Overview
Below, you'll find the steps required to setup a TAHI test environment for UMIP. TAHI test suites are conformance tests provided by the WIDE TAHI working group. These tests aim at validating the implementation of the IPv6 protocol suite (IPv6 core protocols, IPsec, IKEv2, DHCPv6, Mobile IPv6, NEMO Basic Support, etc.).
TAHI test suites basically check all the features and possible scenarios in which a protocol can operate. Each test suite is composed by numerous tests. Each of these tests is dedicated to a specific part of the standard and can detect whether an implementation complies with it. The test results can greatly help developers to find out in which case their implementation does not behave as expected. It is thus an important tool to check the compliance with the standard, but also to track possible regressions during the development phase.
Before installing and configuring the TAHI test environment, let's first explain its overall architecture. A TAHI test environment is mainly composed by two entities:
-
The Tester Node (TN) is the computer on which the TAHI test suite is installed. It is connected to the Node Under Test (NUT, see below) via ethernet and serial. It basically sends forged packets to the NUT and, according to the answer it receives, can decide whether the NUT complies with the standard.
-
The Node Under Test (NUT) is the computer on which developers run their implementation. It is connected to the TN via ethernet and serial. It operates as if it was in a real environment. When it receives a packet from the TN, it thus sends a reply as if the TN was a common node in the Internet.
After a few pre-requisites, we will explain how to setup a TN with the Mobile IPv6 test suite, and how to setup a NUT with UMIP. We will then explain how to run the test suite. A FAQ is available at the end of this article, providing answers for common questions.
Pre-requisites
Both the TN and the NUT must have a serial port. The serial connection between them is used by the TN to reboot the NUT between the tests.
The following network topology will be used. In the remaining of this document, replace the network interface names by the one you have on your computer.
TN NUT
+------------+ Ethernet cross cable +---------------+
| [rl0]+----------------------+[eth0] |
Internet-----+[rl1] | | [eth1]+----- Internet
| [serial]+----------------------+[serial] |
+------------+ Serial cable +---------------+
Tester Node (TN)
The TN needs to run Freebsd Release 6.3 or higher. Install it, and install also these additional tools:
- /usr/ports/ftp/wget
- /usr/ports/net/tcpdump
- /usr/ports/www/apache22
- /usr/ports/lang/p5-Expect
- /usr/ports/security/p5-Digest-MD5
Download the following software from the TAHI website:
- v6eval (core TAHI software)
- ike-mipv6 (core TAHI software)
- v6eval-remotes (core TAHI software)
- ct-mipv6-mn (test suite for the MIPv6 Mobile Node)
- ct-mipv6-ha (test suite for the MIPv6 Home Agent)
- ct-mipv6-cn (test suite for the MIPv6 Correspondent Node)
Install the v6eval package (it will be installed in /usr/local/v6eval/):
$ tar zxvf v6eval-X.X.tar.gz $ cd v6eval-X.X/ $ make # make install
Install the ike-mipv6 module:
$ tar zxvf ike-mipv6-X.X.tar.gz $ cd ike-mipv6-X.X $ make # make install
Install the v6eval-remotes module. It will be used to control the NUT from the TN, using the serial line (replace VERSION with your perl version):
$ tar zxvf v6eval-remotes-X.X.tar.gz $ cd v6eval-remotes-X.X $ make # cp -r bin/remotes/linux-v6/ /usr/local/v6eval/bin/ # cd /usr/local/lib/perl5/site_perl/VERSION/
You need to modify the /usr/local/lib/perl5/site_perl/VERSION/V6evalRemote.pm file. Copy all of the commented lines starting with 'linux-v6' in the list located above the commented lines. For example:
[...]
# login prompt
%prompt_user = (
'linux-v6', 'login: ',
);
[...]
Create a BPF (Berkeley PAcket Filter) device. For that purpose, edit the /etc/rc.conf file and add:
[...] devfs_system_ruleset="devfsrules_unhide_bpf" [...]
