University of Pennsylvania: Campus Core Router Test Plan

Initial Setup (4 days)							

	1. Install processor modules, control modules, 
	   interface modules, power supplies etc.
	2. Power on system 
	3. Obtain console access to system 
	4. Verify boot screen output 
	5. Verify component inventory 
	6. Setup lab network testbed
	7. Attach system to testbed

Test items:

1. Routing Protocols (4 days)						

   - IPv4 OSPFv2
     Test protocol compliance and vendor interoperability
     Test failed link detection and protocol convergence
     Test use of LSA types 1-5 and 7
     Test metrics and equal cost multipathing
     Test multi-area OSPF topologies

   - IPv6 OSPFv3

   - IPv4 and IPv6 Integrated IS-IS
     Test protocol compliance and vendor interoperability
     Test metrics, wide metrics, load sharing on equal cost paths,
         reference bandwidths
     Test HMAC-MD5 authentication of protocol updates (RFC 3576)
     Injecting default routes into IS-IS
     Test routing protocol weighting and co-existence with OSPFv2
     Test IS-IS policies
     Test multi-area IS-IS topologies and route summarization
     Test multi-topology IS-IS to support non-congruent IPv4/v6
	  unicast routing topologies

   - IPv6 specific functionality
     Test stateless address auto-configuration, neighbor discovery,
          router advertisement etc.
     Test IPv6 enabled flow export (netflow version 9?)

   - BGP and Multi-protocol BGP
     Test protocol compliance and vendor interoperability
     Test BGP authentication w/ TCP-MD5 option
     Test BGP TTL hack if available
     Test a variety of BGP policy configurations
     Test internal BGP peering topologies
     Is it feasible to carry 2 full Internet routing tables (from
         our 2 ISPs) in the core routers? How much RAM is needed
	 on RE/SUP cards and FIB/PFE cards for this to happen?

2. IP Multicast Routing (4 days)

      Test/configure PIM sparse mode with various RP configurations:
	   single static, multiple static w/ anycast and MSDP,
	   PIM-BSR (no auto-RP)
      Test/configure MSDP
      Test/configure IGMPv2
      Test/configure IGMPv3 and PIM-SSM
      Test sourcing and receiving multicast traffic
      Test ability to filter and scope multicast traffic and
	   multicast control protocols.
      Test IPv6 multicast features (if available):
           MLD, PIM-SM/v6, Embedded RP

3. UDP Forwarding (1 days)						

       Test DHCP forwarding to multiple unicast hosts on a per
	    interface basis. 
       Test forwarding of other UDP protocols to multiple unicast 
	    hosts on a per interface basis. 

4. Loopback interfaces (1 days)						

       Configure/test multiple loopback interfaces
       Configure multiple addresses per loopback interface
       Test that router originated traffic can be sourced with
           the loopback address (or other designated address):
		 a.  SNMP, syslog, netflow, RADIUS
		 b.  Outbound ping, traceroute 
		 c.  Outbound telnet, ssh 

5. IEEE 802.1 & 802.3 Standards compliance (4 days)			

	Test and verify configuration of bridge ports. 
	Test and verify operation of 802.1D spanning tree on 
	     bridge ports. 
	Test and verify operation of 802.1w on bridged ports. 
	Test and verify configuration of VLAN trunk ports using 
	Test and verify operation of 802.1p on router ports and 
	     802.1q trunk ports. 
	Test and verify operation of 802.3ad link aggregation 

6. SNMP and RMON monitoring and management (N days)			

   a. Test and verify support for SNMP v1/v2c/v3
   b. Test and verify RMON support

7. Authentication/Accounting and Access (2 days)			

   a. Test and verify RADIUS Authentication 
   b. Test and verify RADIUS Accounting 
   c. Test and verify per-command authorization, via RADIUS VSAs 
   d. Test and verify multiple access levels with varying privileges, 
      via RADIUS 
   e. Test and verify secure client access to command line 
   f. Test and verify secure client file transfer, client and server 
   g. Does router support Kerberos authentication for management
      sessions (eg. via the TELNET authentication option)?
   h. Does router support command accounting via RADIUS? (most
      likely implemented via RADIUS Accounting Interim-Update 
   i. Does router support traditional BSD SYSLOG protocol?
   j. Does router support secure and reliable SYSLOG (RFC 3195)?

8. Configuration Management (2 days)					

   a. Test export, editing, and reload of configuration in text format 
   b. Test configuration rollback using locally stored configurations
   c. Test upgrade and rollback of software images using locally stored 
      software images. 

9. Port Mirroring (1 day)

   a. [...]

10. Traffic Accounting (2 days)						

   a. Test and verify NetFlow export, version 5 and varying traffic loads
   b. Verify functionality and accuracy of traffic accounting
   c. Test netflow tunable parameters (eg. sampling rates, active/
	   inactive flow expiration timers etc)
   d. If available, test support Netflow version 9 (basis for new
      IETF flow information export protocol). What flow data is
      support? Is template based extensibility supported?

11. QoS and Priority Traffic handling (5 days)				

   a. Test and verify use of multiple output queues per interface 
      and per sub-interface 
   b. Test output traffic prioritization by queue 
   c. Test traffic prioritization based on DiffServ 
   d. Test support for marking and remarking DSCP bits on transit 
      traffic and router originated traffic 
   e. Test mapping of L3 QOS to L2 QOS (DiffServ to 802.1p) 
   f. Test mapping of L2 QOS to L3 QOS (802.1p to DiffServ) 
   g. Test traffic shaping/rate limiting of transit traffic 

12. Access control lists and filters (2 days)				

    a. Test and verify access control filters based on L3 and
       higher layer protocol information (IP proto, src/dst addr,
       transport proto, src/dst port etc)
    b. Compare packet throughput with and without access control 
       filters applied and measure performance degradation relative
       to number of filters and traffic load.
    c. Examine support for IPv6. In particular, does router assume
       any specific order of extension headers, or does it for 
       search arbitrarily deep to locate them (eg. to find TCP
       port numbers in the TCP extension header).

13. Policy based routing (3 days)					

    a. Configure/test ability to route packets on criterion other
       simple longest-prefix-match destination address
    b. Test ability to support multiple distinct routing tables
       and ability to map traffic to those tables.

14. IPSEC (2 days)							

    a. Test IPSEC functionality 
    b. [... details ...]

15. Performance (2 days)						

    a. Perform basic throughput & latency testing 
    b. Custom smartbits tests
    c. Ensure that tests are (re) performed with full complement
       of other router features turned on.

16. Other (3 days)							

    a. Test and verify VRRP support and protocol compliance
    b. Test and verify configuration of secondary addresses 
    c. Test and verify disabling of directed broadcast 
    d. Test anti-source address spoofing measures 
    e. Test jumbo frame support on gigabit ethernet interfaces 
    f. Test CPU and control-plane security mechanisms

17. Test hardware/component redundancy features (2 days)		

    a. Deploy redundant configurations of routing engines, supervisor
       boards, switch interface boards, control boards etc
    b. Test hot swapability of above components and their impact
       on data flow and control protocol state
         i. BFD support (Bi-directional Forwarding Detection)
    c. Test hot swapability of line cards/interfaces

18. Host Management software testing (N days)				

    a. Deploy vendor supplied host management software
    b. Test specific functionality of interest to us (eg. bulk
       configuration changes, bulk software updates, and other
       bulk management features)

Shumon Huque, Steve Blair
Network Engineering
University of Pennsylvania.