Overview
Below, you'll find the steps required to setup a TAHI test environment for UMIP. TAHI test suites are conformance tests provided by the WIDE TAHI working group. These tests aim at validating the implementation of the IPv6 protocol suite (IPv6 core protocols, IPsec, IKEv2, DHCPv6, Mobile IPv6, NEMO Basic Support, etc.).
TAHI test suites basically check all the features and possible scenarios in which a protocol can operate. Each test suite is composed by numerous tests. Each of these tests is dedicated to a specific part of the standard and can detect whether an implementation complies with it. The test results can greatly help developers to find out in which case their implementation does not behave as expected. It is thus an important tool to check the compliance with the standard, but also to track possible regressions during the development phase.
Before installing and configuring the TAHI test environment, let's first explain its overall architecture. A TAHI test environment is mainly composed by two entities:
-
The Tester Node (TN) is the computer on which the TAHI test suite is installed. It is connected to the Node Under Test (NUT, see below) via ethernet and serial. It basically sends forged packets to the NUT and, according to the answer it receives, can decide whether the NUT complies with the standard.
-
The Node Under Test (NUT) is the computer on which developers run their implementation. It is connected to the TN via ethernet and serial. It operates as if it was in a real environment. When it receives a packet from the TN, it thus sends a reply as if the TN was a common node in the Internet.
After a few pre-requisites, we will explain how to setup a TN with the TAHI Mobile IPv6 test suite, and how to setup a NUT with UMIP. We will then explain how to run the test suite. A FAQ is available at the end of this article, providing answers for common questions.
Pre-requisites
The following network topology will be used. In the remaining of this document, replace the network interface names by the one you have on your computer.
TN NUT
+------------+ Ethernet +---------------+
| [em1]+----------------------+[eth1] |
| | | |
| [em2]+----------------------+[eth2] |
Internet -----+[em0] | | [eth0]+----- Internet
| | | |
| [serial]+----------------------+[serial] |
| | Serial cable | |
+------------+ +---------------+
In case you plan to have the NUT rebooted between each test, both the TN and the NUT must have a serial port. However, this is not mandatory as we can also run the tests in a consecutive manner.
An easy way to setup a TAHI testbed is to use virtual machines, e.g. using VirtualBox. It is very convenient, especially because you can easily emulate ethernet links and a serial connection between the TN and the NUT. Using VirtualBox, you can:
- Emulate ethernet links by using network adapters attached to Internal Networks. On the TN virtual machine settings, you must also set the Promiscuous Mode to Allow VMs for the network adapters attached to internal networks, in order to make sure that the TN will capture all the packets from the NUT.
- Emulate a serial link by configuring the TN with a Host Pipe, check the Create Pipe box and put a file name (e.g. /tmp/tahiserial). On the NUT side, you also need to set Host Pipe, leave the Create Pipe box unchecked, and input the same filename.
Tester Node (TN)
FreeBSD configuration
The TN needs to run Freebsd 7.3 release or higher (it can also run on Linux, see the FAQ for more information). Install it (downloading CD1 is enough for the installation). Once the system is installed, you need to install a few more tools: wget, tcpdump, apache22, p5-Expect and p5-Digest-MD5. For that purpose, you can use portsnap:
# portsnap fetch # portsnap extract
Notes: the fetch can take some time. The extract command is only used the first time, next time you can just use 'portsnap update' to update your ports. Install the required tools with:
# cd /usr/ports/ftp/wget && make install clean # cd /usr/ports/www/apache22 && make install clean # cd /usr/ports/lang/p5-Expect && make install clean # cd /usr/ports/security/p5-Digest-MD5 && make install clean # cd /usr/ports/textproc/p5-YAML && make install clean # cd /usr/ports/net/tcpdump && make install clean
If you experience issues with the tcpdump port (an error such as: undefined reference to 'pcap_free_datalinks'), you should first install the libpcap from the sources, and then try to reinstall tcpdump:
# wget http://www.tcpdump.org/release/libpcap-1.3.0.tar.gz # tar zxf libpcap-1.3.0.tar.gz # cd libpcap-1.3.0 # ./configure --prefix=/usr # make && make install # cd /usr/ports/net/tcpdump && make install clean
Now, download the following software from the TAHI website:
- v6eval (core TAHI software)
- ike-mipv6 (core TAHI software)
- v6eval-remotes (core TAHI software)
- ct-mipv6-mn (test suite for the MIPv6 Mobile Node)
- ct-mipv6-ha (test suite for the MIPv6 Home Agent)
- ct-mipv6-cn (test suite for the MIPv6 Correspondent Node)
Install the v6eval package (it will be installed in /usr/local/v6eval/):
$ tar zxf v6eval-X.X.tar.gz $ cd v6eval-X.X/ $ make # make install
Install the ike-mipv6 module:
$ tar zxf ike-mipv6-X.X.tar.gz $ cd ike-mipv6-X.X $ make # make install
Install the v6eval-remotes module. It will be used to control the NUT from the TN, using the serial line (replace <version> with your perl version):
$ tar zxf v6eval-remotes-X.X.tar.gz $ cd v6eval-remotes-X.X $ make # cp -r bin/remotes/linux-v6/ /usr/local/v6eval/bin/linux-v6/ # cd /usr/local/lib/perl5/site_perl/<version>/
You need to modify the /usr/local/lib/perl5/site_perl/<version>/V6evalRemote.pm file. Copy all of the commented lines starting with 'linux-v6' in the list located above the commented lines. For example:
[...]
