-
Notifications
You must be signed in to change notification settings - Fork 200
enrollz_tpm20_hmac
Github Action edited this page Dec 2, 2025
·
1 revision
This document outlines the functional network tests (FNTs) for the TPM 2.0 HMAC-based enrollment flow mainly for devices that lack a pre-provisioned Initial Device Identifier (IDevID) certificate (but supports all TPM 2.0 devices). This workflow uses a Hash-based Message Authentication Code (HMAC) challenge-response mechanism to securely verify the device's identity. The process provisions an owner Initial Attestation Key (oIAK) and an owner IDevID (oIDevID) after establishing a chain of trust from the Endorsement Key (EK) or Platform Primary Key (PPK), to the Initial Attestation Key (IAK), and finally to the IDevID.
The primary objective is to test the device's ability to correctly handle the enrollment sequence, including cryptographic operations, request validation, and error handling.
The test validates that the device correctly implements the server-driven TPM enrollment workflow. The following test cases cover both the successful enrollment path and various failure scenarios from the device's perspective.
| ID | Case | Expected Result |
|---|---|---|
| enrollz-1.1 | Successful enrollment for a device that has an EK cert stored in the RoT database. | The device successfully completes the enrollment, obtains oIAK and oIDevID certs, and updates the SSL profile to use the new oIDevID cert. |
| enrollz-1.2 | Successful enrollment for a device that has a PPK public key stored in the RoT database. | The device successfully completes the enrollment, obtains oIAK and oIDevID certs, and updates the SSL profile to use the new oIDevID cert. |
| enrollz-1.3 | Enrollz service presents an invalid client certificate. | The device rejects the mTLS connection, resulting in a gRPC connection failure. |
| enrollz-1.4 | GetControlCardVendorIDRequest with missing control_card_selection. | The device returns an invalid request error. |
| enrollz-1.5 | GetControlCardVendorIDRequest with invalid control_card_selection. | The device returns an invalid request error. |
| enrollz-1.6 | ChallengeRequest with missing control_card_selection. | The device returns an invalid request error. |
| enrollz-1.7 | ChallengeRequest with invalid control_card_selection. | The device returns an invalid request error. |
| enrollz-1.8 | ChallengeRequest with invalid key type KEY_UNSPECIFIED. | The device returns an invalid request error. |
| enrollz-1.9 | ChallengeRequest with an empty hmac_pub_key in HMACChallenge. | The device returns an invalid request error. |
| enrollz-1.10 | ChallengeRequest with an empty duplicate field in HMACChallenge. | The device returns an invalid request error. |
| enrollz-1.11 | ChallengeRequest with an empty in_sym_seed field in HMACChallenge. | The device returns an invalid request error. |
| enrollz-1.12 | ChallengeRequest with a malformed hmac_pub_key in HMACChallenge. | The device's TPM fails to import the HMAC key, and the device returns an invalid request error. |
| enrollz-1.13 | ChallengeRequest with a malformed duplicate in HMACChallenge. | The device's TPM fails to import the HMAC key, and the device returns an invalid request error. |
| enrollz-1.14 | ChallengeRequest with a malformed in_sym_seed in HMACChallenge. | The device's TPM fails to import the HMAC key, and the device returns an invalid request error. |
| enrollz-1.15 | ChallengeRequest with correct key type KEY_EK but the challenge HMAC is wrapped with an invalid EK. | The device returns an invalid request error. |
| enrollz-1.16 | ChallengeRequest with correct key type KEY_PPK but the challenge HMAC is wrapped with an invalid PPK. | The device returns an invalid request error. |
| enrollz-1.17 | GetIdevidCsrRequest with missing control_card_selection. | The device returns an invalid request error. |
| enrollz-1.18 | GetIdevidCsrRequest with invalid control_card_selection. | The device returns an invalid request error. |
| enrollz-1.19 | GetIdevidCsrRequest with invalid key type KEY_UNSPECIFIED. | The device returns an invalid request error. |
| enrollz-1.20 | GetIdevidCsrRequest with an unsupported KeyTemplate. | The device returns a GetIdevidCsrResponse with status as STATUS_UNSUPPORTED. |
