From adc6872c65a4b266a67ab20770c29916ca79cb04 Mon Sep 17 00:00:00 2001 From: iosc Date: Mon, 22 Mar 2021 15:28:31 +0100 Subject: USERDOCAP-636 - all books renamed into enea edge Change-Id: I3ce4380c19653ef14792960ad968664b70f3c2bf --- .../doc/128t_vnf_router.xml | 715 ++++++++++ .../doc/appendix_1.xml | 63 + .../doc/appendix_2.xml | 326 +++++ .../doc/appendix_3.xml | 7 + .../doc/appendix_4.xml | 103 ++ .../doc/appendix_5.xml | 243 ++++ doc/book-enea-edge-example-usecases/doc/book.xml | 44 + .../doc/clav_vnf_examples.xml | 396 ++++++ .../doc/enea_test_vnf_examples.xml | 308 +++++ .../doc/forti_vnf_examples.xml | 627 +++++++++ .../doc/images/fortinet_interface.png | Bin 0 -> 55312 bytes .../doc/images/trgt.png | Bin 0 -> 50826 bytes .../doc/images/trgt.svg | 1231 +++++++++++++++++ .../doc/images/trgt_servicechain.png | Bin 0 -> 69317 bytes .../doc/images/trgt_servicechain.svg | 1402 +++++++++++++++++++ .../doc/images/uc_clavister_bridge.png | Bin 0 -> 36145 bytes .../doc/images/uc_clavister_bridge.svg | 966 +++++++++++++ .../doc/images/uc_clavister_sriov.png | Bin 0 -> 40185 bytes .../doc/images/uc_clavister_sriov.svg | 1152 ++++++++++++++++ .../doc/images/uc_enea_test_vnf.png | Bin 0 -> 37660 bytes .../doc/images/uc_enea_test_vnf.svg | 1002 ++++++++++++++ .../doc/images/uc_fortigate_fw.png | Bin 0 -> 27026 bytes .../doc/images/uc_fortigate_fw.svg | 940 +++++++++++++ .../doc/images/uc_fortigate_sdwan.png | Bin 0 -> 45248 bytes .../doc/images/uc_fortigate_sdwan.svg | 1449 ++++++++++++++++++++ .../doc/images/uc_vnf_chaining.png | Bin 0 -> 41097 bytes .../doc/images/uc_vnf_chaining.svg | 1186 ++++++++++++++++ .../doc/introduction.xml | 27 + .../doc/service_chaining_128t_fortigate.xml | 1064 ++++++++++++++ .../doc/vnf_chaining.xml | 407 ++++++ doc/book-enea-edge-example-usecases/swcomp.mk | 10 + 31 files changed, 13668 insertions(+) create mode 100644 doc/book-enea-edge-example-usecases/doc/128t_vnf_router.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/appendix_1.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/appendix_2.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/appendix_3.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/appendix_4.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/appendix_5.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/book.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/clav_vnf_examples.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/enea_test_vnf_examples.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/forti_vnf_examples.xml create mode 100755 doc/book-enea-edge-example-usecases/doc/images/fortinet_interface.png create mode 100644 doc/book-enea-edge-example-usecases/doc/images/trgt.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/trgt.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.png create mode 100755 doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.svg create mode 100644 doc/book-enea-edge-example-usecases/doc/introduction.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/service_chaining_128t_fortigate.xml create mode 100644 doc/book-enea-edge-example-usecases/doc/vnf_chaining.xml create mode 100755 doc/book-enea-edge-example-usecases/swcomp.mk (limited to 'doc/book-enea-edge-example-usecases') diff --git a/doc/book-enea-edge-example-usecases/doc/128t_vnf_router.xml b/doc/book-enea-edge-example-usecases/doc/128t_vnf_router.xml new file mode 100644 index 0000000..89692b0 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/128t_vnf_router.xml @@ -0,0 +1,715 @@ + + + 128T VNF Router Example Use-case + + The 128T Networking Platform (128T) natively provides network-based + security, control, and insight across data centers, wide-area networks + (WAN), and edge locations for enterprises, service providers, and cloud + companies alike. + +
+ Prerequisites + + The following are needed for this example use case: + + + + 1 in band management port for device management. + + + + 1 in band management port for 128T VNF. + + + + 1 WAN interface for 128T. + + + + 1 LAN interface for 128T. + + + + The following files are needed for this example use-case: + + + + 128T router VNF image. Please contact 128 Technology to get a + VNF image and its license file. + + + + cloud-init iso image. + + + + + For data path validation, it may be required to generate a new + cloud-init image to match your network configuration. + +
+ +
+ 128T VNF Router + +
+ 128T VNF Router Setup Overview + + + + + + +
+ +
+ Use-case Setup + + Configuring Network Interfaces on uCPE + devices: + + Add the trgt uCPE device into Enea Edge Management: + Devices -> Manage -> Add. + + Fill in the required fields with the following data: + + + Device Details + + + + + + + + + + + Field + + Value + + + + + + Type + + Enea universal CPE + + + + Release + + 2.2.2 + + + + Name + + trgt + + + + IP/DNS Address + + <unspecified> + + + + Description + + Target 1 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + null + + + + Device ID + + Also configured during installation of the device + (E.g.: Target-15). + + + + OK + + Green status indicates connection with uCPE device + was established. + + + +
+ + + + In order to add the device on the map: Right-Click on + Map -> Place Device -> trgt. + + + + Configure the virtualization infrastructure for 128T VNF by + creating three OVS bridges and a host interface: + + Add the Host Interface by selecting the trgt device, then + Configuration -> External Interfaces -> + Configuration -> Add, and fill in the required fields + with the following data: + + + Host Interface Details + + + + + + + + + + + Field + + Value + + + + + + Source + + enp4s0f1. The only interface + available for LAN connection. + + + + networking-type + + dpdk + + + + dpdk-type + + vfio-pci + + + + Create + + <interface enp4s0f1 ready to be used in a LAN + bridge.> + + + +
+ + Select the trgt device then: Configuration -> + OpenVSwitch -> Bridges -> Add, and fill in the + required fields for each bridge with the following data from each + table: + + + ibm_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + ibm_br + + + + ovs-bridge-type + + inbandMgmt + + + + Create + + The system will automatically select the + physical interface that has access to Enea Edge + Management. + + + +
+ + + vnf_mgmt_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + vnf_mgmt_br + + + + ovs-bridge-type + + vnfMgmt + + + + vnf-mgmt-address + + 10.0.0.1 + + + + Create + + + + + +
+ + + lan_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + lan_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + communication + + + + + + + Name: enp4s0f1 OK + + + + Create + + + + + +
+ + + + Onboarding the VNFs: + + Onboard the VM Image through VNF -> Descriptors -> + On-board, and fill in the required fields with the following + values: + + + VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + centos_128t_with_ci.qcow2 + + + + Image format + + QCOW2 + + + + VNF Type Name + + 128T + + + + Description + + 128T Router + + + + Version + + 1.0 + + + + Memory in MB + + 8192. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 2. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.2 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60001 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed with another type of + access. Please consult official 128T documentation and make sure + the 128T VNF is configured to accept another type of connection + before changing the port number. + + + + externalMgmtPort (60001) represents the + external port on which the user can access the VNF management + interface via HTTPS. Another port can be selected if needed. There + are no other changes required or components affected by this + change. + + + + vnfMgmtIpAddress (10.0.0.2) represents + the IP address of the management interface of the 128T VNF. + Changing this value requires an update to the 128T configuration + to match the new IP address. + + + + + Instantiating the VNFs: + + Instantiate the 128T VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + 128T VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + 128T_trgt_1 + + + + VNF Type + + 128T + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + centos_128t_internet_ci.iso + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: ibm_br + + + + lan (dpdk) + + Bridge: lan_br + + + + Create + + + + + +
+ + + To procure the VNF image files and their licenses, please + contact each respective VNF provider. + +
+ +
+ Testing the Use-case + + In order to access the web interface of the 128T VNF, open a + browser from a machine connected on the same network with the WAN port + of the trgt uCPE device and browse to: + https://<public_trgt_WAN_IP>:60001. Log in + using the following credentials: + + + + Username: admin + + + + Password: 128Tadmin + + + + In order to validate the data path, connect a test machine to the + LAN physical port, assign the static IP and a route:> ifconfig eth3 192.168.64.3 netmask 255.255.255.0 +> ip route add default via 192.168.64.1 dev eth3 +> ping 8.8.8.8 +
+ +
+ Use-case Clean-up + + In order to remove the setup created previously all components + need to be deleted in reverse order: + + + + Select the trgt uCPE device -> VNF -> Instances -> + 128T -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Bridges. Select all bridges -> Delete. + + + + Select the trgt uCPE device -> Configuration -> External + Interfaces -> Configuration. Select all interfaces -> + Delete. + + + + VNF -> Descriptors, select all bundles -> + Offboard. + + +
+
