CDRouter ICS enhances traditional closed loop testing by providing access to the internet or other outside networks for non-test traffic. This is accomplished by routing test traffic and network traffic separately, enabling testing for:
- Devices that require access to external resources or start-up procedures
- Devices that have cloud- or app-based management systems or user interfaces
- Devices that access real-time web applications as part of regular operations
- Devices that require access to CRLs or other certificate validation resources
CDRouter ICS is a licensed add-on that must be purchased from QA Cafe. For information on upgrading your license to include CDRouter ICS or any other add-ons, please contact firstname.lastname@example.org.
CDRouter will report the status of all available add-ons during the installation
process and during startup. To verify that CDRouter ICS is enabled on a system,
run the command
cdrouter-cli -info as root and look for the line ICS is
enabled, as shown below. If this line is present, CDRouter ICS is enabled and
ready to use.
$ cdrouter-cli -info Starting cdrouter-cli Tue Sep 20 11:49:39 EDT 2016 Copyright (c) 2001-2016 by QA Cafe Version 10.2 build 1 (22730 trunk), built 2016-09-18 17:36:24 by email@example.com (x86_64) Loaded OS distro \S Kernel \r on an \m Loaded OS version Linux-3.10.0-327.10.1.el7.x86_64 x86_64 Loaded Tcl version 8.6.6 Loaded buddy version 10.2.1 (firstname.lastname@example.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) Current testpath: /usr/share/doc/cdrouter /home/matt/customTests Trying to load modules from '/usr/share/doc/cdrouter /home/matt/customTests' Start command: /usr/cdrouter/bin/cdrouter-cli -testpath /usr/share/doc/cdrouter -info Test Suite cdrouter 10.2.1 The system ID is 2df9e2a1f8c359183cf0191a20f2cc5a Using license installed at: /etc/cdrouter.lic Registered to: qacafe: matt Maintenance, Support and Upgrades until: 2017-06-01 Licensed to run: cdrouter Multiport is enabled IPv6 is enabled Storage is enabled IKE is enabled TR69 is enabled TR69-EDM is enabled Nmap is enabled BBF.069 is enabled SNMP is enabled Performance is enabled ICS is enabled <-- here CPU is Intel(R) Core(TM) i5-4308U CPU @ 2.80GHz, bogomips 5599.87 Loaded TclXML version 3.1 (libxml2), TclDOM 3.0, xmldefs 3.1 Trying to load modules from '/usr/cdrouter/vendor/IOL/BBF.069/Tests' BBF.069 version 6.0-5 (21451)
In addition, CDRouter ICS is only supported on QA Cafe’s NTA1000 hardware platform. The NTA1000v5 platform supports all CDRouter ICS features. Older NTA1000 platforms may also support certain CDRouter ICS features according to the requirements listed in the table below:
|NTA1000||Supported CDRouter ICS Features||Requirements|
|v1||CDRouter ICS not supported||Please contact email@example.com for hardware upgrade information|
|v2||IPv4 internet connection sharing||NTA1000 software image 4.2 or greater|
|v3||IPv4 internet connection sharing||NTA1000 software image 4.2 or greater|
|v4||IPv4 internet connection sharing||NTA1000 software image 4.2 or greater|
|v5||IPv4 and IPv6 internet connection sharing||NTA1000 software image 5.0 or greater|
Please contact firstname.lastname@example.org for information on upgrading to the latest NTA1000 software image.
CDRouter has traditionally been used for closed loop functional testing of CPE devices. In a closed loop setup, CDRouter’s LAN and WAN interfaces are connected directly to the CPE’s LAN and WAN interfaces, respectively. In this setup, the CPE alone is the device under test (DUT).
In certain situations an additional access concentrator may be required to terminate the CPE’s WAN interface. This occurs when the CPE’s WAN interface is not Ethernet and is instead LTE, DSL, DOCSIS, GPON, etc. In these situations a DSLAM, CMTS, or other access concentrator may be included in the closed loop setup.
In a closed loop setup, CDRouter controls all aspects of the test environment and provides end-to-end connectivity through the DUT for testing. CDRouter simulates the access network and all WAN servers with which the DUT communicates. This approach isolates the DUT and provides consistent and repeatable test results. Test failures in a closed loop setup can be traced directly to issues or functional problems with the DUT.
CDRouter ICS is an add-on that extends the traditional closed loop setup by providing Internet access to the DUT for non-test traffic. This makes it possible to test CPE devices that have cloud- or app-managed elements that require Internet access.
CDRouter ICS implements internet connection sharing by reconfiguring the
ip6tables rules within the host’s operating system. internet
connection sharing can be enabled independently for IPv4 and IPv6 traffic in
most CDRouter configurations. CDRouter ICS also provides extended DNS
functionality that allows requests for non-test resources to be answered by
IPv4 Internet Connection Sharing
When IPv4 internet connection sharing is enabled, CDRouter will create a simple NAT44 configuration on the system’s management interface at the start of the test run. When a packet is later received on the WAN, CDRouter will make a routing decision based on the destination IP address of the received packet.