| enrollz-1.21 | RotateOIakCert with an invalid control card. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.22 | RotateOIakCert with a populated oidevid_cert but a missing ssl_profile_id. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.23 | RotateOIakCert with a malformed oIAK certificate. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.24 | RotateOIakCert with a oIAK having a mismatched underlying IAK public key. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.25 | RotateOIakCert with a valid oIAK certificate chain but an invalid signature. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.26 | RotateOIakCert with a malformed oIDevID certificate. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.27 | RotateOIakCert with a oIDevID having a mismatched underlying IDevID public key. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.28 | RotateOIakCert with a valid oIDevID certificate chain but an invalid signature. | The device rejects the entire transaction, rolls back any changes, and returns an invalid request error. No certificates are updated on any control card. |
| enrollz-1.29 | RotateOIakCert with valid oIAK and oIDevID for active control card, and only a valid oIAK for the standby control card. | The device successfully completes the enrollment, obtains oIAK and oIDevID certs, and updates the SSL profile to use the new oIDevID ce |
| enrollz-1.30 | Reboot after successful enrollment. | The device comes up successfully and can establish an mTLS connection using the oIDevID certificate. All certificates (oIAK, oIDevID) are persistent. |
| enrollz-1.31 | Reboot after GetIdevidCsr and restart enrollment. | The device successfully completes the enrollment, obtains oIAK and oIDevID certs, and updates the SSL profile to use the new oIDevID cert. |
- Initiate an mTLS connection from the test client (acting as Enrollz) to the device.
- Call
GetControlCardVendorIDfor the active control card with a validControlCardSelection. - Verify the
GetControlCardVendorIDResponsecontains the correctControlCardVendorIdfor the selected card. - Using the serial number from the response, fetch the corresponding EK or PPK public key from a test database (simulating the RoT database).
- Generate a restricted HMAC key, wrap it using the EK/PPK public key, and send it as a challenge to the device in a
ChallengeRPC. - Upon receiving the
ChallengeResponsefrom the device, verify the HMAC signature (iak_certify_info_signature) over the IAK certify info (iak_certify_info) using the generated HMAC key. - Call
VerifyIAKKeyto validate the received IAK public key. This includes:- Verify that the IAK public area (
iak_pub) has attributes specified in Template H-0 for AKs. - Verify that the
magicfield iniak_certify_infois the expected TPM Generated Value (0xff544347). - Compute the IAK name and verify that it matches the
namefield iniak_certify_info. - Verify that in the
iak_certify_info, thenameandqualifiedNamefields are not identical.
- Verify that the IAK public area (
- Call
GetIdevidCsrwith a supportedKeyTemplate(currently only KEY_TEMPLATE_ECC_NIST_P384) . - Upon receiving the
GetIdevidCsrResponse, callVerifyIdevidKeyto validate the IDevID and CSR. This includes:- Parsing the TCG-CSR-IDEVID contents
csr_contents. - Verifying the signature (
signCertifyInfoSignature) of IDevID certify info (signCertifyInfo) using IAK pub key. - Verify the
signCertifyInfocontains the following:- The
magicfield is the expected TPM Generated Value. - The computed IDevID name matches the
namefield. - The
nameandqualifiedNamefields are not identical.
- The
- Verifying the IDevID public key attributes against the template provided.
- Verifying the CSR's signature (
idevid_signature_csr) using the IDevID public key.
- Parsing the TCG-CSR-IDEVID contents
- Repeat steps 2-9 for the standby control card.
- Generate owner-signed oIAK and oIDevID certificates for both control cards.
- Call
RotateOIakCertto install the newly generated owner-signed oIAK and oIDevID certificates for both control cards. The request must use theupdatesfield to specify the certificates. Verify the device returns a successful response.
