summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/book-enea-nfv-access-example-usecases/doc/book.xml2
-rw-r--r--doc/book-enea-nfv-access-example-usecases/doc/example_usecases.xml (renamed from doc/book-enea-nfv-access-example-usecases/doc/demo_usecases.xml)1442
-rwxr-xr-xdoc/book-enea-nfv-access-example-usecases/doc/images/example_setup.pngbin0 -> 49368 bytes
-rw-r--r--doc/book-enea-nfv-access-getting-started/doc/getting_started_nfv_access.xml7
-rw-r--r--doc/book-enea-nfv-access-getting-started/doc/introduction.xml3
5 files changed, 886 insertions, 568 deletions
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/book.xml b/doc/book-enea-nfv-access-example-usecases/doc/book.xml
index 145a6fd..c4c6397 100644
--- a/doc/book-enea-nfv-access-example-usecases/doc/book.xml
+++ b/doc/book-enea-nfv-access-example-usecases/doc/book.xml
@@ -15,6 +15,6 @@
15 <xi:include href="../../s_docbuild/template/docsrc_common/bookinfo_userdoc.xml" 15 <xi:include href="../../s_docbuild/template/docsrc_common/bookinfo_userdoc.xml"
16 xmlns:xi="http://www.w3.org/2001/XInclude" /> 16 xmlns:xi="http://www.w3.org/2001/XInclude" />
17 17
18 <xi:include href="demo_usecases.xml" 18 <xi:include href="example_usecases.xml"
19 xmlns:xi="http://www.w3.org/2001/XInclude" /> 19 xmlns:xi="http://www.w3.org/2001/XInclude" />
20</book> 20</book>
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/demo_usecases.xml b/doc/book-enea-nfv-access-example-usecases/doc/example_usecases.xml
index 76fd2cf..7934d71 100644
--- a/doc/book-enea-nfv-access-example-usecases/doc/demo_usecases.xml
+++ b/doc/book-enea-nfv-access-example-usecases/doc/example_usecases.xml
@@ -1,386 +1,445 @@
1<?xml version="1.0" encoding="ISO-8859-1"?> 1<?xml version="1.0" encoding="ISO-8859-1"?>
2<chapter id="demo_usecases"> 2<chapter id="example_usecases">
3 <title>Demo Use Cases Manual</title> 3 <title>Example Use Cases Manual</title>
4 4
5 <para>This book will detail various demo use cases that a user can 5 <para>This book will detail various example use cases that a user can
6 experiment with.</para> 6 experiment with.</para>
7 7
8 <section id="clav_vnf_demo"> 8 <section id="clav_vnf_example">
9 <title>Clavister VNF Demo</title> 9 <title>Clavister VNF Examples</title>
10 10
11 <para>In this use case, <literal>target_1</literal> will run the Clavister 11 <section id="clav_vnf">
12 VNF and an Open vSwitch bridge.</para> 12 <title>Clavister VNF</title>
13 13
14 <figure> 14 <para>In this use case, <literal>target_1</literal> will run the
15 <title>Clavister VNF Demo Overview</title> 15 Clavister VNF and an Open vSwitch bridge and <literal>target_2</literal>
16 two iPerf VNFs.</para>
16 17
17 <mediaobject> 18 <figure>
18 <imageobject> 19 <title>Clavister VNF Example Overview</title>
19 <imagedata align="center" fileref="images/clavister_vnf_diagram.png"
20 scale="50" />
21 </imageobject>
22 </mediaobject>
23 </figure>
24 20
25 <para><emphasis role="bold">How to setup the target to run the Clavister 21 <mediaobject>
26 VNF and an Open vSwitch Bridge</emphasis></para> 22 <imageobject>
23 <imagedata align="center"
24 fileref="images/clavister_vnf_diagram.png" scale="50" />
25 </imageobject>
26 </mediaobject>
27 </figure>
27 28
28 <orderedlist> 29 <para><emphasis role="bold">How to setup the target to run the Clavister
29 <listitem> 30 VNF and an Open vSwitch Bridge</emphasis></para>
30 <para>Network interfaces must be bound to the DPDK (target_1 -&gt;
31 Configuration -&gt; OpenVSwitch -&gt; Host Interfaces -&gt;
32 Add):</para>
33
34 <figure>
35 <title>Adding Host Interfaces</title>
36
37 <mediaobject>
38 <imageobject>
39 <imagedata align="center"
40 fileref="images/add_host_interface.png" scale="80" />
41 </imageobject>
42 </mediaobject>
43 </figure>
44 </listitem>
45 31
46 <listitem> 32 <orderedlist>