# login prompt
%prompt_user = (
'linux-v6', 'login: ',
);
[...]
Create a BPF (Berkeley Packet Filter) device. For that purpose, edit the /etc/rc.conf file and add:
devfs_system_ruleset="devfsrules_unhide_bpf"
Edit also the /etc/defaults/devfs.rules file and add:
[devfsrules_unhide_bpf=1025] add path 'bpf*' user root group wheel mode 0660 unhide
IPv6 support must be disabled on the TN. Also, the interfaces that will be connected to the NUT must be up. Edit the /etc/rc.conf file and add the following lines (replace em1 and em2 with the name of your devices):
ipv6_enable="NO" ifconfig_em1="up" ifconfig_em2="up"
Configure apache to start on boot. Add in the /etc/rc.conf file the following line:
apache22_enable="YES"
You can start apache the first time with:
# apachectl start
Remove the apache index file:
# rm /usr/local/www/apache22/data/index.html
Test results will be available online at http://<IP address of the TN>/. Be aware that the test results will contain the root password of the NUT. You should thus setup some authentication (e.g. via htaccess) to restrict the access to the results. If you want to disclose these results, you can anonymize them as explained later before copying them to a public place.
If you plan to have the NUT rebooted between each test, you have to configure the serial line with:
# touch /var/log/aculog # chown uucp:dialer /var/log/aculog # chmod 660 /var/log/aculog
Once the serial connection has been configured on the NUT too (see later in the NUT section), you can test you serial connection by running the following command (supposing that cuad0 is your serial interface). You should see the login prompt of the NUT:
# cu -l /dev/cuad0
The user who will execute the tests must be in the wheel and dialer groups. You can add this user in these groups with (replace <user> with the user name):
# pw usermod <user> -G wheel,dialer
Generic TAHI configuration
We can now configure the TAHI test suite. Go to the /usr/local/v6eval/etc directory, and create a tn.def file from the sample one:
# cd /usr/local/v6eval/etc # cp tn.def.sample tn.def # vi tn.def
Especially, modify RemoteDevice to match the name of your serial device, and replace the interface names of Link0 and Link1 with your interface names that will be connected to the NUT. Typically, your file should look like this:
# tn.def # Replace 'cuad0' with your serial device name RemoteDevice cuad0 RemoteDebug 0 RemoteIntDebug 0 RemoteLog 1 RemoteSpeed 0 RemoteLogout 0 RemoteMethod serial # Replace 'em1' and em2 with the name of the interfaces # connected to the NUT. DO NOT CHANGE other parameters. Link0 em1 00:00:00:00:01:00 Link1 em2 00:00:00:00:01:01
Now, create the nut.def file from the sample one:
# cp nut.def.sample nut.def # vi nut.def
This file includes information of your NUT (i.e. the computer that will run UMIP). It will be slightly different for each of the HA, MN or CN test suite, so the best is to create a file for each configuration: nut.def.ha, nut.def.mn and nut.def.cn for the HA, MN and CN test suites respectively.