Edit also the /etc/devfs.rules file and add:
[devfsrules_unhide_bpf=1025] add path 'bpf*' user root group wheel mode 0660 unhide
The TN and the NUT will be connected using a serial line. You have to configure the line with:
# touch /var/log/aculog # chown uucp:dialer /var/log/aculog # chmod 660 /var/log/aculog
Once the serial connection has been configured on the NUT too, you can test you serial connection by running the following command (supposing that cuad0 is your serial interface). You should see the login prompt of the NUT:
# cu -l /dev/cuad0
The user who will execute the tests must be in the wheel and dialer groups. Edit the /etc/group file and add this user in these groups.
IPv6 support must be disabled on the TN. Also, the interface that will be connected to the NUT must be up. Edit the /etc/rc.conf file and add (replace DEVICE with your device name, e.g. rl0):
[...] ipv6_enable="NO" ifconfig_DEVICE="up" [...]
Configure apache to start on boot. Add in the /etc/rc.conf file the following line:
[...] apache22_enable="YES" [...]
Test results will be available online at http://address_of_the_tn/. These results contain the root password of the NUT. You should thus setup some authentication (e.g. via htaccess) to restrict the access to the results. If you want to disclose these results, you can anonymize them as explained later before copying them to a public place.
You can start apache the first time with:
# apachectl start
We can now configure the TAHI test suite. Go to the /usr/local/v6eval/etc directory, and edit the tn.def file. Especially, modify RemoteDevice to match the name of your serial device, and replace the interface name of Link0 with the real name of your interface that will be connected to the NUT. Typically, your file should look like this:
# tn.def # Replace 'cuad0' with your serial device name RemoteDevice cuad0 RemoteDebug 0 RemoteIntDebug 0 RemoteLog 0 RemoteSpeed 0 RemoteLogout 0 RemoteMethod serial # Replace 'rl0' with the name of the interface connected to the NUT # DO NOT CHANGE the third parameter (00:00:00:00:01:00) Link0 rl0 00:00:00:00:01:00
Now, edit the nut.def file. This file includes information of your NUT (i.e. the computer that will run UMIP). The System parameter must be set to linux-v6. Set the HostName of your NUT it has one. The Type depends on what runs on the NUT: set it to host for a MN or a CN, router for a HA. You also need to specify the root password of the NUT with the Password parameter. Finally, you need to specifiy the interface name of the NUT that will be connected to the TN, and set the exact MAC address of that interface. Typically, your file should look like this:
# nut.def System linux-v6 TargetName Linux 2.6 + UMIP HostName nut.example.com # Here, you have to set 'host' when you plan to run a MN # or a CN on the NUT, and 'router' when you plan to run # a HA on the NUT Type host # Replace 'NUT_ROOT_PASSWORD' by the root password of the NUT. User root Password NUT_ROOT_PASSWORD # Replace 'eth0' by the interface of the NUT that will be # connected to the TN, and replace 'aa:bb:cc:dd:ee:ff' with # the REAL MAC address of that interface. Link0 eth0 aa:bb:cc:dd:ee:ff
Best is to create a file for each configuration: nut.def.ha (with Type router) for the HA test suite, nut.def.mn and nut.def.cn (with Type host) for the MN and CN test suites respectively.
Node Under Test (NUT)
The NUT will run UMIP. Install a GNU/Linux system with a mobility-ready kernel as well as the UMIP userland. A detailed documentation to setup a UMIP environment is available here. Do not run UMIP yet on this computer, we will discuss how to do this in the next section.
The NUT and the TN will be connected using a serial line. In order to configure the line, edit the /etc/inittab file and uncomment or add the following line (ttyS0 being your serial device):
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
In the /etc/securetty file, check that the following line exists, otherwise add it:
ttyS0
Configure the root account on the NUT with the same password that you specified in the nut.def file on the TN. Once the serial connection has been configured between your TN and NUT, you can test it from the TN as explained in the TN section.
If you plan to connect one interface of your NUT to the Internet, you have to configure this interface to use IPv4-only and to not use IPv6 autoconfiguration. Here is an example /etc/network/interfaces file that you can use:
# /etc/network/interfaces
auto lo
iface lo inet loopback
# Replace 'eth1' with the interface connected to the Internet.
# Replace the IPv4 addresses by yours.
auto eth1
iface eth1 inet static
address 192.0.2.1
netmask 255.255.255.0
network 192.0.2.0
broadcast 192.0.2.255
gateway 192.0.2.254
# Replace 'eth0' with the interface connected to the TN
up /sbin/ifconfig eth0 up
In the /etc/sysctl.conf file, add the following line (eth1 being the interface connected to the Internet):
net.ipv6.conf.eth1.accept_ra=0
Make sure your /etc/resolv.conf file is empty (e.g. do not use dns-* options in your /etc/network/interfaces file). This will prevent the NUT from sending unnecessary packets that could disturb the tests. Similarly, do not run any routing daemon on the NUT.