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/appendix_1.xml b/doc/book-enea-edge-example-usecases/doc/appendix_1.xml new file mode 100644 index 0000000..df262af --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/appendix_1.xml @@ -0,0 +1,63 @@ + + + How to create a 128T cloud-init iso image (day-0 + configuration) + + Prerequisites: + + Development host with Linux shell. + + + + genisoimage tool installed. + + + + Unpack the 128T/128t-cloud-init-example.tar.gz + archive and check the README file for more details: + + >tar -zxf 128t-cloud-init-example.tar.gz +>cd 128T/cloud-init-example/ +>ls ./ +README +user-data +meta-data +t128-running.xml + + To generate the cloud-init iso image: + + >genisoimage -output centos_128t_ci.iso -volid cidata -joliet \ +-rock user-data meta-data t128-running.xml + + Notes: + + user-data and meta-data + files must be kept unchanged. + + + + To update the 128T configuration change the + t128-runing.xml file. + + + + XML is the same file downloaded from 128T web access: + configuration -> Import and Export Configuration -> + Export Configuration -> Download Configuration. The + configuration can be updated from a web interface, downloaded onto the + development host and used in generating a new cloud-init iso + image. + + + + By default, t128-running.xml is configured to pass + all traffic from the LAN to the WAN interface. There is only one change + required for the 128T VNF to work on the user's network: + + <rt:next-hop>172.24.15.254</rt:next-hop> + + Please change <172.24.15.254> with the IP address of your + Gateway in the t128-running.xml file and generate a new + iso image as described above. For more details about configuring the 128T + VNF please contact 128 Technologies. + \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/appendix_2.xml b/doc/book-enea-edge-example-usecases/doc/appendix_2.xml new file mode 100644 index 0000000..2458d99 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/appendix_2.xml @@ -0,0 +1,326 @@ + + + How to create the 128T image for NFV Access + + The following steps were used by Enea to generate the 128T qcow2 image + used as the VNF image on NFV Access. + + + Keep in mind a Virtual Machine was used instead of a physical + host. + + + Prerequisites: + + 128T-3.2.7-1.el7.centos.x86_64.iso provided + by 128 Technologies. + + + + A Linux development host with internet access. + + + + A least one of the TAP interfaces connected to a bridge with + Internet access. + + How to create the 128T image for NFV + Access: + + >qemu-img create -f qcow2 128t.qcow2 128G +>qemu-system-x86_64 -enable-kvm -m 8G -cpu host -smp cores=3,sockets=1 \ +-M q35 -nographic bios /usr/share/qemu/bios.bin -boot order=d,menu=on \ +cdrom 128T-3.2.7-1.el7.centos.x86_64.iso \ +hdb 128t.qcow2 \ +device e1000,netdev=net1,mac=52:52:01:02:03:01 \ +netdev tap,id=net1,ifname=tap1,script=no,downscript=no + + + + Press the <ENTER> key to begin the installation + process. + + + + Wait for the distribution and the 128T to install: + + ------------------------------ +128T Packages Installed + +Please Remove Install Media, + +then enter <Yes> to reboot and +continue install process + + <Yes> <No> +------------------------------ + + Press Yes. + + + + Wait to reboot and press CTR+ a+c to enter + the qemu monitor: + + (qemu) quit + + + + Start qemu only with the qcow2 image attached, no installer + image required: + + >qemu-system-x86_64 -enable-kvm -m 8G -cpu host -smp cores=3,sockets=1 \ +-M q35 -nographic bios /usr/share/qemu/bios.bin \ +-boot order=c,menu=on \ +-hda 128t.qcow2 \ +-device e1000,netdev=net1,mac=52:52:01:02:03:01 \ +-netdev tap,id=net1,ifname=tap1,script=no,downscript=no + +------------------------------------------------------------------------------ +Booting from Hard Disk... +. + + * CentOS Linux (3.10.0-514.2.2.el7.x86_64) 7 (Core) + CentOS Linux (0-rescue-4e73a369e89e466a888c9c77655a1d65) 7 (Core) + + + Use the ^ and v keys to change the selection. + Press 'e' to edit the selected item, or 'c' for a command prompt. +------------------------------------------------------------------------------ + + Select the first option. + + + + |-------------------128T Installer-------------------| +| | +| Configure Linux Networking | +| | +| Before 128T SetUp? | +| | +| | +| < Yes > < No > | +|----------------------------------------------------| + + Select NO. + + + + |----------------------------------------------------| +| Please select a role for this node: | +| |----------------------------------------------| | +| | (*) Router | | +| | ( ) Conductor | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------|Select + Router and OK. + + + + |-------------------Conductor Info-------------------| +| | +| |----------------------------------------------| | +| |1st Conductor Address | | +| |Conductor Address | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Skip > < Back > < Help > | +|----------------------------------------------------| + + Select SKIP. + + + + |----------------------HA Setup----------------------| +| What kind of Router node is this? | +| |----------------------------------------------| | +| |(*) Standalone No HA peer | | +| |( ) 1st HA Node HA peer is not set up | | +| |( ) 2nd HA Node HA peer is already set up | | +| |----------------------------------------------| | +| | +| | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------|Select + Standalone and OK. + + + + |---------------------Node Info----------------------| +| |----------------------------------------------| | +| | Node Role Router | | +| | Node Name 128tNode | | +| | Router Name 128tRouter | | +| |----------------------------------------------| | +| | +|----------------------------------------------------| +| < OK > < Advanced > < Back > < Help > | +|----------------------------------------------------| + + Enter a name for the router and node, press OK. + + + + |-------------------Password Setup-------------------| +| Enter the new password for the 128T 'admin' | +| user: | +| |----------------------------------------------| | +| | 128Tadmin | | +| |----------------------------------------------| | +| | | +|----------------------------------------------------| +| < OK > < Back > | +|----------------------------------------------------| + + Enter the password for web access: 128Tadmin + and confirm the password. + + + + |--------------------------Anonymous Data Collection--------------------------| +| The 128T Networking Platform comes packaged with a software process | +|("Roadrunner") that is used to proactively monitor the health and liveliness | +|of the 128T Router and associated components. This watchdog process collects | +|anonymous information from the router and sends it to 128 Technology for | +|storage and analysis. This information helps inform 128 Technology about | +|software usage, to aid in the support and improvement of the 128 Technology | +|Networking Platform. | +| | +|Disabling this feature will prevent the sending of anonymous usage data to | +|128 Technology. | +| | +| | +| < Accept > < Back > < Disable > | +|-----------------------------------------------------------------------------| + + Select Accept. + + + + |-----128T Statistics Table Creator-----| +| Created table for metric 760/827 | +| Created table for metric 770/827 | +| Created table for metric 780/827 | +| Created table for metric 790/827 | +| Created table for metric 800/827 | +| Created table for metric 810/827 | +| Created table for metric 820/827 | +| Finished pre-creating stats tables | +| Creating tables for audit events | +| Finished creating audit event tables | +| Completed in 27.001386642456055 s | +| Shutting down local Cassandra node | +|---------------------------------------| +| < OK > | +|---------------------------------------| + + Select OK. + + + + |--------128T Installer Status----------| +| | +| Install SUCCESS | +| | +| Start 128T Router | +| before proceeding to | +| login prompt? | +|---------------------------------------| +| < Yes > < No > | +|---------------------------------------| + + Select: Yes + + + + localhost login: root +Password: + + The following user accounts and passwords are created during the + ISO installation process: + + + Accounts Created + + + + + + + User + + Password + + + + + + root + + 128tRoutes + + + + t128 + + 128tRoutes + + + +
+ + + + GUI login via HTTPS is enabled by default on port 443 + + [root@localhost ~]# dhclient enp0s2 +[root@localhost ~]# echo "nameserver 8.8.8.8" >>/etc/resolv.conf +[root@localhost ~]# yum -y install cloud-init +[root@localhost ~]# reboot + + + + Wait to reboot and press CTR+ a+c to enter in qemu + monitor. + + (qemu) quit +> qemu-img info 128t.qcow2 +image: 128t.qcow2 +file format: qcow2 +virtual size: 128G (137438953472 bytes) +disk size: 5.4G +cluster_size: 65536 +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + corrupt: false + + + + Compress the generated 128t.qcow2 image to + decrease the size of VNF image: + + qemu-img convert -O qcow2 -c 128t.qcow2 centos_128t_compressed.qcow2 + +> qemu-img info centos_128t_compressed.qcow2 +image: centos_128t_compressed.qcow2 +file format: qcow2 +virtual size: 128G (137438953472 bytes) +disk size: 1.2G +cluster_size: 65536 +Format specific information: + compat: 1.1 + lazy refcounts: false + refcount bits: 16 + corrupt: false + +centos_128t_compressed.qcow2 - Resulted image can be used in NFV Access. + + + \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/appendix_3.xml b/doc/book-enea-edge-example-usecases/doc/appendix_3.xml new file mode 100644 index 0000000..e8bd5ce --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/appendix_3.xml @@ -0,0 +1,7 @@ + + + How to configure Fortigate VNF (day-0 configuration) + + Please check the README file from Fortigate folder for more + details. + \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/appendix_4.xml b/doc/book-enea-edge-example-usecases/doc/appendix_4.xml new file mode 100644 index 0000000..0e207ae --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/appendix_4.xml @@ -0,0 +1,103 @@ + + + Running Enea Automation Framework and Test Harness + + For more detailed information regarding the Automation Framework and + Test Harness please see the . + + The most relevant information from the Automation Framework and Test + Harness structure is presented below: + + |---automation_framework +| |---unittestSuite +| | |---128tCleanup.json - Use case 1 - clean up - test. +| | |---128tDeploy.json - Use case 1 - test. +| | |---128t_FG_SFCCleanup.json - Use case 2 - clean up - test. +| | |---128t_FG_SFCDeploy.json - Use case 2 - test. +| | |---config +| | | |---cust + - Folder containing the configuration files used by tests. +| | |---unittestLoader.py +| | |---unittestSuite.py +|---lab_config +| |---trgt-1 +| | |---ibm_br.json - In-band management definition. +| | |---lan_br.json - Lan bridge definition. +| | |---target.json + - Target definition - the "address", "deviceId", "name" and \ + "version" must be updated. +| | |---sfc_br.json - Service chain bridge definition. +| | |---vnf_mgmt_br.json - VNF management bridge definition. +| | |---lan_nic.json - NIC definition. +|---vnf_config +| |---128t +| | |---128tInstance.json - 128T instantiation - used in use case 1. +| | |---128t.json - 128T onboarding. +| | |---128tSFCInstance.json - 128T instantiation - used in use case 2. +| | |---centos_128t_internet_ci.iso - 128T cloud init (day-0) iso image. +| |---fortigate +| | |---fg_basic_fw.conf - Fortigate day-0 configuration. +| | |---fortigateInstance.json - Fortigate instantiantion. +| | |---fortigate.json - Fortigate onboarding. +| | |---fortigateLicense.lic + - Fortigate license - contact Fortinet to get a VNF image