The System parameter must be set to linux-v6. Set the HostName of your NUT if it has one. The Type depends on what runs on the NUT: set it to host for a MN or a CN, router for a HA. You also need to specify the root password of the NUT with the Password parameter. Finally, you need to specifiy the interfaces name of the NUT that will be connected to the TN (1 interface for the MN NUT, 2 interfaces for the HA NUT), and set the exact MAC address of these interfaces. Typically, your file should look like this:# nut.def System linux-v6 TargetName Linux + UMIP HostName nut.example.com # Here, you have to set 'host' when you plan to run a MN # or a CN on the NUT, and 'router' when you plan to run # a HA on the NUT #Type router Type host # Replace 'NUT_ROOT_PASSWORD' by the root password of the NUT. User root Password NUT_ROOT_PASSWORD # Replace 'eth1' with the interface of the NUT that will be # connected to the TN, and replace 'aa:bb:cc:dd:ee:ff' with # the REAL MAC address of that interface. Link0 eth1 aa:bb:cc:dd:ee:ff # The NUT in HA mode uses another interface to emulate a foreign # link. Configure it (only for the HA!) by replacing 'eth2' with # the second interface of the NUT that will be connected to the # TN, and replace 'aa:bb:cc:dd:ee:ff' with the REAL MAC address # of that interface. Link1 eth2 aa:bb:cc:dd:ee:ff
Configuring the TAHI MN Test Suite
This section explains how to configure the MN test suite. Uncompress and install the MN test suite from the previously downloaded software:
$ tar zxf ct-mipv6-mn-X.X.tar.gz $ cd ct-mipv6-mn-X.X # make install # cp -pR /usr/local/v6eval/ct-mipv6-mn /usr/local/www/apache22/data/ct-mipv6-mn # chmod -R +w /usr/local/www/apache22/data/ct-mipv6-mn
We believe the MN test suite needs to be patched. If IPsec is configured, the TAHI test #42 expects that the MN sends a Neighbor Advertisement protected by IPsec. UMIP never protects Neighbor Discovery messages with IPsec, which we believe is the correct behavior. You can patch the tests by downloading our patches and applying them as follow:
# cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # wget http://umip.org/docs/tahi/tn/ct-mipv6-mn/mip6_mn_neighbor.def.patch # wget http://umip.org/docs/tahi/tn/ct-mipv6-mn/MN-2-2-2-1-027.seq.patch # patch -p0 < mip6_mn_neighbor.def.patch # patch -p0 < MN-2-2-2-1-027.seq.patch
Then we can proceed with the tests installation:
# cd /usr/local/www/apache22/data/ct-mipv6-mn # make clean && make document
We can now configure the MN test suite. The configuration takes place in the config.txt file that is located in /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/. This file gathers all the configuration items of the tests. We provide ready-to-use configuration files, with and without IPsec:
- config.txt.ipsec with IPsec configured for all signaling and payload packets,
- config.txt.noipsec with IPsec disabled.
If you plan to be exhaustive, you should run the TAHI tests with each of these configuration. At the moment, UMIP currently does not support IPsec with Route Optimization, so all the RO-related tests are not performed if IPsec is activated.
If you want to have the NUT rebooted between each tests, you should set the ENV_INITIALIZE parameter to BOOT in the config.txt file (and also configure the serial line between the TN and the NUT). At the moment, it is set to RETURN, which makes the TN emulating a returning home between each test, and perform all the tests in a consecutive manner. This makes the complete test execution time much shorter.
Now we need to get the Home Address and Home Agent address that will be used during the tests. On the TN, execute the MN test suite as followed (don't forget to copy your corresponding nut.def file beforehand):
# cp /usr/local/v6eval/etc/nut.def.mn /usr/local/v6eval/etc/nut.def # cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # make clean && make test
The test logs should display on your terminal the HoA and HA address. Once they are displayed, you can kill the tests with ctrl+c. They should look like this (but with slightly different addresses):
HoA address : 3ffe:501:ffff:100:230:5ff:fe1a:7ffb ha0 address : 3ffe:501:ffff:100:200:ff:fe00:a0a0
Save these addresses for later: they will be used to configure the UMIP MN on the NUT.
Configuring the HA Test Suite
This section explains how to configure the HA test suite. Uncompress and install the HA test suite from the previously downloaded software:
$ tar zxf ct-mipv6-ha-X.X.tar.gz $ cd ct-mipv6-ha-X.X # make install # cp -pR /usr/local/v6eval/ct-mipv6-ha /usr/local/www/apache22/data/ct-mipv6-ha # chmod -R +w /usr/local/www/apache22/data/ct-mipv6-ha # cd /usr/local/www/apache22/data/ct-mipv6-ha # make clean && make document
We can now configure the HA test suite. The configuration takes place in the config.txt file that is located in /usr/local/www/apache22/data/ct-mipv6-ha/mipv6-ha/. This file gathers all the configuration items of the tests. We provide ready-to-use configuration files, with and without IPsec:
- config.txt.ipsec with IPsec configured for all signaling and payload packets,
- config.txt.noipsec with IPsec disabled.
