicast traffic
Test ability to filter and scope multicast traffic and
multicast control protocols.
Test IPv6 multicast features (if available):
MLD, PIM-SM/v6, Embedded RP
3. UDP Forwarding (1 days)
Test DHCP forwarding to multiple unicast hosts on a per
interface basis.
Test forwarding of other UDP protocols to multiple unicast
hosts on a per interface basis.
4. Loopback interfaces (1 days)
Configure/test multiple loopback interfaces
Configure multiple addresses per loopback interface
Test that router originated traffic can be sourced with
the loopback address (or other designated address):
a. SNMP, syslog, netflow, RADIUS
b. Outbound ping, traceroute
c. Outbound telnet, ssh
5. IEEE 802.1 & 802.3 Standards compliance (4 days)
Test and verify configuration of bridge ports.
Test and verify operation of 802.1D spanning tree on
bridge ports.
Test and verify operation of 802.1w on bridged ports.
Test and verify configuration of VLAN trunk ports using
802.1Q.
Test and verify operation of 802.1p on router ports and
802.1q trunk ports.
Test and verify operation of 802.3ad link aggregation
6. SNMP and RMON monitoring and management (N days)
a. Test and verify support for SNMP v1/v2c/v3
b. Test and verify RMON support
7. Authentication/Accounting and Access (2 days)
a. Test and verify RADIUS Authentication
b. Test and verify RADIUS Accounting
c. Test and verify per-command authorization, via RADIUS VSAs
d. Test and verify multiple access levels with varying privileges,
via RADIUS
e. Test and verify secure client access to command line
f. Test and verify secure client file transfer, client and server
g. Does router support Kerberos authentication for management
sessions (eg. via the TELNET authentication option)?
h. Does router support command accounting via RADIUS? (most
likely implemented via RADIUS Accounting Interim-Update
messages).
i. Does router support traditional BSD SYSLOG protocol?
j. Does router support secure and reliable SYSLOG (RFC 3195)?
8. Configuration Management (2 days)
a. Test export, editing, and reload of configuration in text format
b. Test configuration rollback using locally stored configurations
c. Test upgrade and rollback of software images using locally stored
software images.
9. Port Mirroring (1 day)
a. [...]
10. Traffic Accounting (2 days)
a. Test and verify NetFlow export, version 5 and varying traffic loads
b. Verify functionality and accuracy of traffic accounting
c. Test netflow tunable parameters (eg. sampling rates, active/
inactive flow expiration timers etc)
d. If available, test support Netflow version 9 (basis for new
IETF flow information export protocol). What flow data is
support? Is template based extensibility supported?
11. QoS and Priority Traffic handling (5 days)
a. Test and verify use of multiple output queues per interface
and per sub-interface
b. Test output traffic prioritization by queue
c. Test traffic prioritization based on DiffServ
d. Test support for marking and remarking DSCP bits on transit
traffic and router originated traffic
e. Test mapping of L3 QOS to L2 QOS (DiffServ to 802.1p)
f. Test mapping of L2 QOS to L3 QOS (802.1p to DiffServ)
g. Test traffic shaping/rate limiting of transit traffic
12. Access control lists and filters (2 days)
a. Test and verify access control filters based on L3 and
higher layer protocol information (IP proto, src/dst addr,
transport proto, src/dst port etc)
b. Compare packet throughput with and without access control
filters applied and measure performance degradation relative
to number of filters and traffic load.
c. Examine support for IPv6. In particular, does router assume
any specific order of extension headers, or does it for
search arbitrarily deep to locate them (eg. to find TCP
port numbers in the TCP extension header).
13. Policy based routing (3 days)
a. Configure/test ability to route packets on criterion other
simple longest-prefix-match destination address
b. Test ability to support multiple distinct routing tables
and ability to map traffic to those tables.
14. IPSEC (2 days)
a. Test IPSEC functionality
b. [... details ...]
15. Performance (2 days)
a. Perform basic throughput & latency testing
b. Custom smartbits tests
c. Ensure that tests are (re) performed with full complement
of other router features turned on.
16. Other (3 days)
a. Test and verify VRRP support and protocol compliance
b. Test and verify configuration of secondary addresses
c. Test and verify disabling of directed broadcast
d. Test anti-source address spoofing measures
e. Test jumbo frame support on gigabit ethernet interfaces
f. Test CPU and control-plane security mechanisms
17. Test hardware/component redundancy features (2 days)
a. Deploy redundant configurations of routing engines, supervisor
boards, switch interface boards, control boards etc
b. Test hot swapability of above components and their impact
on data flow and control protocol state
i. BFD support (Bi-directional Forwarding Detection)
c. Test hot swapability of line cards/interfaces
18. Host Management software testing (N days)
a. Deploy vendor supplied host management software
b. Test specific functionality of interest to us (eg. bulk
configuration changes, bulk software updates, and other
bulk management features)
Shumon Huque, Steve Blair
Network Engineering
University of Pennsylvania.