paths:
rpcs:
gnmi:
gNMI.Subscribe:{}-
Home
- Test Plans
- ACCTZ-1.1: Record Subscribe Full
- ACCTZ-2.1: Record Subscribe Partial
- ACCTZ-3.1: Record Subscribe Non-gRPC
- ACCTZ-4.1: Record History Truncation
- ACCTZ-4.2: Record Payload Truncation
- ACCTZ-5.1: gNSI.acctz.v1 (Accounting) Test RecordSubscribe Idle Timeout - client becomes silent
- ACCTZ-6.1: gNSI.acctz.v1 (Accounting) Test RecordSubscribe Idle Timeout - DoA client
- ACCTZ-7.1: gNSI.acctz.v1 (Accounting) Test Accounting Authentication Failure - Multi-transaction
- ACCTZ-8.1: gNSI.acctz.v1 (Accounting) Test Accounting Authentication Failure - Uni-transaction
- ACCTZ-9.1: gNSI.acctz.v1 (Accounting) Test Accounting Privilege Escalation
- ACCTZ-10.1: gNSI.acctz.v1 (Accounting) Test Accounting Authentication Error - Multi-transaction
- ACL-1.1: ACL match based on L3/L4 fields and DSCP value
- ACL-1.2: ACL Update (Make-before-break)
- ACL-1.3: Large Scale ACL with TCAM profile
- AFT-1.1: AFTs Base
- AFT-1.2: AFTs slow collector
- AFT-1.3: AFTs collector Flap
- AFT-2.1: AFTs Prefix Counters
- AFT-3.1: AFTs Atomic Flag Check
- AFT-5.1: AFTs DUT Reboot
- attestz-1: General enrollz and attestz tests
- Authz: General Authz (1-4) tests
- BMP-1.1: BMP Session Establishment and Telemetry Test
- BMP-2.7: BMP Pre Policy Test
- BMP-2.8: BMP Post Policy Test
- bootz: General bootz bootstrap tests
- CERTZ-1: gNSI Client Certificate Tests
- Certz-2: Server Certificate
- Certz-3: Server Certificate Rotation
- Certz-4: Trust Bundle
- Certz-5: Trust Bundle Rotation
- CFM-1.1: CFM over ETHoCWoMPLSoGRE
- CNTR-1: Basic container lifecycle via
gnoi.Containerz. - CNTR-2: Container network connectivity tests
- CPT-1.1: Interface based ARP policer
- Credentialz-1: Password console login
- Credentialz-2: SSH Password Login Disallowed
- Credentialz-3: Host Certificates
- Credentialz-4: SSH Public Key Authentication
- Credentialz-5: Hiba Authentication
- DP-1.2: QoS policy feature config
- DP-1.3: QoS ECN feature config
- DP-1.4: QoS Interface Output Queue Counters
- DP-1.5: Egress Strict Priority scheduler with bursty traffic
- DP-1.7: One strict priority queue traffic test
- DP-1.8: Two strict priority queue traffic test
- DP-1.9: WRR traffic test
- DP-1.10: Mixed strict priority and WRR traffic test
- DP-1.11: Bursty traffic test
- DP-1.12: ECN enabled traffic test
- DP-1.13: DSCP and ECN bits are copied over during IPinIP encap and decap
- DP-1.14: QoS basic test
- DP-1.15: Egress Strict Priority scheduler
- DP-1.16: Ingress traffic classification and rewrite
- DP-1.17: DSCP Transparency with ECN
- DP-1.19: Egress traffic DSCP rewrite
- DP-2.2: QoS scheduler with 1 rate 2 color policer, classifying on next-hop group
- DP-2.4: Police traffic on input matching all packets using 1 rate, 2 color marker
- DP-2.5: Police traffic on input matching all packets using 2 rate, 3 color marker
- DP-2.6: Police traffic on input matching all packets using 2 rate, 3 color marker with classifier
- enrollz-1: enrollz test for TPM 2.0 HMAC-based Enrollment flow
- enrollz-2: enrollz test for TPM 1.2 Enrollment flow
- example-0.1: Topology Test