If you want to have the NUT rebooted between each tests, you should set the NEED_REBOOT parameter to 1 in config.txt (and also configure the serial line between the TN and the NUT). At the moment, it is set to 0, which makes the complete test execution time much shorter.
Now we need to get the Home Address and Home Agent address that will be used during the tests. On the TN, execute the HA test suite as followed (don't forget to copy your corresponding nut.def file beforehand):
# cp /usr/local/v6eval/etc/nut.def.ha /usr/local/v6eval/etc/nut.def # cd /usr/local/www/apache22/data/ct-mipv6-ha/mipv6-ha/ # make clean && make test
The test logs should display on your terminal the HoA and HA address. Once they are displayed, you can kill the tests with ctrl+c. They should look like this (but with slightly different addresses):
HA(inet6): 3ffe:501:ffff:100:230:5ff:fe1a:7ffb MN HoA(inet6): 3ffe:501:ffff:100:200:ff:fe00:1
Save these addresses for later: they will be used to configure the UMIP HA on the NUT.
Configuring the CN Test Suite
Configuration for the CN test suite is not yet available. We will provide it in the future.
Configuring the NEMO HA Test Suite
Configuration for the NEMO HA test suite is not yet available. We will provide it in the future.
Configuring the NEMO MR Test Suite
Configuration for the NEMO MR test suite is not yet available. We will provide it in the future.
Node Under Test (NUT)
Linux configuration
The NUT will run UMIP. Install a GNU/Linux system with a mobility-ready kernel and compile the UMIP userland. A detailed documentation to setup a UMIP environment is available here. Do not take care of the UMIP configuration yet and do not run UMIP yet on the NUT. We will discuss these topics a bit later.
If you plan to have the NUT rebooted between each test, you have to configure the serial line on the NUT. Edit the /etc/inittab file and uncomment or add the following line (ttyS0 being your serial device):
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
In the /etc/securetty file, check that the following line exists, otherwise add it:
ttyS0
Configure the root account on the NUT with the same password that you specified in the nut.def file on the TN. Once the serial connection has been configured between your TN and NUT, you can test it from the TN as explained in the TN section.
If you plan to connect one interface of your NUT to the Internet, you have to configure this interface to use IPv4-only and to not use IPv6 autoconfiguration. Here is an example /etc/network/interfaces file that you can use:
# /etc/network/interfaces
auto lo
iface lo inet loopback
# Replace 'eth0' with your interface connected to the Internet.
auto eth0
iface eth0 inet dhcp
# Replace interface names with the one connected to the TN
up /sbin/ifconfig eth1 up
up /sbin/ifconfig eth2 up
In addition, in the /etc/sysctl.conf file, add the following line (eth0 being your interface connected to the Internet):
net.ipv6.conf.eth0.accept_ra=0
Make sure your /etc/resolv.conf file is empty (e.g. do not use dns-* options in your /etc/network/interfaces file). This will prevent the NUT from sending unnecessary packets that could disturb the tests. Similarly, do not run any routing daemon on the NUT.
Configuration of the UMIP MN
This section provides configuration files (for UMIP and setkey) that you can use for a UMIP MN on the NUT. These configurations use the previously saved HoA and HA addresses. You need to replace them with yours, as well as replace the interface names with yours:
- mip6d.mn.ipsec.tahi.conf for the UMIP MN, with IPsec configured for all signaling and payload packets, and the corresponding setkey.mn.tahi.conf file for the setkey MN IPsec SAs.
- mip6d.mn.tahi.conf for the UMIP MN, with IPsec disabled.
Store them in /usr/local/etc/.
Configuration of the UMIP HA
This section provides configuration files (for UMIP and setkey) that you can use for a UMIP HA on the NUT. These configurations use the previously saved HoA and HA addresses. You need to replace them with yours, as well as replace the interface names with yours. Store them in /usr/local/etc/:
- mip6d.ha.ipsec.tahi.conf for the UMIP HA, with IPsec configured for all signaling and payload packets, and the corresponding setkey.ha.tahi.conf file for the setkey HA IPsec SAs.