47 <para>Select the network interface that will be used to connect to the 33 <para><emphasis role="bold">Network Configuration for target_1 and
48 second target, configure it for DPDK, and click "Create" to send the 34 target_2</emphasis></para>
49 configuration to the target:</para>
50
51 <figure>
52 <title>Host Interface Creation</title>
53
54 <mediaobject>
55 <imageobject>
56 <imagedata align="center"
57 fileref="images/host_interface_creation.png" />
58 </imageobject>
59 </mediaobject>
60 </figure>
61 </listitem>
62 35
63 <listitem> 36 <listitem>
64 <para>Create an Open vSwitch bridge (<literal>ovsbr0</literal>) with 37 <para>From uCPE Manager select the target_1:
65 one DPDK interface by selecting the "Add" button from the "Bridges" 38 <literal>Configuration</literal> -&gt;
66 tab:</para> 39 <literal>OpenVSwitch</literal> -&gt; H<literal>ost
67 40 Interfaces</literal> -&gt; <literal>Add</literal></para>
68 <figure> 41 </listitem>
69 <title>The Bridges Tab</title>
70
71 <mediaobject>
72 <imageobject>
73 <imagedata align="center" fileref="images/bridges_tab.png"
74 scale="80" />
75 </imageobject>
76 </mediaobject>
77 </figure>
78
79 <para>Once the bridge creation popup appears, fill the fields and add
80 the physical interface:</para>
81
82 <figure>
83 <title>OVS bridge</title>
84
85 <mediaobject>
86 <imageobject>
87 <imagedata align="center" fileref="images/ovs_bridge_zero.png"
88 scale="80" />
89 </imageobject>
90 </mediaobject>
91 </figure>
92 </listitem>
93 42
94 <listitem> 43 <listitem>
95 <para>Repeat these steps on the second target (target_2), by also 44 <para>Select the network interface that will be used to connect to
96 using one DPDK interface and creating an OVS bridge.</para> 45 the second target, configure it for DPDK, and click
46 <literal>Create</literal> to send the configuration to the
47 target:</para>
48
49 <figure>
50 <title>Host Interface Creation</title>
51
52 <mediaobject>
53 <imageobject>
54 <imagedata align="center"
55 fileref="images/host_interface_creation.png" />
56 </imageobject>
57 </mediaobject>
58 </figure>
59 </listitem>
60
61 <listitem>
62 <para>Create an Open vSwitch bridge (<literal>ovsbr0</literal>) with
63 one DPDK interface by selecting the <literal>Add</literal> button
64 from the <literal>Bridges</literal> tab.</para>
65 </listitem>
66
67 <listitem>
68 <para>Once the bridge creation popup appears, fill the fields and
69 add the physical interface:</para>
70
71 <figure>
72 <title>OVS bridge</title>
73
74 <mediaobject>
75 <imageobject>
76 <imagedata align="center" fileref="images/ovs_bridge_zero.png"
77 scale="80" />
78 </imageobject>
79 </mediaobject>
80 </figure>
81 </listitem>
82
83 <listitem>
84 <para>Repeat the steps above on the target_2, by also using one DPDK
85 interface and creating an OVS bridge.</para>
86 </listitem>
87 </orderedlist>
88
89 <orderedlist>
90 <para><emphasis role="bold">Instantiate the VNFs:</emphasis></para>
97 91
98 <para>Once the network configuration has been completed on both 92 <para>Once the network configuration has been completed on both
99 targets, VNFs can be instantiated.</para> 93 targets instantiate the VNFs:</para>
100 </listitem>
101 94
102 <listitem> 95 <para><emphasis role="bold">A) Instantiate Clavister VNF on
103 <para>Before instantiating the iPerf VNF, a flavor needs to be 96 target_1:</emphasis></para>
104 reconfigured to use two cores and 2 GB of RAM.</para>
105
106 <para>Please follow the steps in the figure below to reconfigure the
107 flavor (target_2 -&gt; Configuration (1) -&gt; Virtual Machines -&gt;
108 Double Click on Iperf flavor (2)):</para>
109
110 <figure>
111 <title>Reconfiguring the Flavor</title>
112
113 <mediaobject>
114 <imageobject>
115 <imagedata align="center"
116 fileref="images/reconfiguring_flavor.png" scale="40" />
117 </imageobject>
118 </mediaobject>
119 </figure>
120
121 <note>