- FP-1.1: Power admin DOWN/UP Test
- gNMI-1.1: cli Origin
- gNMI-1.2: Benchmarking: Full Configuration Replace
- gNMI-1.3: Benchmarking: Drained Configuration Convergence Time
- gNMI-1.4: Telemetry: Inventory
- gNMI-1.5: Telemetry: Port Speed Test
- gNMI-1.6: System gRPC Servers running in more than one network-instance
- gNMI-1.8: Configuration Metadata-only Retrieve and Replace
- gNMI-1.9: Get requests
- gNMI-1.10: Telemetry: Basic Check
- gNMI-1.11: Telemetry: Interface Packet Counters
- gNMI-1.12: Mixed OpenConfig/CLI Origin
- gNMI-1.13: Optics Telemetry, Instant, threshold, and miscellaneous static info
- gNMI-1.14: OpenConfig metadata consistency during large config push
- gNMI-1.15: Set Requests
- gNMI-1.16: Fabric redundnacy test
- gNMI-1.17: Controller card redundancy test
- gNMI-1.18: gNMI subscribe with sample mode for backplane capacity counters
- gNMI-1.19: ConfigPush and ConfigPull after Control Card switchover
- gNMI-1.20: Telemetry: Optics Thresholds
- gNMI-1.21: Integrated Circuit Hardware Resource Utilization Test
- gNMI-1.22: Controller card port attributes
- gNMI-1.23: Telemetry: Aggregate Interface Counters
- gNMI-1.24: gNMI Leaf-List Update Test
- gNMI-1.25: Telemetry: Interface Last Change Timestamp
- gNMI-1.26: Carrier Transitions Test
- gNMI-1.27: gNMI Sample Mode Test
- GNMI-2: gnmi_subscriptionlist_test
- gNOI-2.1: Packet-based Link Qualification on 100G and 400G links
- gNOI-3.1: Complete Chassis Reboot
- gNOI-3.2: Per-Component Reboot
- gNOI-3.3: Supervisor Switchover
- gNOI-3.4: Chassis Reboot Status and Reboot Cancellation
- gNOI-4.1: Software Upgrade
- gNOI-5.1: Ping Test
- gNOI-5.2: Traceroute Test
- gNOI-5.3: Copying Debug Files
- gNOI-6.1: Factory Reset
- gNOI-7.1: BootConfig
- gNPSI-1: Sampling and Subscription Check
- HA-1.0: Telemetry: Firewall High Availability.
- Health-1.1: Generic Health Check
- Health-1.2: Healthz component status paths
- INT-1.1: Interface Performance
- IPSEC-1.1: IPSec with MACSec over aggregated links.
- IPSEC-1.2: IPSec Scaling with MACSec over aggregated links.
- IPSEC-1.3: IPSec Packet-Order with MACSec over aggregated links.
- MGT-1: Management HA solution test
- MPLS-1.1: MPLS label blocks using ISIS
- MPLS-1.2: MPLS Traffic Class Marking
- MPLS-2.2: MPLS forwarding via static LSP to BGP next-hop.
- MTU-1.3: Large IP Packet Transmission
- MTU-1.4: Large IP Packet through GRE/GUE tunnel Transmission
- MTU-1.5: Path MTU handing
- OC-1.2: Default Address Families
- OC-26.1: Network Time Protocol (NTP)
- P4RT-1.1: Base P4RT Functionality
- P4RT-1.2: P4RT Daemon Failure
- P4RT-1.3: P4RT behavior when a device/node is dowm
- P4RT-2.1: P4RT Election
- P4RT-2.2: P4RT Metadata Validation
- P4RT-3.1: Google Discovery Protocol: PacketIn
- P4RT-3.2: Google Discovery Protocol: PacketOut
- P4RT-3.21: Google Discovery Protocol: PacketOut with LAG
- P4RT-5.1: Traceroute: PacketIn
- P4RT-5.2: Traceroute Packetout
- P4RT-5.3: Traceroute: PacketIn With VRF Selection
- P4RT-6.1: Required Packet I/O rate: Performance
- P4RT-7.1: LLDP: PacketIn
- P4RT-7.2: LLDP: PacketOut
- PF-1.1: IPv4/IPv6 policy-forwarding to indirect NH matching DSCP/TC.