and license file. +|---vnf_image +| |---centos_128t_with_ci.qcow2 - Contact 128 Technology to get a \ + VNF image and its license file. +| |---fortios.qcow2 - Contact Fortinet to get a VNF image \ + and its license file. + + Make sure to update the relevant configuration file for your setup. + The essential files to consider are the uCPE Device configuration + (target.json), the license for the Fortigate VNF, and + the 128T cloud-init iso image matching your network. + + For uCPE Device configuration (target.json) + please change the following information, if needed, in the JSON file: + + + + address - The IP address of uCPE Device. + + + + version - The NFVA version. + + + + deviceId - The device ID of uCPE Device. + + + + name - The name of uCPE Device. + + + + + Before starting the two usecases detailed in the following appendix, + the uCPE Device needs to be added into Enea Edge Management. + + + To properly set up the Automation Framework and Test Harness please + see Installation and Initial Setup in the + for more details. + + To run a test: + + > cd automation_framework/unittestSuite/ +> python unittestSuite.py -u admin -p admin -H <uCPEManager IP address> -n \ +<uCPE Device name> -s <Test suite> -d <description> + + The Test suite must be one from any of the + following: 128tDeploy.json, + 128tCleanup.json, + 128t_FG_SFCDeploy.json, or + 128t_FG_SFCCleanup.json. + \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/appendix_5.xml b/doc/book-enea-edge-example-usecases/doc/appendix_5.xml new file mode 100644 index 0000000..67f38e5 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/appendix_5.xml @@ -0,0 +1,243 @@ + + + Example Tests Results using the Automation Framework and Test Harness + + In order to run the following example usecases, certain configuration + file entries need to be modified according to the network setup that it will + be used, for more details see the previous appendix: + + + + uCPE Device name: inteld1521-17 + + + + address: 172.24.8.62 + + + + version: 2.2.3 + + + + deviceId: inteld1521-17 + + + + > cat lab_config/trgt-1/target.json +{ + "name": "inteld1521-17", + "deviceGroupingTags": " ", + "description": "trgt", + "address": "172.24.8.62", + "port": "830", + "username": "root", + "password": "", + "certificate": null, + "passphrase": null, + "callHome": "false", + "maintMode": "false", + "version": "2.2.3", + "deviceId": "inteld1521-17" +}The IP address of Enea Edge Management that will be used in + these examples is 172.24.3.92. + + The FortiGate and 128T VNF images need to be copied into the + vnf_image directory. The names should be the same as + those described in the previous appendix. + + The FortiGate valid license file needs to be copied into the + vnf_config/fortigate/ directory. The name should be the + same as that described in the previous appendix. + + The cloud init files that match the network, need to be copied into + the vnf_config/fortigate/ and the + vnf_config/128t/ directories respectively. The names + should be the same as those described in the previous appendix. + +
+ Use-case 1: 128T VNF Router Example Use-case + + > cd automation_framework/unittestSuite/ +> python unittestSuite.py -u admin -p admin -H 172.24.3.92 -n inteld1521-17 \ +-s 128tDeploy.json -d "128T Deployment" + +Running 128T Deployment... + +test 001: Wait VCPE Agent device be up (__main__.UnittestSuite) ... +2020-08-26 10:10:05,517 - INFO: Wait uCPE device +2020-08-26 10:10:36,650 - INFO: Status: Connected +2020-08-26 10:10:36,651 - INFO: Done +ok +test 002: Bind NIC to DPDK for LAN connection (__main__.UnittestSuite) ... +2020-08-26 10:10:36,686 - INFO: Bind NIC +2020-08-26 10:10:37,788 - INFO: Done +ok +test 003: Creating ibm bridge (__main__.UnittestSuite) ... +2020-08-26 10:10:37,818 - INFO: New OVS network bridge +2020-08-26 10:10:58,762 - INFO: Done +ok +test 004: Creating VNF Management bridge (__main__.UnittestSuite) ... +2020-08-26 10:10:58,794 - INFO: New OVS network bridge +2020-08-26 10:10:58,977 - INFO: Done +ok +test 005: Creating LAN bridge and attaching lan interface to the bridge \ +(__main__.UnittestSuite) ... +2020-08-26 10:10:59,003 - INFO: New OVS network bridge +2020-08-26 10:10:59,334 - INFO: Done +ok +test 006: Onboarding 128T VNF (wizard API) (__main__.UnittestSuite) ... +2020-08-26 10:10:59,370 - INFO: Onboard wizard +2020-08-26 10:13:55,775 - INFO: Done +ok +test 007: Instantiate 128T VNF (__main__.UnittestSuite) ... +2020-08-26 10:13:55,813 - INFO: Instantiate VNF +2020-08-26 10:14:56,583 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 7 tests in 291.103s + +OK + +> python unittestSuite.py -u admin -p admin -H 172.24.3.92 -n inteld1521-17 \ +-s 128tCleanup.json -d "128T Cleanup" + +Running 128T Cleanup... + +test 001: Destroying 128T VNF (__main__.UnittestSuite) ... +2020-08-26 10:15:28,395 - INFO: Destroy VNF +2020-08-26 10:15:29,452 - INFO: Done +ok +test 002: Deleting network bridge LAN (__main__.UnittestSuite) ... +2020-08-26 10:15:29,493 - INFO: Delete OVS network bridge +2020-08-26 10:15:29,734 - INFO: Done +ok +test 003: Deleting VNF management bridge (__main__.UnittestSuite) ... +2020-08-26 10:15:29,765 - INFO: Delete OVS network bridge +2020-08-26 10:15:30,080 - INFO: Done +ok +test 004: Deleting ibm(In Band Management) bridge (__main__.UnittestSuite) ... +2020-08-26 10:15:30,110 - INFO: Delete OVS network bridge +2020-08-26 10:15:46,907 - INFO: Done +ok +test 005: Unbind LAN NIC from DPDK target (__main__.UnittestSuite) ... +2020-08-26 10:15:46,967 - INFO: Unbind NIC +2020-08-26 10:15:48,489 - INFO: Done +ok +test 006: Offboarding 128t VNF (__main__.UnittestSuite) ... +2020-08-26 10:15:48,531 - INFO: Offboard VNF +2020-08-26 10:15:49,171 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 6 tests in 20.808s + +OK +
+ +
+ Use-case 2: Service Chaining 128T - Fortigate Example + Use-case + + > python unittestSuite.py -u admin -p admin -H 172.24.3.92 -n inteld1521-17 \ +-s 128t_FG_SFCDeploy.json -d "128T - Fortigate SFC Deployment" + +Running 128T - Fortigate SFC Deployment... + +test 001: Wait VCPE Agent device be up (__main__.UnittestSuite) ... +2020-08-26 10:17:29,361 - INFO: Wait uCPE device +2020-08-26 10:18:00,473 - INFO: Status: Connected +2020-08-26 10:18:00,474 - INFO: Done +ok +test 002: Bind NIC to DPDK for LAN connection (__main__.UnittestSuite) ... +2020-08-26 10:18:00,634 - INFO: Bind NIC +2020-08-26 10:18:01,805 - INFO: Done +ok +test 003: Creating ibm bridge (__main__.UnittestSuite) ... +2020-08-26 10:18:01,863 - INFO: New OVS network bridge +2020-08-26 10:18:30,640 - INFO: Done +ok +test 004: Creating VNF Management bridge (__main__.UnittestSuite) ... +2020-08-26 10:18:30,670 - INFO: New OVS network bridge +2020-08-26 10:18:30,876 - INFO: Done +ok +test 005: Creating LAN bridge and attaching lan interface to the bridge \ +(__main__.UnittestSuite) ... +2020-08-26 10:18:30,908 - INFO: New OVS network bridge +2020-08-26 10:18:31,243 - INFO: Done +ok +test 006: Creating SFC(service function chaining) bridge (__main__.UnittestSuite) ... +2020-08-26 10:18:31,273 - INFO: New OVS network bridge +2020-08-26 10:18:31,416 - INFO: Done +ok +test 007: Onboarding 128T VNF (wizard API) (__main__.UnittestSuite) ... +2020-08-26 10:18:31,448 - INFO: Onboard wizard +2020-08-26 10:21:21,569 - INFO: Done +ok +test 008: Onboarding Fortigate VNF (wizard API) (__main__.UnittestSuite) ... +2020-08-26 10:21:21,608 - INFO: Onboard wizard +2020-08-26 10:21:27,199 - INFO: Done +ok +test 009: Instantiate 128T VNF (__main__.UnittestSuite) ... +2020-08-26 10:21:27,226 - INFO: Instantiate VNF +2020-08-26 10:22:27,067 - INFO: Done +ok +test 010: Instantiate Fortigate VNF (__main__.UnittestSuite) ... +2020-08-26 10:22:27,121 - INFO: Instantiate VNF +2020-08-26 10:22:31,310 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 10 tests in 301.989s + +OK + +> python unittestSuite.py -u admin -p admin -H 172.24.3.92 -n inteld1521-17 \ +-s 128t_FG_SFCCleanup.json -d "128T - Fortigate SFC Cleanup" + +Running 128T - Fortigate SFC Cleanup... + +test 001: Destroying Fortigate VNF (__main__.UnittestSuite) ... +2020-08-26 10:23:29,308 - INFO: Destroy VNF +2020-08-26 10:23:30,026 - INFO: Done +ok +test 002: Destroying 128T VNF (__main__.UnittestSuite) ... +2020-08-26 10:23:30,065 - INFO: Destroy VNF +2020-08-26 10:23:30,917 - INFO: Done +ok +test 003: Deleting network bridge SFC (__main__.UnittestSuite) ... +2020-08-26 10:23:30,960 - INFO: Delete OVS network bridge +2020-08-26 10:23:31,123 - INFO: Done +ok +test 004: Deleting network bridge LAN (__main__.UnittestSuite) ... +2020-08-26 10:23:31,156 - INFO: Delete OVS network bridge +2020-08-26 10:23:31,381 - INFO: Done +ok +test 005: Deleting VNF management bridge (__main__.UnittestSuite) ... +2020-08-26 10:23:31,412 - INFO: Delete OVS network bridge +2020-08-26 10:23:31,596 - INFO: Done +ok +test 006: Deleting ibm(In Band Management) bridge (__main__.UnittestSuite) ... +2020-08-26 10:23:31,621 - INFO: Delete OVS network bridge +2020-08-26 10:23:47,980 - INFO: Done +ok +test 007: Unbind LAN NIC from DPDK target (__main__.UnittestSuite) ... +2020-08-26 10:23:48,019 - INFO: Unbind NIC +2020-08-26 10:23:49,547 - INFO: Done +ok +test 008: Offboarding 128t VNF (__main__.UnittestSuite) ... +2020-08-26 10:23:49,575 - INFO: Offboard VNF +2020-08-26 10:23:50,252 - INFO: Done +ok +test 009: Offboarding Fortigate VNF (__main__.UnittestSuite) ... +2020-08-26 10:23:50,295 - INFO: Offboard VNF +2020-08-26 10:23:50,589 - INFO: Done +ok + +---------------------------------------------------------------------- +Ran 9 tests in 21.326s + +OK +
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/book.xml b/doc/book-enea-edge-example-usecases/doc/book.xml new file mode 100644 index 0000000..2ffbefe --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/book.xml @@ -0,0 +1,44 @@ + + +]> + + <trademark class="registered">Enea</trademark> Edge Example Use-cases + + Release Version + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/book-enea-edge-example-usecases/doc/clav_vnf_examples.xml b/doc/book-enea-edge-example-usecases/doc/clav_vnf_examples.xml new file mode 100644 index 0000000..8895c23 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/clav_vnf_examples.xml @@ -0,0 +1,396 @@ + + + Clavister VNF Example Use-cases + + The Clavister VNF is a telco-ready, carrier-grade virtual next + generation firewall. + +
+ Clavister VNF using an Open vSwitch Bridge + + In this use-case, uCPE device 1 runs the Clavister VNF, while uCPE + device 2 runs two Enea Test VNFs with iPerf client and server + applications. The uCPE devices are connected using OVS-DPDK + bridges. + +