Packets that have destination IP’s that matching a known test stack will be processed by CDRouter as usual. All other packets will be forwarded by CDRouter to the management interface where they will be NAT’ed by the operating system and sent out on the corporate LAN.
IPv6 Internet Connection Sharing
IPv6 internet connection sharing works much the same way as IPv4 internet connection sharing - when enabled, CDRouter will create a simple NAT66 configuration on the system’s management interface. There are some additional caveats that apply to IPv6 internet connection sharing, namely that IPv6 internet connection sharing can only be enabled if IPv4 internet connection sharing is also enabled.
In addition, IPv6 internet connection sharing is only compatible with CDRouter DHCPv6 prefix delegation configurations, and only addresses within the delegated prefix of the primary CDRouter WAN interface will have external access. As a result, if the DUT requires IPv6 internet connectivity, its global IPv6 address must be contained withing the delegated prefix.
CDRouter ICS also includes enhanced DNS functionality to ensure that the DUT has seamless access to external resources.
In a typical closed loop setup, CDRouter’s DNS servers contain records for only a handful of static, well-known resources. Records are also added dynamically as needed during testing, and users have the option of defining additional records in the configuration file. CDRouter’s DNS servers are only able to provide answers to queries for known resources. As a result, queries for other external resources will go unanswered.
When internet connection sharing is enabled, CDRouter’s DNS servers will use the
operating system’s DNS resolver when a query cannot be answered using its own
records. The operating system may attempt to resolve queries locally via the
/etc/hosts file before sending them to an upstream DNS server.
This additional functionality allows the DUT as well as its LAN clients to
resolve external resources. Currently, this feature is only supported for
The following testvars control internet connection sharing within CDRouter:
To enable internet connection sharing, the testvar supportsICS must be set to “yes”. The testvar icsInterface must be set to the network interface on your CDRouter system which CDRouter ICS will use to route traffic to the internet.
The testvars icsShareIPv4 and icsShareIPv6 control whether internet connection sharing is enabled for IPv4 and IPv6 traffic, respectively. By default, both testvars are set to “yes” meaning internet connection sharing is enabled for both traffic types. To disable internet connection sharing for a traffic type, set that testvar’s value to “no”. Please note that enabling IPv6 internet connection sharing requires also enabling IPv4 internet connection sharing.
There are a number of caveats associated with internet connection sharing technique implemented by CDRouter ICS. Specifically:
Internet connection sharing is only available for traffic on the primary WAN interface defined within the CDRouter configuration file. Traffic received on all other WAN interfaces will be processed solely by CDRouter.
The CDRouter system’s management interface must have an IPv4 address and Internet connectivity in order for IPv4 Internet connection sharing to work. Likewise, the system must also have an IPv6 address and connectivity in order for IPv6 internet connection sharing to work.
No ALGs are enabled within the NAT44 and NAT66 configuration applied by CDRouter to the management interface. Some protocols are not compatible with NAT or require an ALG if NAT is present. As a result, some non-test services or features required by the DUT may not be compatible with this technique.
The IPv4 and IPv6 configuration of CDRouter’s primary WAN interface must not conflict with the IPv4 and IPv6 configuration of the management interface on the system. This requirement is imposed by the operating system when configuring NAT44 and NAT66 on the management interface. If encountered this requirement can be met by changing the IP addresses used by CDRouter on the primary WAN.
Internet connection sharing has the potential to generate very large log and capture files if a significant amount of traffic is forwarded to the system’s management interface.
Internet connection sharing is only enabled while CDRouter is running tests.
Packets destined for addresses within CDRouter’s free network range, for both IPv4 and IPv6, will not be forwarded to the internet. As a result, some care must be taken to ensure that the free network range does not conflict with real servers or services on the internet that users may want to reach.
Enabling ICS may impact test results if resources that are not normally accessible in a closed loop environment become accessible.
There are a number of interesting new test scenarios that are possible when internet connection sharing is enabled:
The reporting capabilities of any cloud or app elements can be verified in real-time while tests are being performed. Information such as the overall status or health of the DUT, the number of connected LAN clients, availability of new firmware, etc. an be analyzed for accuracy.
Diagnostic utilities built in to the DUT that rely on external resources can be tested. This includes well-known utilities such as ping and traceroute and also proprietary utilities that would not typically be available in a closed loop setup.
Verify the behavior of the DUT while performing actions such as a firmware download while CDRouter renumbers the WAN interface.
Test with and without internet connection sharing enabled to ensure that device operates properly if the internet and other external resources are not available.