- PF-1.2: Policy-based traffic GRE Encapsulation to IPv4 GRE tunnel
- PF-1.3: Policy-based IPv4 GRE Decapsulation
- PF-1.4: GUEv1 Decapsulation rule using destination-address-prefix-set and TTL and DSCP behavior test
- PF-1.6: Policy based VRF selection for IPV4/IPV6
- PF-1.7: Decapsulate MPLS in GRE and UDP
- PF-1.8: Ingress handling of TTL
- PF-1.9: Egress handling of TTL
- PF-1.11: Rewrite the ingress innner packet TTL
- PF-1.12: MPLSoGRE IPV4 decapsulation of IPV4/IPV6 payload
- PF-1.13: MPLSoGRE IPV4 decapsulation of IPV4/IPV6 payload scale test
- PF-1.14: MPLSoGRE IPV4 encapsulation of IPV4/IPV6 payload
- PF-1.15: MPLSoGRE IPV4 encapsulation of IPV4/IPV6 payload scale test
- PF-1.16: MPLSoGRE IPV4 encapsulation IPV4/IPV6 local proxy test
- PF-1.17: MPLSoGRE and MPLSoGUE MACsec
- PF-1.18: MPLSoGRE and MPLSoGUE QoS
- PF-1.19: MPLSoGUE IPV4 decapsulation of IPV4/IPV6 payload
- PF-1.20: MPLSoGUE IPV4 decapsulation of IPV4/IPV6 payload scale test
- PF-1.21: Configurable IPv6 flow labels corresponding to IPV6 tunnels
- PF-1.22: GUEv1 Decapsulation and ECMP test for IPv4 and IPv6 payload
- PF-1.23: EthoCWoMPLSoGRE IPV4 forwarding of IPV4/IPV6 payload
- PF-1.24: Add and remove interface bound to PBF
- PF-2.3: Multiple VRFs and GUE DECAP in Default VRF
- PLT-1.1: Interface breakout Test
- PLT-1.2: Parent component validation test
- PLT-1.3: OnChange Subscription Test for Breakout Interfaces
- Replay-1.0: Record/replay presession test
- Replay-1.1: Record/replay diff command trees test
- Replay-1.2: P4RT Replay Test
- RT-1.1: Base BGP Session Parameters
- RT-1.2: BGP Policy & Route Installation
- RT-1.3: BGP Route Propagation
- RT-1.4: BGP Graceful Restart
- RT-1.5: BGP Prefix Limit
- RT-1.7: Local BGP Test
- RT-1.8: BGP Route Reflector Test at scale
- RT-1.10: BGP Keepalive and HoldTimer Configuration Test
- RT-1.11: BGP remove private AS
- RT-1.12: BGP always compare MED
- RT-1.14: BGP Long-Lived Graceful Restart
- RT-1.15: BGP Addpath on scale with and without routing policy
- RT-1.19: BGP 2-Byte and 4-Byte ASN support
- RT-1.21: BGP TCP MSS and PMTUD
- RT-1.23: BGP AFI SAFI OC DEFAULTS
- RT-1.24: BGP 2-Byte and 4-Byte ASN support with policy
- RT-1.25: Management network-instance default static route
- RT-1.26: Basic static route support
- RT-1.27: Static route to BGP redistribution
- RT-1.28: BGP to IS-IS redistribution
- RT-1.29: BGP chained import/export policy attachment
- RT-1.30: BGP nested import/export policy attachment
- RT-1.31: BGP 3 levels of nested import/export policy with match-set-options
- RT-1.32: BGP policy actions - MED, LocPref, prepend, flow-control
- RT-1.33: BGP Policy with prefix-set matching
- RT-1.34: BGP route-distance configuration
- RT-1.35: BGP Graceful Restart Extended route retention (ExRR)
- RT-1.51: BGP multipath ECMP
- RT-1.52: BGP multipath UCMP support with Link Bandwidth Community
- RT-1.53: prefix-list test
- RT-1.54: BGP Override AS-path split-horizon
- RT-1.55: BGP session mode (active/passive)
- RT-1.63: BGP Multihop
- RT-1.64: BGP Import/Export Policy (Control plane only) Functional Test Case
- RT-1.65: BGP scale test
- RT-1.66: IPv4 Static Route with IPv6 Next-Hop
- RT-2.1: Base IS-IS Process and Adjacencies
- RT-2.2: IS-IS LSP Updates
- RT-2.6: IS-IS Hello-Padding enabled at interface level
- RT-2.7: IS-IS Passive is enabled at interface level
- RT-2.8: IS-IS metric style wide not enabled
- RT-2.9: IS-IS metric style wide enabled
- RT-2.10: IS-IS change LSP lifetime
- RT-2.11: IS-IS Passive is enabled at the area level
- RT-2.12: Static route to IS-IS redistribution
- RT-2.13: Weighted-ECMP for IS-IS
- RT-2.14: IS-IS Drain Test
- RT-2.15: IS-IS Extensions for Segment Routing
- RT-2.16: IS-IS Graceful Restart Helper
- RT-3.1: Policy based VRF selection
- RT-3.2: Multiple <Protocol, DSCP> Rules for VRF Selection
- RT-3.52: Multidimensional test for Static GUE Encap/Decap based on BGP path selection and selective DSCP marking
- RT-3.53: Static route based GUE Encapsulation to IPv6 tunnel
- RT-4.10: AFTs Route Summary