+ Prerequisites + + Two uCPE devices will be required for this setup. The system + requirements for each uCPE device are: + + + + 1 Network Interface + + + + 2 GB of RAM memory + + + + The following files are needed for this example use-case: + + + + Enea Test VNF image. Please contact Enea to get this image. + + + + Clavister VNF image. Please contact Clavister to get this + image. + + + VNF Configuration files. These files are provided with your Enea + Edge release: + + + clavister-cloudinit.conf. + enea-vnf-iperf-client.conf. + enea-vnf-iperf-server.conf. + + + +
+ +
+ Use-case Setup + + In this use-case, uCPE device 1 runs the Clavister VNF, while uCPE + device 2 runs two Enea Test VNFs with iPerf client and server + applications. The uCPE devices are connected using OVS-DPDK + bridges. + +
+ Clavister VNF using an Open vSwitch bridge + + + + + + +
+ + + When connecting, the uCPE devices can use a back-to-back or a VPN connection. + An appropriate interface with the required capabilities needs to be chosen for + this purpose. + + + Network Configuration: + + + + Select uCPE device 1, access Configuration, + add the network interface that will be used and configure it for + DPDK. + + + + Create an OVS bridge and attach the DPDK network + interface. + + + + Repeat the steps above for uCPE device 2. + + + + Onboarding the VNFs: + + + + Onboard the Clavister VNF by filling the required fields with + the following values: + + + + VM Image File: Provide + the path to the Clavister VNF qcow2 image + + + + Memory in MB: 1024 + + + + Num of CPUs: 4 + + + + Storage in GB: 20 + + + + Interfaces: Add 2 + interfaces + + + + Cloud-init Datasource: + ConfigDrive + + + + Cloud-init Disk Type: + disk + + + + + + Onboard the Enea Test VNF by filling the required fields with + the following values: + + VM Image File: Provide + the path to the Enea Test VNF qcow2 image + + + + Memory in MB: + 2048 + + + + Num of CPUs: 2 + + + + Storage in GB: + 10 + + + + Interfaces: Add 1 + interface + + + + Cloud-init Datasource: + NoCloud + + + + Cloud-init Disk Type: + disk + + + + + + Instantiating the VNFs: + + + + Instantiate the Clavister VNF on uCPE device 1 using the + required fields below: + + + + Name: clavister + + + + VNF Type: Select + Clavister VNF + + + + uCPE Device: Select + uCPE device 1 + + + + Cloud Init File: + Provide the path to the Clavister cloud-init file. + + + + Interfaces: Set the + interface type to DPDK and select the OVS + bridge created above, for both interfaces. + + + + + + Instantiate the Enea iPerf server VNF on uCPE device 2 by + filling the required fields with the values below: + + + + Name: + iperf_server + + + + VNF Type: Select Enea + Test VNF + + + + uCPE Device: Select + uCPE device 2 + + + + Cloud Init File: + Provide the path to the Enea VNF IPerf server cloud-init + file. + + + + Interfaces: Set the + interface type to DPDK and select the OVS + bridge created above. + + + + + + Instantiate the Enea iPerf client VNF on uCPE device 2 by + filling the required fields with the values below: + + + + Name: + iperf_client + + + + VNF Type: Select Enea + Test VNF + + + + uCPE Device: Select + uCPE device 2 + + + + Cloud Init File: + Provide the path to the Enea VNF iPerf client cloud-init + file. + + + + Interfaces: Set the + interface type to DPDK and select the OVS + bridge created above. + + + + +
+ +
+ Testing the Use-case + + SSH to uCPE device 2 (Username: root) and connect to the IPerf + client VNF console: + + virsh list +virsh console <id of iperf client> + + In order to check that traffic is forwarded between the VNFs, run + the following: + + # qemux86-64 login: root +root@qemux86-64:~# iperf3 -c 192.168.10.10 +
+
+ +
+ Clavister VNF using SR-IOV + +
+ Prerequisites + + Two uCPE devices will be required for this setup. The system + requirements for each uCPE device are: + + + + 1 Network Interface + + + + 2 GB of RAM memory + + + + The following files are needed for this example use-case: + + + + Enea Test VNF image. Please contact Enea to get this image. + + + + Clavister VNF image. Please contact Clavister to get this + image. + + + VNF Configuration files. These files are provided with your Enea + Edge release: + + clavister-cloudinit.conf. + enea-vnf-iperf-client.conf. + enea-vnf-iperf-server.conf. + + + +
+ +
+ Use-case Setup + + The following use-case is essentially the same as the one detailed + above, in this scenario however, the uCPE devices are connected using + SR-IOV, with two virtual functions. + +
+ Clavister VNF using SR-IOV + + + + + + +
+ + Network Configuration: + + + + Select uCPE device 1, access Configuration, + add the network interface that will be used and configure it for + SR-IOV. For sriov-mode select adapter-pool and for + sriov-num-vfs select "2". + + + + Repeat the step above for uCPE device 2. + + + + Onboarding the VNFs: + + See the onboarding parameters in the use-case above. + + Instantiating the VNFs: + + Use the same instantiation parameters as above, but select + interface type SrIovAdapterPool instead. +
+ +
+ Testing the Use-case + + Use the same test instructions as detailed in the use-case + above. +
+
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/enea_test_vnf_examples.xml b/doc/book-enea-edge-example-usecases/doc/enea_test_vnf_examples.xml new file mode 100644 index 0000000..bee5a63 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/enea_test_vnf_examples.xml @@ -0,0 +1,308 @@ + + + Enea Test VNF Example Use-cases + + The Enea Test VNF is a simple Enea Linux based VM, which can be used + for various testing purposes, by using basic DPDK applications (e.g. + testpmd) as well as non-DPDK tools (e.g. iPerf3). For more information about + the Testpmd application please see the Testpmd Application User + Guide. + +
+ Prerequisites + + Two uCPE devices will be required for this setup. The system + requirements for each uCPE device are: + + + + 2 Network Interfaces. One for Enea Edge Management and one for data + traffic. + + + + 2 GB of RAM memory + + + + The following files are needed for this example use case: + + + + VNF image: Enea Test VNF. Please contact Enea to get this + image. + + + VNF Configuration files. These files are provided with your Enea + Edge release: + + + enea-vnf-testpmd-fwd.conf. + + + + enea-vnf-testpmd-term.conf. + + +
+ +
+ TestPMD VNF + + In this use-case, uCPE device 1 runs the pktgen DPDK application to + generate traffic and uCPE device 2 runs two Enea Test VNFs. One VNF runs + the TestPMD DPDK application forwarding traffic, and the other runs the + TestPMD in order to terminate traffic. + +
+ TestPMD VNF Overview + + + + + + +
+ +
+ Use-case Setup + + Network Configuration: + + + + Select uCPE device 1, access Configuration, + add the network interface that will be used and configure it for + DPDK. Note the PCI address of the interface, it will be used later + to run the pktgen application. + + + + Select uCPE device 2, access Configuration, + add the network interface that will be used and configure it for + DPDK. + + + + Create an OVS bridge on uCPE device 2 and attach the DPDK + interface. + + + + Onboarding the VNF: + + Onboard the Enea Test VNF by filling the required fields with the + following values: + + + + VM Image File: Provide the + path to the Enea Test VNF qcow2 image. + + + + Memory in MB: 2048 + + + + Num of CPUs: 2 + + + + Storage in GB: 10 + + + + Interfaces: Add 1 + interface. + + + + Cloud-init Datasource: + NoCloud + + + + Cloud-init Disk Type: + disk + + + + Instantiating the VNFs: + + + + Instantiate the Enea Edge TestPMD forwarding VNF on uCPE + Device 2 by filling the required fields with the following + values: + + + + Name: testpmd_fwd + + + + VNF Type: Select Enea + Test VNF. + + + + uCPE Device: Select uCPE + device 2. + + + + Cloud Init File: Provide + the path to the Enea VNF TestPMD forwarding cloud-init + file. + + + + Interfaces: Set the + interface type to DPDK and select the OVS + bridge created above. + + + + + + Instantiate the Enea Edge TestPMD termination VNF on + uCPE Device 2 by filling the required fields with the following + values: + + + + Name: testpmd_term + + + + VNF Type: Select Enea + Test VNF. + + + + uCPE Device: Select uCPE + device 2. + + + + Cloud Init File: Provide + the path to the Enea VNF TestPMD termination cloud-init + file. + + + + Interfaces: Set the + interface type to DPDK and select the OVS + bridge created above. + + + + + + Creating OVS flow rules: + + Select uCPE device 2, access Configuration, + open the OVS bridge and add two flow rules: + + + + Source: DPDK interface, Target: + testpmd_fwd. + + + + Source: testpmd_fwd, Target: + testpmd_term. + + + The flow rules can be described using either the Enea Edge + Management interface or the configuration files. + + + +
+ +
+ Testing the Use-case + + + + SSH to uCPE device 1 (Username: root) and start the pktgen + application: + + cd /usr/share/apps/pktgen/ +./pktgen -c 0x7 -n 4 --proc-type auto --socket-mem 256 -w 0000:01:00.0 -- \ + -P -m "[1:2].0" + +Pktgen:/> start 0 + + + Replace 0000:01:00.0 with the actual PCI address of the + network interface used on uCPE device 1. + + + + + SSH to uCPE device 2 and connect to the TestPMD forwarding VNF + console: + + virsh list +virsh console <id of testpmd fwd> + + + + Check the TestPMD traffic forwarding statistics: + + # qemux86-64 login: root +tail -f /var/log/testpmd-out + + +
+ +
+ TestPMD VNF using PCI passthrough + + In this use case, uCPE device 1 will run the Pktgen and uCPE + device 2 will run the TestPMD VNF. Both will be using PCI + passthrough: + + + + Make sure that neither uCPE device 1 nor uCPE device 2 have + any configured host interfaces by selcting uCPE device : + Configuration -> + OpenVSwitch -> Host + Interfaces. + + + + On uCPE device 1 start the Pktgen VNF. Select + PciPassthrough as the Interface type. + + From the drop-down list, select the PCI interface + corresponding to the NIC which is connected to uCPE device 2: + + + + On uCPE device 2, start the TestPmdForwarder VNF. Select + "PciPassthrough" as the Interface type. From the drop-down list, + select the PCI interface corresponding to the NIC which is connected + to uCPE device 1: + + + + To check that traffic is being forwarded from uCPE device 2, + SSH to the uCPE device and connect to the VNFs console: + + Right click on uCPE device 2 and select SSH. +Run: virsh list +Run: virsh console [VM NAME] +Run: tail -f /opt/testpmd-out + + +
+