Running the Tests
Configuring the MN Test Suite
In this section we will explain how to setup the MN test suite. The following operations take place on the TN. Uncompress and install the MN test suite on the TN:
$ tar zxf ct-mipv6-mn-X.X.tar.gz $ cd ct-mipv6-mn-X.X # make install # cp -pR /usr/local/v6eval/ct-mipv6-mn /usr/local/www/apache22/data/ct-mipv6-mn # chmod -R +w /usr/local/www/apache22/data/ct-mipv6-mn # cd /usr/local/www/apache22/data/ct-mipv6-mn # make clean && make document
We can now configure the MN test suite. For that purpose, edit the config.txt file that is located in /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/. This file gathers all the configuration items of the tests. We will explain how to configure the main ones below:
- TEST_FUNC_REAL_HOME_LINK: set this option to YES.
- FUNC_DETAIL_MN_BU_TO_CN_A: set this option to YES.
- FUNC_DETAIL_MN_BU_TO_CN_REREG: set this option to YES.
- FUNC_DETAIL_DHAAD_ON_HOMELINK: set this option to YES.
- FUNC_DETAIL_MN_BU_TO_CN_RETRANSMISSION: set this option to YES.
- TEST_FUNC_IPSEC: if you want to enable IPsec during the tests, set it to YES. We will explain how to enable it for the BU and BA. Set also the options below:
- IPSEC_MANUAL_SA1_MN_HA0_PROTO: set it to BU.
- IPSEC_MANUAL_SA2_HA0_MN_PROTO: set it to BA.
- IPSEC_MANUAL_SA*_*_*_PROTO: set all the other IPSEC_MANUAL_SA*_*_*_PROTO options to NONE.
- ENV_ENABLE_MOBILE: this option controls whether the TN will automatically launch mobile IPv6 on the NUT. This does not work with a NUT running linux, so set it to NO.
- ENV_IPSEC_SET: this option controls whether the TN will automatically install the correct IPsec SA on the NUT. This does not work with a NUT running linux, so set it to NO. set it to NO.
- ENV_INITIALIZE: if you set it to BOOT, the TN will reboot the NUT between each test (using the serial connection). If you set it to RETURN, the TN will emulate a returning home between each test. We advice you to set it to BOOT.
Once the configuration file suits your needs, we need to get the Home Address and Home Agent address that will be used during the tests. On the TN, execute the MN test suite as followed:
$ cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # make clean && make test
The test logs should display on your terminal the HoA and HA address. Once they are displayed, you can kill the tests with ctrl+c. They should look like this (but with slightly different addresses):
HoA address : 3ffe:501:ffff:100:230:5ff:fe1a:7ffb ha0 address : 3ffe:501:ffff:100:200:ff:fe00:a0a0
These addresses will be used to configure UMIP on the NUT. As we have configured the TN to reboot the NUT between every test, we also need to configure the NUT to automatically start UMIP and setup the correct IPsec SA on boot.