- RT-4.11: AFTs Route Summary
- RT-5.1: Singleton Interface
- RT-5.2: Aggregate Interfaces
- RT-5.3: Aggregate Balancing
- RT-5.4: Aggregate Forwarding Viable
- RT-5.5: Interface hold-time
- RT-5.6: Interface Loopback mode
- RT-5.7: Aggregate Not Viable All
- RT-5.8: IPv6 Link Local
- RT-5.9: Disable IPv6 ND Router Arvetisment
- RT-5.10: IPv6 Link Local generated by SLAAC
- RT-5.11: LACP Intervals
- RT-5.12: Suppress IPv6 ND Router Advertisement [Depreciated]
- RT-5.13: Flow control test
- RT-6.1: Core LLDP TLV Population
- RT-7.1: BGP default policies
- RT-7.2: BGP Policy Community Set
- RT-7.3: BGP Policy AS Path Set
- RT-7.4: BGP Policy AS Path Set and Community Set
- RT-7.5: BGP Policy - Match and Set Link Bandwidth Community
- RT-7.6: BGP Link Bandwidth Community - Cumulative
- RT-7.8: BGP Policy Match Standard Community and Add Community Import/Export Policy
- RT-7.9: BGP ECMP for iBGP with IS-IS protocol nexthop
- RT-7.10: Routing policy statement insertion and removal
- RT-7.11: BGP Policy - Import/Export Policy Action Using Multiple Criteria
- RT-7.51: BGP Auto-Generated Link-Bandwidth Community
- RT-8: Singleton with breakouts
- RT-10.1: Default Route Generation based on 192.0.0.0/8 Presence
- RT-10.2: Non-default Route Generation based on 192.168.2.2/32 Presence in ISIS
- RT-14.2: GRIBI Route Test
- SEC-3.1: Authentication
- SFLOW-1: sFlow Configuration and Sampling
- SR-1.1: Transit forwarding to Node-SID via ISIS
- SR-1.2: Egress Node Forwarding for MPLS traffic with Explicit Null label
- Storage-1.1: Storage File System Check
- SYS-1.1: Test default COPP policy thresholds for Arista
- SYS-2.1: Ingress control-plane ACL.
- SYS-3.1: AAA and TACACS+ Configuration Verification Test Suite
- SYS-4.1: System Mount Points State Verification
- System-1.1: System banner test
- System-1.2: System g protocol test
- System-1.3: System hostname test
- System-1.4: System time test
- System-1.5: System software-version test
- TE-1.1: Static ARP
- TE-1.2: My Station MAC
- TE-2.1: gRIBI IPv4 Entry
- TE-2.2: gRIBI IPv4 Entry With Aggregate Ports
- TE-3.1: Base Hierarchical Route Installation
- TE-3.2: Traffic Balancing According to Weights
- TE-3.3: Hierarchical weight resolution
- TE-3.5: Ordering: ACK Received
- TE-3.6: ACK in the Presence of Other Routes
- TE-3.7: Base Hierarchical NHG Update
- TE-3.31: Hierarchical weight resolution with PBF
- TE-4.1: Base Leader Election
- TE-4.2: Persistence Mode
- TE-5.1: gRIBI Get RPC
- TE-6.1: Route Removal via Flush
- TE-6.2: Route Removal In Non Default VRF
- TE-6.3: Route Leakage between Non Default VRF
- TE-8.1: DUT Daemon Failure
- TE-8.2: Supervisor Failure
- TE-9.2: MPLS based forwarding Static LSP
- TE-9.3: FIB FAILURE DUE TO HARDWARE RESOURCE EXHAUST
- TE-9: gRIBI MPLS Compliance
- TE-10: gRIBI MPLS Forwarding
- TE-11.1: Backup NHG: Single NH
- TE-11.2: Backup NHG: Multiple NH
- TE-11.3: Backup NHG: Actions
- TE-11.21: Backup NHG: Multiple NH with PBF
- TE-11.31: Backup NHG: Actions with PBF
- TE-13.1: gRIBI route ADD during Failover
- TE-13.2: gRIBI route DELETE during Failover
- TE-14.1: gRIBI Scaling
- TE-14.2: encap and decap scale
- TE-15.1: gRIBI Compliance
- TE-16.1: basic encapsulation tests
- TE-16.2: encapsulation FRR scenarios
- TE-16.3: encapsulation FRR scenarios
- TE-17.1: VRF selection policy driven TE
- TE-18.1: gRIBI MPLS-in-UDP Encapsulation
- TE-18.3: MPLS in UDP Encapsulation Scale Test
- TE-18.4: ECMP hashing on outer and inner packets with MPLSoUDP encapsulation
- TestID-16.4: gRIBI to BGP Route Redistribution for IPv4
- TR-6.1: Remote Syslog feature config
- TR-6.2: Local logging destinations
- TRANSCEIVER-1.1: Telemetry: 400ZR Chromatic Dispersion(CD) telemetry values streaming
- TRANSCEIVER-1.2: Telemetry: 400ZR_PLUS Chromatic Dispersion(CD) telemetry values streaming
- TRANSCEIVER-3.1: Telemetry: 400ZR Optics firmware version streaming
- TRANSCEIVER-3.2: Telemetry: 400ZR_PLUS Optics firmware version streaming
- TRANSCEIVER-4.1: Telemetry: 400ZR RX input and TX output power telemetry values streaming.