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/forti_vnf_examples.xml b/doc/book-enea-edge-example-usecases/doc/forti_vnf_examples.xml new file mode 100644 index 0000000..bb38140 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/forti_vnf_examples.xml @@ -0,0 +1,627 @@ + + + FortiGate VNF Example Use-cases + + FortiGate virtual appliances feature all of the security and + networking services common to traditional hardware-based FortiGate + appliances. The virtual appliances can be integrated in Firewall or SD-WAN + solution development. + +
+ FortiGate VNF as a Firewall + + Enea provides an example of a simple basic firewall configuration + for the FortiGate VNF. FortiGate In-Band Management is a feature used for + running FortiGate Management traffic over WAN. + + Instructions on how to alter the default configuration are provided + in section FortiGate VNF Web Management in the + + Manual. + +
+ Prerequisites + + System requirements for the uCPE device: + + + + 4 x Network Interfaces + + + + 4 cores + + + + 4 GB of RAM memory + + + + The following file(s) are needed for this example use-case: + + + + FortiGate VNF image. Please contact Fortinet to get a VNF + image and its license file. + + + + VNF Configuration file(s), provided with your Enea Edge + release: fortigate-basic-fw.conf. + + +
+ +
+ Use-case Setup + +
+ Fortigate VNF as a Firewall + + + + + + +
+ + Network Configuration: + + Since the firewall uses three External Network Interfaces, three + bridges need to be configured. Each bridge provides the ability to + connect a physical network interface to the virtual network interface of + a VM. + + Setup of the uCPE device: + + + + Connect WAN to the Lab Network. + + + + Connect LAN1 to the Test Machine. + + + + Leave LAN2 unconnected. + + + + Connect ETH0 to the Lab Network (for Enea Edge Management + communications). + + + + Select the uCPE device, access + Configuration and bind the three physical network + interfaces to DPDK. + + + + Create three OVS bridges, one for each DPDK network interface + (WAN, LAN1 and LAN2). + + Alternatively, the firewall can be setup to use bridges as + connection points for the FortiGate VNF, by replacing the OVS-DPDK + bridges with SR-IOV connection points. + + Please note that while previously three physical interfaces + were presumed necessary for VNF connection, in the case of a + firewall setup only two physical interfaces are required for the + data path (one for WAN and one for LAN). Only two interfaces will be + configured as DPDK, with two bridges created, one for each type of + connection. + + + At VNF instantiation instead of assigning distinct bridges + for each LAN interface, only one will be used for both LAN1 and + LAN2, with no changes in WAN interface configuration. + + + + + Onboarding the VNF: + + Onboard the FortiGate VNF by filling the required fields with the + following values: + + + + VM Image File: Provide the + path to the FortiGate VNF qcow2 image. + + + + Memory in MB: 1024 + + + + Num of CPUs: 1 + + + + Storage in GB: 20 + + + + Interfaces: Add 3 interfaces + (wan, lan1 and lan2). + + + + Cloud-init Datasource: + ConfigDrive + + + + Cloud-init Disk Type: + cdrom + + + + Cloud-init content file: Add + a file entry where Path: license. + + + + Instantiating the VNF: + + Instantiate the FortiGate VNF by filling the required fields with + the following values: + + + + Name: Name of the VM which + will be created on the uCPE device. + + + + VNF Type: Name of the + onboarded VNF. + + + + uCPE Device: Select the uCPE + device where the VNF will be instantiated. + + + + License file: The FortiGate + license file provided by Fortinet. + + + + Configuration file: The + Firewall example configuration file provided by Enea + (fortigate-basic-fw.conf). + + + + Port1 - WAN: Set the + External Interface type to + DPDK and connect it to the + wan_br ovs bridge. + + + + Port2 - LAN1: Set the + Incoming Interface type to + DPDK and connect it to the + lan1_br ovs bridge. + + + + Port3 - LAN2: Set the + Outgoing Interface type to + DPDK and connect it to the + lan2_br ovs bridge. + + + The names of the ports used during instantiation need to be + the same as the ones described above, as the same names will be + used in the configuration files provided for this example + use-case. + + + +
+ +
+ Testing the Use-case + + Connect the Test Machine on the LAN interface and access the + internet from the Test Machine to use the firewall on the uCPE + device. + + + The connected Test Machine can be a laptop or a uCPE device. It + must have one interface configured to get a dynamic IP from a DHCP + server. The dhclient <interface> command can + be used to request an IP address. The received IP must be in the + 172.16.1.2 - 172.16.1.255 range. + + + The FortiGate VNF management interface is accessible through the + WAN interface. The WAN IP address can be used from a web browser on the + Lab Machine to access the FortiGate VNF Management Web UI. See section + FortiGate VNF web management in the + + Manual for more information. +
+
+ +
+ FortiGate VNF as an SD-WAN or a VPN + + SD-WAN decouples the network from the management plane, detaching + traffic management and monitoring functions from hardware. Most forms of + SD-WAN technology create a virtual overlay that is transport-agnostic, + i.e. it abstracts underlying private or public WAN connections. + + For deployment, the user plugs in WAN links into the device, which + automatically configures itself with the network. + + Example SD-WAN configurations for the FortiGate VNF are provided by + Enea. + +
+ Prerequisites + + Two uCPE devices will be needed for this setup. The system + requirements for each uCPE device are: + + + + 4 x Network Interfaces + + + + 4 cores + + + + 4 GB of RAM memory + + + + The following files are needed for this example use-case: + + + + FortiGate VNF image. Please contact Fortinet to get a VNF + image and its license file. + + + + VNF Configuration file(s), provided with your Enea Edge + release: fortigate-sdwan<x>.conf. + + +
+ +
+ Use-case Setup + +
+ Fortigate VNF as an SD-WAN or a VPN + + + + + + +
+ + + When connecting, the uCPE devices can use a back-to-back or a + VPN connection. An appropriate interface with the required + capabilities needs to be chosen for this purpose. + + + Network Configuration: + + Since the SD-WAN VNF uses three External Network Interfaces, three + bridges need to be configured. Each bridge provides the ability to + connect a physical network interface to the VM's virtual network + interface. + + Each VNF instance will have a virtual interface for VNF + management, for the WAN network and for LAN communication. + + Setup of an Intel Whitebox uCPE + device: + + + + Connect the VNF Management interfaces to + the Lab Network for VNF management access. + + + + Connect the WAN interfaces back to back or + via VPN. + + + + Connect the LAN interfaces to the Test + Machine. + + + + Connect the ETH0 interfaces to the Lab + Network (for Enea Edge Management communications). + + + + Select uCPE Device 1, access Configuration + and bind the three physical network interfaces to the DPDK. + + + + Create three OVS bridges, one for each DPDK network interface + (VNF management, WAN and LAN). + + + + Repeat the steps above for uCPE device 2. + + + + Onboarding the VNF: + + Onboard the FortiGate VNF by filling the required fields with the + following values: + + + + VM Image File: Provide the + path to the FortiGate VNF qcow2 image. + + + + Memory in MB: 1024 + + + + Num of CPUs: 1 + + + + Storage in GB: 20 + + + + Interfaces: Add 3 interfaces + in the same order as listed below: + + + + vnfmgr: to connect it to + the vnfmgmt_br bridge. + + + + wan: to connect it to the + wan_br bridge. + + + + lan: to connect it to the + lan_br bridge. + + + + + + Cloud-init Datasource: + ConfigDrive + + + + Cloud-init Disk Type: + cdrom + + + + Cloud-init content file: Add + a file entry where Path: license. + + + + + The order of the interfaces that need to be added must be + exactly as listed above or else onboarding and in turn instantiation + will fail. + + + Instantiating the FortiGate + VNF: + + Instantiate the FortiGate VNF by filling the required fields with + the following values: + + + + Name: Name of the VM which + will be created on the uCPE device. + + + + VNF Type: Name of the + onboarded VNF. + + + + uCPE Device: Select the uCPE + device where the VNF will be instantiated. + + + + License file: The FortiGate + license file provided by Fortinet. + + + + Configuration file: The + SD-WAN example configuration files provided by Enea: + fortigate-sdwan1.conf for the FortiGate VNF on + uCPE device 1 and fortigate-sdwan2.conf for the + FortiGate VNF on uCPE device 2. + + + + Port1 - VNF Mgr: Set the type + to DPDK and connect it to the + vnfmgmt_br bridge. + + + + Port2 - WAN: Set the type to + DPDK and connect it to the + wan_br bridge. + + + + Port3 - LAN: Set the type to + DPDK and connect it to the + lan_br bridge. + + + + Instantiate the FortiGate VNF on uCPE device 1 using the + sdwan1 example configuration file. + + To complete the branch-to-branch setup, configure uCPE + device 2 in the same way as uCPE device + 1. + + + The names of the ports used during instantiation need to be the + same as the ones described above, as the same names will be used in + the configuration files provided for this example use-case. + +
+ +
+ Testing the Use-case + + Once the full SD-WAN setup is in place a VPN connection needs to + be established between the two uCPE devices. The Test Machines can be + connected to the LAN interface on each uCPE device. + + + The connected Test Machine can be a laptop or a uCPE device that + has one interface configured to get a dynamic IP from a DHCP server. + The dhclient <interface> command can be used + to request an IP address.The received IP must be in the 172.16.1.2 - + 172.16.1.255 range for Test Machine-1 and in the 172.16.2.2 - + 172.16.2.255 range for Test Machine-2. + + + The Test Machine connected to uCPE device 1 + should be able to ping the Test Machine connected to uCPE + device 2 in this setup, over the WAN connection. The FortiGate + VNF management interface can be accessed from a web browser on the Lab + Machine. For more details please see FortiGate VNF Web Management, . + + + In this SD-WAN VPN setup example, bridges were used as + connection points for the FortiGate VNF. It is possible to replace + OVS-DPDK bridges with SR-IOV connection points. + +
+
+ +