- mip6d.ha.tahi.conf for the UMIP HA with IPsec disabled.
You also need to configure radvd, as the Home Agent will send router advertisments on one of the link between the TN and the NUT. You can use this radvd.ha.tahi.conf file (change the address and interface name with yours) and store it in /usr/local/etc/.
Starting UMIP
You can find a sample startup script for UMIP designed for the TAHI tests here: start-umip.sh. You need to modify the Configuration section to match your configuration parameters (interface name, HoA, binary location, etc.). This script will automatically configure the NUT for the TAHI tests (install the proper routes and sysctl parameters), start UMIP in HA (-H option) or MN (-M option) mode, start setkey (if you set the -I option) and start radvd (if the HA mode is used).
This script uses the mip6d init.d script that you can find here and that you should copy in /etc/init.d/ and make executable. You should also set the following parameters into the /etc/default/mip6d file (create the file if needed):
RUN="yes" MIP6D=/usr/local/sbin/mip6d MIP6D_CONF=/usr/local/etc/mip6d.tahi.conf MIP6D_DEBUG_LOG=/var/log/mip6d.tahi.log
This script also uses the setkey init.d script that is installed by the ipsec-tools package. You should also set the following parameters into the /etc/default/setkey file:
SETKEY_CONF=/usr/local/etc/setkey.tahi.conf
You can start the MN with IPsec (remove the -I option if you do not want to use IPsec):
# ./start-umip.sh -M -I
You can start the HA with IPsec (remove the -I option if you do not want to use IPsec):
# ./start-umip.sh -H -I
Other options are available. Check them by displaying the help with the -h option. Note that if you have set the TN to reboot the NUT between each tests, you have to make sure that UMIP will be automatically started at boot. For that purpose, you can for example call the above script in /etc/rc.local.
You are now ready to launch the TAHI test suite on the TN.
Running the Tests
Make sure that you have started the UMIP daemon on the NUT, as explained in the previous section.
On the TN side, copy the appropriate nut.def.* file into nut.def. For example for the MN test suite:
# cp /usr/local/v6eval/etc/nut.def.mn /usr/local/v6eval/etc/nut.def
Tests suite are executed on the TN from the /usr/local/www/apache22/data/ct-mipv6-*/mipv6-*/ directory. You need to set the correct config.txt file according to whether you plan to test UMIP with IPsec or not. For example for the MN, you can run the tests with IPsec with:
$ cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # cp config.txt.ipsec config.txt # make clean && make test
Tests can take between 1.5 hour (with IPsec) and 3 hours (without IPsec) for the MN, 4 hours for the HA (with or without IPsec). You can however follow the results of each test while the test suite is running: using a web browser, you just need to visit http://<IP address of the TN>/.
IMPORTANT NOTE: the root password of the NUT appears in the test results. We advice you to protect the access to the results with an HTTP login/password authentication as described before. If you want to publish the results, you can anonymize them before copying them to another public place. For that purpose, you can execute the following command (replace NUT_ROOT_PASSWORD with your NUT root password):
$ cd /usr/local/www/apache22/data/
# find . -type f -exec sed -e 's/NUT_ROOT_PASSWORD/xxxxxxxxxx/g' -i "" {} \;
FAQ
- Can the TN run on something else that FreeBSD?
Yes, there exists a port of v6eval for Linux. You can get it here. More information about this port is available here.
- Is there a "manual" mode for TAHI, in which each test is
triggered manually?
Yes, edit the /usr/local/v6eval/etc/nut.def.* file on your TN, and set the System property to manual. Once you have launched UMIP on your TN, you can execute the TAHI tests on the TN as usual, but you will have to hit "Enter" between each tests.
- How can I launch a specific single test from the test suite?
Check the results of your test suite from a web browser. Go to the test you have interest in, and click on the "X" link that is available on the "Log" column. You will access the logs for this test. In the "Test Information" section, you will find a "CommandLine" parameter which indicates the whole command to execute. For example, the test #1 of the MN test suite can be performed with:
$ cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # ./MN-0-0-0-1-001.seq -pkt ./mip6_mn_common.def -log 1.html \ -ti MN-0-0-0-1-001 - Mobile Node Operation-1
Changelog
- 2013/03/20: Updated document with new configuration files.
- 2013/01/13: Updated document to latest TAHI tests versions.
- 2009/08/25: First version of this document.