- TRANSCEIVER-4.2: Telemetry: 400ZR_PLUS RX input and TX output power telemetry values streaming.
- TRANSCEIVER-5.1: Configuration: 400ZR channel frequency, output TX launch power and operational mode setting.
- TRANSCEIVER-5.2: Configuration: 400ZR_PLUS channel frequency, output TX launch power and operational mode setting.
- TRANSCEIVER-6.1: Telemetry: 400ZR Optics performance metrics (pm) streaming.
- TRANSCEIVER-6.2: Telemetry: 400ZR_PLUS Optics performance metrics (pm) streaming.
- TRANSCEIVER-7.1: Telemetry: 400ZR Optics inventory info streaming
- TRANSCEIVER-7.2: Telemetry: 400ZR_PLUS Optics inventory info streaming
- TRANSCEIVER-8.1: Telemetry: 400ZR Optics module temperature streaming.
- TRANSCEIVER-8.2: Telemetry: 400ZR_PLUS Optics module temperature streaming.
- TRANSCEIVER-9.1: Telemetry: 400ZR TX laser bias current telemetry values streaming.
- TRANSCEIVER-9.2: Telemetry: 400ZR_PLUS TX laser bias current telemetry values streaming.
- TRANSCEIVER-10.1: Telemetry: 400ZR Optics FEC(Forward Error Correction) Uncorrectable Frames Streaming.
- TRANSCEIVER-10.2: Telemetry: 400ZR_PLUS Optics FEC(Forward Error Correction) Uncorrectable Frames Streaming.
- TRANSCEIVER-11.1: Telemetry: 400ZR Optics logical channels provisioning and related telemetry.
- TRANSCEIVER-11.2: Telemetry: 400ZR_PLUS Optics logical channels provisioning and related telemetry.
- TRANSCEIVER-12.1: Telemetry: 400ZR Transceiver Supply Voltage streaming.
- TRANSCEIVER-12.2: Telemetry: 400ZR_PLUS Transceiver Supply Voltage streaming.
- TRANSCEIVER-13.1: Configuration: 400ZR Transceiver Low Power Mode Setting.
- TRANSCEIVER-13.2: Configuration: 400ZR_PLUS Transceiver Low Power Mode Setting.
- TRANSCEIVER-101: Telemetry: ZR platform OC paths streaming.
- TRANSCEIVER-102: Telemetry: ZR terminal-device OC paths streaming.
- TRANSCEIVER-103: Telemetry: ZR Plus platform OC paths streaming.
- TRANSCEIVER-104: Telemetry: ZR Plus terminal-device OC paths streaming.
- TRANSCEIVER-105: Telemetry: ZR platform OC paths streaming.
- TRANSCEIVER-106: Telemetry: ZR terminal-device OC paths streaming.
- TRANSCEIVER-107: Telemetry: ZR Plus platform OC paths streaming.
- TRANSCEIVER-108: Telemetry: ZR Plus terminal-device OC paths streaming.
- TUN-1.3: Interface based IPv4 GRE Encapsulation
- TUN-1.4: Interface based IPv6 GRE Encapsulation
- TUN-1.6: Tunnel End Point Resize for Ecapsulation - Interface Based GRE Tunnel
- TUN-1.9: GRE inner packet DSCP
- URPF-1.1: uRPF validation from non-default network-instance
- Test Plans