+ FortiGate VNF Web Management + + In order to check the IP address assigned to the FortiGate VNF you + need to connect to the FortiGate CLI. + + + + SSH to the uCPE Device (Username: root) and connect to the + FortiGate VNF console: + + virsh list +virsh console <id of FortiGate VNF> + + + + To access the FortiGate CLI, use admin as the + user, leaving the password blank/empty, and press enter. + + Use the CLI command get system interface to + get the dynamic interfaces configuration. + + + + Use the IP address assigned for the management interface in the + web browser (https://<IP>), to access the + FortiGate VNF Web Management Interface. Use the same credentials as + before to login. + + + + Browse through the configuration and perform changes according + to your setup: + +
+ The FortiGate VNF Web Management Interface + + + + + + +
+ + + + Optionally, alter the default FortiGate example configuration + provided by Enea, through the following steps: + + + + Deploy the FortiGate Firewall in its default + settings. + + Maybe more info about how to do it should be added + here. + + + + Connect to the FortiGate VNF Web Management interface with a + web browser. + + + + Modify the FortiGate configuration in the FortiGate VNF Web + Management as needed. + + + + Store the updated configuration in a file, so it may be used + at the next FortiGate VNF instantiation. + + + + +
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/images/fortinet_interface.png b/doc/book-enea-edge-example-usecases/doc/images/fortinet_interface.png new file mode 100755 index 0000000..9452264 Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/fortinet_interface.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/trgt.png b/doc/book-enea-edge-example-usecases/doc/images/trgt.png new file mode 100644 index 0000000..2977524 Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/trgt.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/trgt.svg b/doc/book-enea-edge-example-usecases/doc/images/trgt.svg new file mode 100755 index 0000000..86f4d12 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/trgt.svg @@ -0,0 +1,1231 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + uCPE Device + + + + + Internet + + + + Enea Edge Management + + + + Web Interface (128T) https://<IP>:60001 + + + + ibm_br + + + + + lan_br + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Test Machine + + + + + + + vnf_mgmt_br + + + + + + + 128T + + + + LAN + WAN + MGMT + + + + + + .1 + .2 + .1 + .2 + 192.168.64.0/24 + 10.0.0.0/24 + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.png b/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.png new file mode 100644 index 0000000..7cb5af0 Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.svg b/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.svg new file mode 100755 index 0000000..4bd6d85 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/trgt_servicechain.svg @@ -0,0 +1,1402 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + uCPE Device + + + + Internet + + + Enea Edge Management + + + + + + ibm_br + + + + lsfc_br + + + + 128T + + LAN + WAN + MGMT + + + + + .2 + .1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Test Machine + + .2 + + 192.168.64.0/24 + + + + vnf_mgmt_br + + .1 + 10.0.0.0/24 + + + + lan_br + + + + Fortigate + + + LAN + WAN + MGMT + + .3 + .1 + 172.16.1.0/24 + .2 + + + + + + + + Web Interface(128T) https://<IP>:60001(Fortigate) https://<IP>:60002 + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.png b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.png new file mode 100644 index 0000000..97492ca Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.svg new file mode 100755 index 0000000..2890881 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_bridge.svg @@ -0,0 +1,966 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Legend: - Connection via cloud/internet:- VPN/Back to Back (BTB):- Flow rules: + + + + + + + + + + + + + Enea Edge Management + + + + + + + + + + Internet + + + + + + + + + + + + + + uCPE Device 2 + + + Iperf client + + + Iperf server + + + + + 192.168.20.20 + 192.168.10.10 + + + + bridge + + dpdk + + + + + + + + + + + + uCPE Device 1 + + + + + + + + Clavister + 192.168.10.1 + 192.168.20.1 + + + + bridge + + dpdk + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.png b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.png new file mode 100644 index 0000000..2c9ae6b Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.svg new file mode 100755 index 0000000..a33c619 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_clavister_sriov.svg @@ -0,0 +1,1152 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + Legend: - Connection via cloud/internet:- VPN/Back to Back (BTB):- Flow rules: + + + + + + + + + + + + + Internet + + + + + + + + + Enea Edge Management + + + + + + + + + + + + + uCPE Device2 + + + + + + + + + + + Iperf server + 192.168.10.10 + + + + + + SR-IOV + + Iperf client + 192.168.20.20 + + + + uCPE Device1 + + + SR-IOV + + + + + + + + + + + Clavister + 192.168.10.1 + 192.168.20.1 + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.png b/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.png new file mode 100644 index 0000000..be97bc0 Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.svg new file mode 100755 index 0000000..fc71729 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_enea_test_vnf.svg @@ -0,0 +1,1002 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + Enea Edge Management + + + + + + + + + + + + + Internet + + + BTB + + + + uCPE Device 1 + + + + + + + pktgen_dpdk + + + + + + + + + + + + + uCPE Device 2 + + + testpmd_fwd + + + testpmd_term + + + + + + + + + + bridge + dpdk + + + + + + + + + Legend: - Connection via cloud/internet:- Back to Back: BTB- Flow rules: + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.png b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.png new file mode 100644 index 0000000..f8ae39a Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.svg new file mode 100755 index 0000000..160c8b0 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_fw.svg @@ -0,0 +1,940 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + Test Machine + + + + + + + + + dpdk + + + wan_br + + + + + dpdk + + + lan1_br + + + + + dpdk + + + lan2_br + + + + Fortigate + + + uCPE Device + + + + + + + + Legend: - Connection via cloud/internet: + + + + + + + + + + Test + + + + + + + + Internet + + + + Enea Edge Management + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.png b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.png new file mode 100644 index 0000000..b71b02e Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.svg new file mode 100755 index 0000000..3de54dd --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_fortigate_sdwan.svg @@ -0,0 +1,1449 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Internet + + + + Enea Edge Management + + + + + uCPE Device 2 + + + + + + + + + + + + + + + + + + + + vnfmgmt_br + + dpdk + + + + Fortigate + + + + + wan_br + dpdk + + + dpdk + + + lan_br + + + + + + + + + + + + + Test Machine + + + + + + + Test Machine + + + + + + + + + + + + uCPE Device 1 + + + + + + + + + + wan_br + + dpdk + + + + + lan_br + + dpdk + + + + + + vnfmgmt_br + + dpdk + + Fortigate + + + + + + + + Legend: - Connection via cloud/internet:- VPN/BTB: + + + + + + + + diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.png b/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.png new file mode 100644 index 0000000..6aaf4c0 Binary files /dev/null and b/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.png differ diff --git a/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.svg b/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.svg new file mode 100755 index 0000000..2bb15af --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/images/uc_vnf_chaining.svg @@ -0,0 +1,1186 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + sfc_br + + + + + + + Fortigate + + lan + wan + + + + LAN2 + + dpdk + + lan_br + + Juniper + lan + wan + + dpdk + + + wan_br + + + uCPE Device 2 + + + + + + + + + + + sfc_br + + + + Juniper + wan + lan + + dpdk + + wan_br + + + Fortigate + wan + lan + + dpdk + + + lan_br + + + uCPE Device 1 + + + LAN1 + + + + + + + Legend: - Connection via cloud/internet:- VPN/BTB: + + + + + + + + + + + + + + + + + + + + + + + + + + + Internet + + + + Enea Edge Management + + + diff --git a/doc/book-enea-edge-example-usecases/doc/introduction.xml b/doc/book-enea-edge-example-usecases/doc/introduction.xml new file mode 100644 index 0000000..b502e8b --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/introduction.xml @@ -0,0 +1,27 @@ + + + Introduction + + This document describes several example use-cases concerning uCPE + configuration, onboarding and instantiation of certain VNFs, VNF chaining, + etc. + + Before running any example use case make sure the uCPE device(s) have + been added to Enea Edge Management and placed on the map. For detailed + information on how to add a device to Enea Edge Management, how to configure the + network interfaces to use DPDK, PCI-passthrough or SR-IOV drivers, or VNF + configuration, please refer to the Manual. + + + Examples presented in this document use 3rd-party VNFs, which are + not provided by Enea. To procure and use these VNF image files and license + files, please contact the VNF provider. + + Request the VNF prerequisites from the VNF vendors, or alternatively + obtain the prerequisites based on instructions from each VNF vendor + respectively. + + \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/service_chaining_128t_fortigate.xml b/doc/book-enea-edge-example-usecases/doc/service_chaining_128t_fortigate.xml new file mode 100644 index 0000000..bb05905 --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/service_chaining_128t_fortigate.xml @@ -0,0 +1,1064 @@ + + + Service Chaining 128T - Fortigate Example Use-case + + The following is an example of how to setup and configure a service + chain on top of the Enea Edge Runtime, using the + following commercial VNFs: 128T router and FortiGate. + +
+ Prerequisites + + The 128T router and the Fortinet firewall in a service chain require + the following prequisites for this example use case: + + + + 1 in band management port for device management. + + + + 1 in band management port for the 128T router. + + + + 1 in band management port for Fortinet. + + + + 1 WAN interface for Fortinet. + + + + 1 LAN facing interface for Fortinet. + + + + 1 WAN facing interface for the 128T router. + + + + 1 service chain (SFC Bridged interface) to sit between the + Firewall and vRouter. + + + + The following files are needed for this example use-case: + + + + FortiGate VNF image. Please contact Fortinet to get a VNF image + and its license file. + + + + 128T router VNF image. Please contact 128 Technology to get a + VNF image and its license file. + + + + Cloud-init iso image. + + + + + To procure the VNF image files and their licenses, please contact + each respective VNF provider. + +