122 <para>The Clavister VNF will be instantiated on target_1.</para>
123 </note>
124 </listitem>
125 97
126 <listitem> 98 <listitem>
127 <para>Select the target_1 device, click the "VNF" button from the top 99 <para>Select the target_1, then the VNF option from the top toolbar:
128 toolbar menu and click "Add" in the new window at the bottom of the 100 <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
129 screen:</para> 101 <literal>Add</literal>.</para>
130 102 </listitem>
131 <figure>
132 <title>Creating a new VNF</title>
133
134 <mediaobject>
135 <imageobject>
136 <imagedata align="center" fileref="images/new_vnf.png"
137 scale="50" />
138 </imageobject>
139 </mediaobject>
140 </figure>
141 </listitem>
142 103
143 <listitem> 104 <listitem>
144 <para>Fill in the required information about the Clavister VNF, (the 105 <para>Fill in the required information about the
145 default network configuration can be used):</para> 106 <literal>Clavister</literal> VNF, (the default network configuration
146 107 can be used):</para>
147 <figure>
148 <title>VNF Instance</title>
149
150 <mediaobject>
151 <imageobject>
152 <imagedata align="center" fileref="images/vnf_instance.png"
153 scale="80" />
154 </imageobject>
155 </mediaobject>
156 </figure>
157 </listitem>
158 108
159 <listitem> 109 <figure>
160 <para>On target_2, two iPerf VNFs will be instantiated. One will act 110 <title>VNF Instance</title>
161 as the server and the second as the client.</para>
162 </listitem>
163 111
164 <listitem> 112 <mediaobject>
165 <para>Select target_2, then the VNF option from the top toolbar (VNF 113 <imageobject>
166 -&gt; Instances -&gt; Add):</para> 114 <imagedata align="center" fileref="images/vnf_instance.png"
167 115 scale="80" />
168 <figure> 116 </imageobject>
169 <title>Target 2 VNF Instance</title> 117 </mediaobject>
170 118 </figure>
171 <mediaobject> 119 </listitem>
172 <imageobject> 120 </orderedlist>
173 <imagedata align="center" fileref="images/t2_vnf_instance.png"
174 scale="60" />
175 </imageobject>
176 </mediaobject>
177 </figure>
178 </listitem>
179 121
180 <listitem> 122 <orderedlist>
181 <para>In the "VNF Instance" window, select the first "iPerf" VNF from 123 <para><emphasis role="bold">B) Instantiate two iPerf VNFs (one as
182 the dropdown menu, configure it to act as a server by unchecking the 124 client and one as server) on target_2: </emphasis></para>
183 "Client mode IPerf" box, and click the "Create" button:</para>
184
185 <figure>
186 <title>VNF instance in server mode</title>
187
188 <mediaobject>
189 <imageobject>
190 <imagedata align="center"
191 fileref="images/vnf_instance_server.png" scale="80" />
192 </imageobject>
193 </mediaobject>
194 </figure>
195 </listitem>
196 125
197 <listitem> 126 <listitem>
198 <para>Select "Add", enable the "Client mode IPerf" checkbox and then 127 <para>Instantiate two <literal>iPerf</literal> VNFs on target_2. One
199 click "Create" to instantiate the second iPerf VNF as a client, and to 128 will act as the server and the second as the client.</para>
200 run it in client mode:</para> 129 </listitem>
201
202 <figure>
203 <title>VNF instance in client mode</title>
204
205 <mediaobject>
206 <imageobject>
207 <imagedata align="center"
208 fileref="images/vnf_instance_client.png" scale="80" />
209 </imageobject>
210 </mediaobject>
211 </figure>
212 </listitem>
213 130
214 <listitem> 131 <listitem>
215 <para>In order to check that traffic is forwarded between the VNFs, 132 <para>Select target_2, then the VNF option from the top toolbar:
216 connect to the iPerf VNF client console (target_2 -&gt; SSH - &gt; 133 <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
217 user:root -&gt; Connect) and run the following:</para> 134 <literal>Add</literal>.</para>
135 </listitem>
136
137 <listitem>
138 <para>In the <literal>VNF Instance</literal> window, select the