From now, configuration takes place on the NUT. Here is the configuration file you can use for a UMIP MN on the NUT. This configuration uses the above HoA and HA addresses (change them with yours) and protects the BU/BA messages with IPsec (as we specified in the test suite configuration). Store it for example in /usr/local/etc/mip6d.mn.tahi.conf:
# Sample mip6d configuration file
# /usr/local/etc/mip6d.mn.tahi.conf
# Replace the addresses and interface's name with yours
NodeConfig MN;
DebugLevel 10;
DoRouteOptimizationCN enabled;
DoRouteOptimizationMN enabled;
UseCnBuAck enabled;
SendMobPfxSols enabled;
# Mandatory to pass the MN TAHI TEST number 7
MnRouterProbes 1;
OptimisticHandoff disabled;
MnMaxHaBindingLife 120;
Interface "eth0" {
MnIfPreference 1;
}
MnHomeLink "eth0" {
# Use DHAAD to get the HA address
HomeAgentAddress ::;
HomeAddress 3ffe:501:ffff:100:230:5ff:fe1a:7ffb/64;
}
UseMnHaIPsec enabled;
KeyMngMobCapability disabled;
IPsecPolicySet {
HomeAgentAddress 3ffe:501:ffff:100:200:ff:fe00:a0a0;
HomeAddress 3ffe:501:ffff:100:230:5ff:fe1a:7ffb/64;
IPsecPolicy HomeRegBinding UseESP 111 112;
}
Here is the asssociated setkey configuration for the IPsec SA. Store it for example in /usr/local/etc/setkey.mn.tahi.conf:
#!/usr/sbin/setkey -f
# Sample setkey configuration file
# /usr/local/etc/setkey.mn.tahi.conf
# Replace the HoA and HA addresses with yours
# Flush the SAD and SPD
flush;
spdflush;
# MN -> HA transport BU/BA
add 3ffe:501:ffff:100:230:5ff:fe1a:7ffb 3ffe:501:ffff:100:200:ff:fe00:a0a0
esp 0x111
-m transport
-u 111
-E 3des-cbc "V6LC-111--12345678901234"
-A hmac-sha1 "V6LC-111--1234567890";
# HA -> MN transport BU/BA
add 3ffe:501:ffff:100:200:ff:fe00:a0a0 3ffe:501:ffff:100:230:5ff:fe1a:7ffb
esp 0x112
-m transport
-u 112
-E 3des-cbc "V6LC-112--12345678901234"
-A hmac-sha1 "V6LC-112--1234567890";
You can configure your NUT to automatically start the UMIP daemon as well as installing the IPsec SA on boot. This is mandatory if you have configured the TN to reboot the NUT between each tests. For that purpose, you can get these S20mip6d.tahi script and S19setkey.tahi script, and copy them into your /etc/rc2.d directory. You may need to modify them slightly: set the MIP6D_* parameters (in S20mip6d.tahi) and SETKEY_CONF parameter (in S19setkey.tahi) according to the location of your files.
You are now ready to launch the MN test suite! Jump to the section entitled "Executing a Test Suite".
Configuring the HA Test Suite
In this section we will explain how to setup the HA test suite. The following operations take place on the TN. Uncompress and install the HA test suite on the TN:
$ tar zxf ct-mipv6-ha-X.X.tar.gz $ cd ct-mipv6-ha-X.X # make install # cp -pR /usr/local/v6eval/ct-mipv6-ha /usr/local/www/apache22/data/ct-mipv6-ha # chmod -R +w /usr/local/www/apache22/data/ct-mipv6-ha # cd /usr/local/www/apache22/data/ct-mipv6-ha # make clean && make document
We can now configure the HA test suite. For that purpose, edit the config.txt file that is located in /usr/local/www/apache22/data/ct-mipv6-ha/mipv6-ha/. This file gathers all the configuration items of the tests. We will explain how to configure the main ones below:
- NEED_REBOOT: you can set this option to 0. If you set it to 1, the TN will reboot the NUT between each test (using the serial connection).
- NEED_ANYCAST, NEED_ENABLE, NEED_ROUTE, NEED_IPSEC and NEED_RA: set all of them to 0.
- HAVE_HOME_LINK: set it to 1.
- HAVE_FOREIGN_LINK: set it to 0.
- HAVE_REAL_HOME: set it to 1.
- HAVE_DHAAD, HAVE_MPD and HAVE_RR: set all of them to 1.
- HAVE_IPSEC: if you want to enable IPsec during the tests, set it to 1. We will explain how to enable it for the BU and BA. Set also the options below:
- USE_SA1_SA2: set it to 1.
- USE_SA3_SA4, USE_SA5_SA6 and USE_SA7_SA8: set them to 0.