+ +
+ Service Chaining 128T - Fortigate + +
+ Service Chaining 128T - Fortigate Setup Overview + + + + + + +
+ +
+ Use-case Setup + + Configuring Network Interfaces on uCPE + devices: + + Add the trgt uCPE device into Enea Edge Management: + Devices -> Manage -> Add, and fill in the + required fields with the following data: + + + Device Details + + + + + + + + + + + Field + + Value + + + + + + Type + + Enea universal CPE + + + + Release + + 2.2.2 + + + + Name + + trgt + + + + IP/DNS Address + + <unspecified> + + + + Description + + Target 1 + + + + SSH Port + + 830 + + + + SSH User Name + + root + + + + Password + + null + + + + Device ID + + Also configured during installation of the device + (E.g.: Target-15). + + + + OK + + Green status indicates connection with uCPE device + was established. + + + +
+ + + + In order to add the device on the map: Right-Click on + Map -> Place Device -> trgt. + + + + Configure the infrastructure for the 128T and Fortigate VNFs + in the service chain by creating four OVS bridges and a host + interface. + + Add the Host Interface by selecting the trgt device, then + Configuration -> External Interfaces -> + Configuration -> Add, and fill in the required fields + with the following data: + + + Host Interface Details + + + + + + + + + + + Field + + Value + + + + + + Source + + enp4s0f1. The only interface + available for LAN connection. + + + + networking-type + + dpdk + + + + dpdk-type + + vfio-pci + + + + Create + + <interface enp4s0f1 ready to be used in a LAN + bridge.> + + + +
+ + Add the OVS bridges by selecting the trgt device then: + Configuration -> OpenVSwitch -> Bridges -> + Add. Fill in the required fields for each bridge with + the following data from each table: + + + ibm_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + ibm_br + + + + ovs-bridge-type + + inbandMgmt + + + + Create + + + + + +
+ + + + + vnf_mgmt_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + vnf_mgmt_br + + + + ovs-bridge-type + + vnfMgmt + + + + vnf-mgmt-address + + 10.0.0.1 + + + + Create + + + + + +
+ + + lan_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + lan_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + communication + + + + + + + Name: enp4s0f1 OK + + + + Create + + + + + +
+ + + sfc_br Bridge Details + + + + + + + + + + + Field + + Value + + + + + + id + + <autogenerated - do not change> + + + + Name + + sfc_br + + + + ovs-bridge-type + + dataPlane + + + + sub-type + + integration + + + + Create + + + + + +
+ + + + Onboarding the VNFs: + + Onboard the 128T VNF VM Image through VNF -> + Descriptors -> On-board, and fill in the required fields + with the following values: + + + 128T VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + centos_128t_with_ci.qcow2 + + + + Image format + + QCOW2 + + + + VNF Type Name + + 128T + + + + Description + + 128T Router + + + + Version + + 1.0 + + + + Memory in MB + + 8192. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 2. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ISO + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.2 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60001 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed to another type of access. + Please consult official 128T documentation and make sure the 128T + VNF is configured to accept another type of connection before + changing the port number. + + + + externalMgmtPort(60001) represents the + external port on which the user can access the VNF management + interface from the web browser via HTTPS. The user can select + another port if needed. There are no other changes required or + components affected by this change. + + + + vnfMgmtIpAddress (10.0.0.2) represents + the IP address of the management interface of the 128T VNF. + Changing this value requires an update to the 128T configuration + to match the new IP address. + + + + + Onboard the Fortigate VNF VM Image through VNF -> + Descriptors -> On-board, and fill in the required fields + with the following values: + + + Fortigate VM Image Details + + + + + + + + + + + Field + + Value + + + + + + VM image file + + fortios.qcow2. Please make sure to + contact Fortinet for an official FortiGate KVM image. + + + + Image format + + QCOW2 + + + + VNF Type Name + + Fortigate + + + + Description + + Fortigate VNF + + + + Version + + 1.0 + + + + Memory in MB + + 1024. More memory can be allocated if required + (<28672). + + + + Num. of CPUs + + 1. More CPUs can be reserved if required + (<15). + + + + Interfaces -> + + + Name: mgmt + + + + Interfaces -> + + + Name: wan + + + + Interfaces -> + + + Name: lan + + + + Cloud Init -> Cloud-Init Datasource + + ConfigDrive + + + + Cloud Init -> Cloud-Init Disk Type + + cdrom + + + + Cloud Init -> + + + Path: license + + + + Properties -> + + + Name: vnfMgmtIpAddress. Value: 10.0.0.3 + + + + Properties -> + + + Name: internalMgmtPort. Value: 443 + + + + Properties -> + + + Name: externalMgmtPort. Value: 60002 + + + + Onboard + + <Wait for message: VNF package onboarded + successfully> + + + + Close + + + + + +
+ + + + + HTTPS access (443) can be changed to another type of access. + Please consult official Fortigate documentation and make sure the + Fortigate VNF is configured to accept another type of connection + before changing the port number. + + + + externalMgmtPort (60002) represents the + external port on which the user can access the VNF management + interface from the web browser via HTTPS. The user can select + another port if needed. There are no other changes required or + components affected by this change. + + + + vnfMgmtIpAddress (10.0.0.3) represents + the IP address of the management interface of the Fortigate VNF. + Changing this value requires an update to the Fortigate + configuration to match with new IP address. + + + + + Instantiating the VNFs: + + Instantiate the 128T VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + 128T VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + 128T_trgt_1 + + + + VNF Type + + 128T + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + centos_128t_internet_ci.iso. + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: ibm_br + + + + lan (dpdk) + + Bridge: sfc_br + + + + Create + + + + + +
+ + + To procure the VNF image files and their licenses, please + contact each respective VNF provider. + + + Instantiate the Fortigate VNF by selecting the trgt device, then + VNF -> Instances -> Add. + + Fill in the required fields with the following values: + + + Fortigate VNF Instantiation + + + + + + + + + + + Field + + Value + + + + + + Name + + fg_trgt_1 + + + + VNF Type + + Fortigate + + + + VNFD Version + + 1.0 + + + + Flavour + + Canonical + + + + uCPE Device + + trgt + + + + Cloud Init File + + fg_cust_basic_fw.conf + + + + License File + + The FortiGate license file provided by Fortinet. + + + + Domain Update Script + + + + + + Interfaces + + + + + + ID + + IF Name + + + + mgmt (dpdk) + + Bridge: vnf_mgmt_br + + + + wan (dpdk) + + Bridge: sfc_br + + + + lan (dpdk) + + Bridge: lan_br + + + + Create + + + + + +
+
+ +
+ Testing the Use-case + + In order to access the web interfaces of the 128T VNF, open a + browser on a machine connected on the same network with the WAN port of + the target and connect to: + https://<publicIP>:60001 using the username: + admin and the password: 128Tadmin. + + In order to access the web interfaces of the Fortigate VNF, open a + browser on a machine connected on the same network with the WAN port of + the target and connect to: + https://<publicIP>:60002 using the username: + admin, and leaving the password blank. + + + Make sure the WAN interface of the trgt device has access to the + internet. The Fortigate VNF requires internet access to validate the + license. + + + In order to validate the data path connect a test machine to the + LAN physical port and check for a dynamic IP (the Fortigate LAN + interface is configured with a DHCP server):> dhclient eth1 +> ping 8.8.8.8For data path validation, a new cloud-init + image may need to be generated for the 128T VNF to match your network + configuration. +
+ +
+ Use-case Clean-up + + In order to remove the setup created in previously, all components + need to be deleted in reverse order: + + + + Select the trgt uCPE device -> VNF -> Instances. Select + the 128T and Fortigate VNFs -> Delete. + + + + Select the trgt uCPE device -> Configuration -> + OpenVSwitch -> Bridges. Select all bridges -> Delete. + + + + Select the trgt uCPE device -> Configuration -> External + Interfaces -> Configuration. Select all interfaces -> + Delete. + + + + VNF -> Descriptors. Select all bundles -> + Offboard. + + +
+
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/doc/vnf_chaining.xml b/doc/book-enea-edge-example-usecases/doc/vnf_chaining.xml new file mode 100644 index 0000000..24442af --- /dev/null +++ b/doc/book-enea-edge-example-usecases/doc/vnf_chaining.xml @@ -0,0 +1,407 @@ + + + VNF Chaining Example Use-case + + The term service chaining or service function chaining (SFC) is used + to describe the definition and instantiation of an ordered list of instances + of such service functions and the subsequent "steering" of traffic flows + through those service functions. The set of enabled service function chains + reflects operator service offerings and is designed in conjunction with + application delivery and service and network policy. + + The following is an example of how to setup and configure a + branch-to-branch service comprised on two commercial VNFs (SD-WAN + + Firewall). This service will run in a service chain on top of the Enea + Edge Runtime, deployed through the Enea Edge + Management. + + In the example setup the following commercial VNFs are used: Juniper + vSRX as the SD-WAN VNF and Fortigate as the Router/Firewall. + +
+ VNF Chaining with FortiGate + +
+ Prerequisites + + Two uCPE devices will be needed for this setup. The system + requirements for each uCPE device are: + + + + 4 x Network Interfaces + + + + 4 GB of RAM memory + + + + + On each uCPE device, 3 interfaces need to be DPDK compliant and + one of these needs to be connected back-to-back to the other uCPE + device. This link simulates a WAN/uplink connection. Optionally, one + additional device (PC/laptop) can be connected on the LAN port of each + branch to run LAN-to-LAN connectivity tests. + + + The following files are needed for this example use-case: + + + + Fortigate VNF image file. + + + + Juniper vSRX VNF image file. + + + + vSRX-Site<x>.iso Cloud-init files. + + + + VNF Configuration files, provided with your Enea Edge + Release: + + + + vSRX-domain-update-script. + + + + FortiFW-Site<x>.conf. + + + + + + + To procure the VNF image files and their licenses, please + contact each respective VNF provider. To create the + vSRX-Site<x>.iso file, please follow the documentation provided + by Juniper. + +
+ +
+ Use-case Setup + +
+ VNF Chaining with Fortigate + + + + + + +
+ + No info about vnf_mgmt_br? + + Network Configuration: + + Both branches in the example have similar setups, therefore + necessary step details are presented for only one branch. The second + branch shall be configured in the same way, adapting as needed the + corresponding VNFs configuration files. + + + + Assign three physical interfaces to the DPDK (one for + management, one WAN and one for LAN). In the example, one of these + interfaces gets an IP through DHCP and it will be used exclusively + for the management plane. + + + + Create the following OVS-DPDK bridges: + + + + vnf_mgmt_br. Used by VNF management + ports. + + + + wan_br. Used by the service uplink + connection. In our case, Juniper vSRX will have its WAN virtual + interface in this bridge. + + + + sfc_br. Used for creating the service + chain. Each VNF will have a virtual interface in this + bridge. + + + + lan_br. Used for the LAN interface of + the Fortigate FW. + + + + + + Add corresponding DPDK ports (see Step 1) to the management, + WAN and LAN bridges (sfc_br does not have a + physical port attached to it). + + + The networking setup (Steps 1-3) can be modeled using the + Offline Configuration entry, so that it is automatically + provisioned on the uCPE device, once it gets enrolled into the + management system (Enea Edge Management). + + + + + Onboarding the VNFs: + + + + Onboard Juniper vSRX using the VNF by filling the required + fields with the following values: + + + + The Flavor selected must have at least 2 vCPUs and 4 GB + RAM since vSRX is quite resource consuming. + + Tested in-house with 4 vCPUs/ 6 GB RAM. + + + + Add three virtual interfaces: management, WAN and + LAN. + + + + Select ISO as the Cloud-Init Datasource + in the Cloud-Init tab. + + + + Select cdrom as the Cloud-Init Disk + Type in the Cloud-Init tab. + + + + + + Onboard Fortigate FW using the VNF Onboarding Wizard: + + + + The Flavor selected can be quite light in resource + consumption, e.g. 1 CPU and 1 GB RAM. + + + + Add three virtual interfaces: management, WAN and + LAN. + + + + Select ConfigDrive as the Cloud-Init + Datasource in the Cloud-Init tab. + + + + Select cdrom as the Cloud-Init Disk + Type in the Cloud-Init tab. + + + + In the Cloud-init content files field add an entry where + Path: license. + + + + + + Instantiating the VNFs: + + + + Create the vSRX instance: + + + + Use vSRX-Site1.iso as the Cloud-Init + file. + + + + The Domain Update Script field can be + left empty for the Atom C3000 architecture, while for XeonD the + vSRX-domain-update-script file will be + used. + + + + Add virtual interfaces: + + + + Management interface added to + vnf_mgmt_br. + + + + WAN interface added to + wan_br. + + + + LAN interface added to + sfc_br. + + + + + + + The login/password values for the vSRX VNF are + root/vsrx1234, respectively. + + + + + Create the Fortigate FW instance: + + + + Use FortiFW-Site1.conf as the + Cloud-Init file. + + + + Add .lic (not part of the folder) as + the license file. + + + + Add virtual interfaces: + + + + Management interface added to + vnf_mgmt_br. + + + + WAN interface added to + sfc_br. + + + + LAN interface added to + lan_br. + + + + + + + The login/password values for the Fortigate VNF are + admin/<empty password>, + respectively. + + + + + At this point the service will be up and running on Site1. Repeat + the steps to instantiate a VNF for Site2, by changing the configuration + files accordingly. + + After the service is deployed on both branches, the VPN tunnel is + established and LAN to LAN visibility can be verified by connecting one + device on each uCPE LAN port. +
+ +
+ Testing the Use-case + + Before testing LAN to LAN connectivity, preliminary tests of + service can be run to ensure everything was set up properly. For + instance, by connecting to vSRX CLI (any site), one can test IKE + security associations: + + root@Atom-C3000:~ # cli +root@Atom-C3000> show security ike security-associations +Index State Initiator cookie Responder cookie Mode Remote Address +1588673 UP 2f2047b144ebfce4 0000000000000000 Aggressive 10.1.1.2 +... +root@Atom-C3000> show security ike security-associations index 1588673 detail +... + + Also, from the vSRX CLI, a user can check that the VPN tunnel was + established and get statistics of the packets passing the tunnel: + + root@Atom-C3000> show security ipsec security-associations +... +root@Atom-C3000> show security ipsec statistics index <xxxxx> +... + + From the Fortigate Firewall CLI on Site 1, one can check + connectivity to the remote Fortigate FW (from Site 2): + + FGVM080000136187 # execute ping 192.168.168.2 +PING 192.168.168.2 (192.168.168.2): 56 data bytes +64 bytes from 192.168.168.2: icmp_seq=0 ttl=255 time=0.0 ms +64 bytes from 192.168.168.2: icmp_seq=1 ttl=255 time=0.0 ms +64 bytes from 192.168.168.2: icmp_seq=2 ttl=255 time=0.0 ms +... + + Since VNF management ports were configured to get IPs through + DHCP, the user can use a Web-based management UI to check and modify the + configuration settings of both vSRX and Fortigate. + + For example, in the case of vSRX, from the VNF CLI you can list + the virtual interfaces as below: + + root@Atom-C3000> show interfaces terse +... +fxp0.0 up up inet 172.24.15.92/22 +gre up up +ipip up up +... + + When using provided configurations, the VNF management port for + Juniper vSRX is always fxp0.0. + + In the case of Fortigate, from the VNF CLI you can list the + virtual interfaces as such: + + FGVM080000136187 # get system interface +== [ port1 ] +name: port1 mode: dhcp ip: 172.24.15.94 255.255.252.0 status: up netbios-forward: +disable type: physical netflow-sampler: disable sflow-sampler: disable... +... + + When using provided configurations, the VNF management port for + Fortigate is always port1. + + If functionality is as intended, LAN-to-LAN connectivity can be + checked (through the VPN tunnel) by using two devices (PC/laptop) + connected to the LAN ports of each uCPE. Optionally, these devices can + be simulated by using Enea's sample VNF running on both uCPEs and + connected to the lan_br on each side. Please note + that instructions for onboarding and instantiating this VNF is not in + the scope of this document. + + Since Fortigate VNF, which is acting as router and firewall, is + configured to be the DHCP server for the LAN network, the device + interface connected to the uCPE LAN port has to be configured to get + dinamically assigned IPs. These IPs are in the 172.0.0.0/24 network for + Site1 and the 172.10.10.0/24 network for Site2. Therefore, site-to-site + connectivity can be checked (from Site1) as such: + + root@atom-c3000:~# ping 172.10.10.2 +PING 172.10.10.1 (172.10.10.2): 56 data bytes +... +
+
+ \ No newline at end of file diff --git a/doc/book-enea-edge-example-usecases/swcomp.mk b/doc/book-enea-edge-example-usecases/swcomp.mk new file mode 100755 index 0000000..83f672c --- /dev/null +++ b/doc/book-enea-edge-example-usecases/swcomp.mk @@ -0,0 +1,10 @@ +# Component build specification + +# Version of THIS book +BOOK_VER ?= $(REL_VER)-dev + +DOCBOOK_SRC := $(COMP)/swcomp.mk $(COMP)/doc/book.xml $(shell find $(COMP)/doc -type f \( -name "*.xml" -o -name "*.svg" -o -name "*.png" \) ! -name "book.xml" -print) + +BOOKPACKAGES := book-enea-edge-example-usecases +BOOKDESC_$(BOOKPACKAGES) := "Enea Edge $(PROD_VER) Example Use-cases" +BOOKDEFAULTCONDITION := $(DEFAULTCONDITIONS) -- cgit v1.2.3-54-g00ecf From 4a4215c0c2e1d64d70d07f0f7e47b7395b72c013 Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 23 Mar 2021 16:25:38 +0100 Subject: USERDOCAP-636 Example Usecase updates Change-Id: I0ffe57e5099e6f380975191b4f8270bc8889d9a9 --- .../doc/automation_framework_test_harness.xml | 4 ++-- doc/book-enea-edge-auto-fw-th-user-guide/doc/book.xml | 2 +- doc/book-enea-edge-example-usecases/doc/appendix_4.xml | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) (limited to 'doc/book-enea-edge-example-usecases') diff --git a/doc/book-enea-edge-auto-fw-th-user-guide/doc/automation_framework_test_harness.xml b/doc/book-enea-edge-auto-fw-th-user-guide/doc/automation_framework_test_harness.xml index 6a47839..8c4ee5e 100644 --- a/doc/book-enea-edge-auto-fw-th-user-guide/doc/automation_framework_test_harness.xml +++ b/doc/book-enea-edge-auto-fw-th-user-guide/doc/automation_framework_test_harness.xml @@ -38,8 +38,8 @@ All options contain either -n, -o or both. One of them must always be provided, if both are provided, -o has priority, and -n is thus ignored. - In the following script examples Enea Edge Management - is reffered as Enea uCPE Manager. + In the following script examples, Enea Edge Management + is reffered as Enea uCPE Manager. The /unittestSuite folder contains JSON files for diff --git a/doc/book-enea-edge-auto-fw-th-user-guide/doc/book.xml b/doc/book-enea-edge-auto-fw-th-user-guide/doc/book.xml index e0a5cdf..a1ffed1 100644 --- a/doc/book-enea-edge-auto-fw-th-user-guide/doc/book.xml +++ b/doc/book-enea-edge-auto-fw-th-user-guide/doc/book.xml @@ -4,7 +4,7 @@ ]> - <trademark class="registered">Enea</trademark> Enea Edge Automation Framework and Test Harness User Guide + <trademark class="registered">Enea</trademark> Edge Automation Framework and Test Harness User Guide Release Version - Running Enea Automation Framework and Test Harness + Running Enea Edge Automation Framework and Test Harness - For more detailed information regarding the Automation Framework and + For more detailed information regarding the Enea Edge Automation Framework and Test Harness please see the . - The most relevant information from the Automation Framework and Test + The most relevant information from the Enea Edge Automation Framework and Test Harness structure is presented below: |---automation_framework @@ -64,7 +64,7 @@ - version - The NFVA version. + version - The Enea Edge Runtime version. @@ -81,7 +81,7 @@ the uCPE Device needs to be added into Enea Edge Management. - To properly set up the Automation Framework and Test Harness please + To properly set up the Enea Edge Automation Framework and Test Harness please see Installation and Initial Setup in the