Once the configuration file suits your needs, we need to get the Home Address and Home Agent address that will be used during the tests. On the TN, execute the HA test suite as followed:
$ cd /usr/local/www/apache22/data/ct-mipv6-ha/mipv6-ha/ # make clean && make test
The test logs should display on your terminal the HoA and HA address. Once they are displayed, you can kill the tests with ctrl+c. They should look like this (but with slightly different addresses):
HA(inet6): 3ffe:501:ffff:100:230:5ff:fe1a:7ffb MN HoA(inet6): 3ffe:501:ffff:100:200:ff:fe00:1
These addresses will be used to configure UMIP on the NUT. We have configured the TN to execute the tests without rebooting the NUT between each tests, so we just need to manually execute the UMIP HA daemon once on the NUT.
From now, configuration takes place on the NUT. Here is the configuration file you can use for a UMIP HA on the NUT. This configuration uses the above HoA and HA addresses (change them with yours) and protects the BU/BA messages with IPsec (as we specified in the test suite configuration). Store it for example in /usr/local/etc/mip6d.ha.tahi.conf:
# Sample mip6d configuration file
# /usr/local/etc/mip6d.ha.tahi.conf
# Replace the addresses and interface's name with yours
NodeConfig HA;
DebugLevel 10;
Interface "eth0";
SendMobPfxAdvs enabled;
SendUnsolMobPfxAdvs enabled;
BindingAclPolicy 3ffe:501:ffff:100:200:ff:fe00:1 allow;
DefaultBindingAclPolicy deny;
UseMnHaIPsec enabled;
KeyMngMobCapability disabled;
IPsecPolicySet {
HomeAgentAddress 3ffe:501:ffff:100:230:5ff:fe1a:7ffb;
HomeAddress 3ffe:501:ffff:100:200:ff:fe00:1/64;
IPsecPolicy Mh UseESP 111 112;
}
Here is the asssociated setkey configuration for the IPsec SA. Store it for example in /usr/local/etc/setkey.ha.tahi.conf:
#!/usr/sbin/setkey -f
# Sample setkey configuration file
# /usr/local/etc/setkey.ha.tahi.conf
# Replace the HoA and HA addresses with yours
# Flush the SAD and SPD
flush;
spdflush;
# MN -> HA transport BU/BA
add 3ffe:501:ffff:100:200:ff:fe00:1 3ffe:501:ffff:100:230:5ff:fe1a:7ffb
esp 0x111
-m transport
-u 111
-E 3des-cbc "V6LC-111--12345678901234"
-A hmac-sha1 "V6LC-111--1234567890";
# HA -> MN transport BU/BA
add 3ffe:501:ffff:100:230:5ff:fe1a:7ffb 3ffe:501:ffff:100:200:ff:fe00:1
esp 0x112
-m transport
-u 112
-E 3des-cbc "V6LC-112--12345678901234"
-A hmac-sha1 "V6LC-112--1234567890";
You also need to configure radvd, as the Home Agent will send router advertisment on the link between the TN and the NUT. You can use the below sample configuration file (change the address and interface name with yours). Store it for example in /usr/local/etc/radvd.ha.tahi.conf:
# Sample radvd configuration file
# /usr/local/etc/radvd.ha.tahi.conf
# Replace the HA address with yours
interface eth0
{
AdvSendAdvert on;
MaxRtrAdvInterval 3;
MinRtrAdvInterval 1;
AdvIntervalOpt on;
AdvHomeAgentFlag on;
AdvHomeAgentInfo on;
HomeAgentLifetime 1800;
HomeAgentPreference 10;
# HA address
prefix 3ffe:501:ffff:100:230:5ff:fe1a:7ffb/64
{
AdvRouterAddr on;
AdvOnLink on;
AdvAutonomous on;
};
};
Before starting the Home Agent daemon, you also need to set the Home Agent address on the interface connected to the link between the TN and the NUT, as weel as a default route towards the TN. The below script takes care of that, as well as starting the UMIP HA daemon. Modify it according to your needs. You can execute this script (as root) on the NUT before starting the TAHI tests suite on the TN:
#!/bin/bash
# Sample script to launch the UMIP HA daemon. Replace
# the interface name and addresses with yours.
# HA address
HA_ADDR=3ffe:501:ffff:100:230:5ff:fe1a:7ffb
# Interface of the NUT connected to the TN
HA_IFNAME=eth0
# Location of your radvd binary
RADVD=/usr/sbin/radvd
# Location of your mip6d and setkey binaries
MIP6D=/usr/local/sbin/mip6d
SETKEY=/usr/sbin/setkey
# Location of your setkey, radvd and mip6d
# configuration files
CONF=/usr/local/etc/
# Link-local address of the emulated default router. The
# address used by TAHI is always fe80::200:ff:fe00:a0a0
# DO NOT CHANGE THIS PARAMETER UNLESS YOU KNOW
# WHAT YOU ARE DOING
LL_ADDR=fe80::200:ff:fe00:a0a0
# Install address and route
/sbin/ip -6 addr add ${HA_ADDR}/64 dev ${HA_IFNAME}
/sbin/ip -6 route add default via ${LL_ADDR} dev ${HA_IFNAME}
# Enable Forwarding and Proxy NDP
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 1 > /proc/sys/net/ipv6/conf/all/proxy_ndp
# Start RADVD
killall radvd
${RADVD} -C ${CONF}/radvd.ha.tahi.conf
# Execute setkey and UMIP. UMIP logs will be stored
# in /tmp/mip6d.ha.tahi.logs
${SETKEY} -f ${CONF}/setkey.ha.tahi.conf
(${MIP6D} -c ${CONF}/mip6d.ha.tahi.conf > /tmp/mip6d.ha.tahi.logs 2>&1)&
NOTE: if you have installed the MN startup script as described in the previous section, make sure that they are not active. For that purpose, you can rename the S20mip6d.tahi script (in /etc/rc2.d/) to K80mip6d.tahi as well as S19setkey.tahi to K81setkey.tahi, and then reboot the NUT (scripts in /etc/rc2.d/ starting with K will not be started).
You are now ready to launch the HA test suite! Jump to the section entitled "Executing a Test Suite".
Configuring the CN Test Suite
Configuration for the CN test suite is not yet available. We will provide it in the future.
Executing a Test Suite
Make sure that your configuration is ready on the NUT:
- If you run a MN on the NUT, verify that the starting scripts for mip6d and setkey are present in /etc/rc2.d/ as explained here,
- If you run a HA or a CN on the NUT, execute the startup script before proceeding with the test suite.
On the TN side, copy the appropriate nut.def.* file into nut.def. For example for the MN test suite:
# cp /usr/local/v6eval/etc/nut.def.mn /usr/local/v6eval/etc/nut.def.ha
Tests suite are executed on the TN from the /usr/local/www/apache22/data/ct-mipv6-*/mipv6-*/ directory. For example for the MN, you can run the tests from the TN with:
$ cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # make clean && make test
Tests can take between 4 to 6 hours for the MN, 1.5 hours for the HA. You can however follow the results of each test while the test suite is running: using a web browser, you can visit http://address_of_the_tn/.
IMPORTANT NOTE: the root password of the NUT appears in the test results! We advice you to protect the access to the results with an HTTP login/password authentication as described before. If you want to publish the results, you can anonymize them before copying them to another public place. For that purpose, you can execute the following command (replace NUT_ROOT_PASSWORD with your NUT root password):
$ cd /usr/local/www/apache22/data/
# find . -type f -exec sed -e 's/NUT_ROOT_PASSWORD/xxxxxxxxxx/g' -i "" {} \;
FAQ
- Can the TN run on something else that FreeBSD?
No, AFAIK the TAHI test suites can only run on FreeBSD.
- Is there a "manual" mode for TAHI, in which each test is
triggered manually?
Yes, edit the /usr/local/v6eval/etc/nut.def.* file on your TN, and set the System property to manual. Once you have launched UMIP on your TN, you can execute the TAHI tests on the NUT as usual, but you will have to hit "Enter" between each tests.
- How can I launch a specific single test from the test suite?
Check the results of your test suite from a web browser. Go to the test you have interest in, and click on the "X" link that is available on the "Log" column. You will access the logs for this test. In the "Test Information" section, you will find a "CommandLine" parameter which indicates the whole command to execute. For example, the test #1 of the MN test suite can be performed with:
$ cd /usr/local/www/apache22/data/ct-mipv6-mn/mipv6-mn/ # ./MN-0-0-0-1-001.seq -pkt ./mip6_mn_common.def -log 1.html \ -ti MN-0-0-0-1-001 - Mobile Node Operation-1
Changelog
- 2009/08/25: First version of this document.