139 first <literal>iPerf</literal> VNF from the dropdown menu, configure
140 it to act as a server by unchecking the <literal>Client mode
141 IPerf</literal> box, and click the <literal>Create</literal>
142 button.</para>
143 </listitem>
144
145 <listitem>
146 <para>Select <literal>Add</literal>, enable the <literal>Client mode
147 IPerf</literal> checkbox and then click <literal>Create</literal> to
148 instantiate the second <literal>iPerf VNF</literal> as a client, and
149 to run it in client mode.</para>
150 </listitem>
151
152 <listitem>
153 <para>In order to check that traffic is forwarded between the VNFs,
154 connect to the iPerf VNF client console:</para>
155
156 <para>Connect to the target_2 by using: <literal>SSH</literal> -&gt;
157 <literal>user</literal> (root) -&gt;<literal>Connect</literal> and
158 run the following:</para>
218 159
219 <programlisting>virsh list 160 <programlisting>virsh list
220virsh console 161virsh console
221root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting> 162root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting>
222 </listitem> 163 </listitem>
223 </orderedlist> 164 </orderedlist>
165 </section>
166
167 <section id="clav_example_sriov">
168 <title>Clavister VNF using SR-IOV</title>
169
170 <para>In this use case, target 1 will run the iPerf server and iPerf
171 client VNFs using SR-IOV and target 2 will run the Clavister VNF using
172 SR-IOV with two virtual functions (vf1 and vf2):</para>
173
174 <figure>
175 <title>Example Overview</title>
176
177 <mediaobject>
178 <imageobject>
179 <imagedata align="center"
180 fileref="images/clav_VNF_demo_SR-IOV.png" scale="60" />
181 </imageobject>
182 </mediaobject>
183 </figure>
184
185 <orderedlist>
186 <listitem>
187 <para>On target 2, create an SR-IOV configuration with 2 virtual
188 functions: <literal>Configuration</literal> -&gt;
189 <literal>OpenVSwitch</literal> -&gt; <literal>Host
190 Interfaces</literal> -&gt; <literal>Add</literal>:</para>
191
192 <figure>
193 <title>SR-IOV configuration with 2 virtual functions</title>
194
195 <mediaobject>
196 <imageobject>
197 <imagedata align="center"
198 fileref="images/sriov_configuration.png" scale="80" />
199 </imageobject>
200 </mediaobject>
201 </figure>
202 </listitem>
203
204 <listitem>
205 <para>Instantiate the Clavister VNF on target 2, by clicking
206 <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
207 <literal>Add</literal>.</para>
208
209 <para>Select <literal>SrIovAdapterPool</literal> as an Interface
210 type for both Interface1 type and 2 type, before clicking
211 <literal>Create</literal>:</para>
212
213 <figure>
214 <title>Instantiating the Clavister VNF on target 2</title>
215
216 <mediaobject>
217 <imageobject>
218 <imagedata align="center" fileref="images/srlov_adap_pool.png"
219 scale="70" />
220 </imageobject>
221 </mediaobject>
222 </figure>
223 </listitem>
224
225 <listitem>
226 <para>On target 1, create an SR-IOV interface as done in step
227 1.</para>
228 </listitem>
229
230 <listitem>
231 <para>Create the iPerf server on target 1. Select
232 <literal>SrIovAdapterPool</literal> as an Interface type:</para>
233
234 <figure>
235 <title>IPerf Server Interface Type</title>
236
237 <mediaobject>
238 <imageobject>
239 <imagedata align="center"
240 fileref="images/iperf_server_inttype.png"
241 scale="70" />
242 </imageobject>
243 </mediaobject>
244 </figure>
245 </listitem>
246
247 <listitem>
248 <para>Create the iPerf client on target 1. Select
249 <literal>SrIovAdapterPool</literal> as an Interface type and tick
250 the <literal>Client mode IPer</literal> checkbox:</para>
251
252 <figure>
253 <title>IPerf Client Interface Type</title>
254
255 <mediaobject>
256 <imageobject>
257 <imagedata align="center"
258 fileref="images/iperf_client_inttype.png"
259 scale="70" />
260 </imageobject>
261 </mediaobject>
262 </figure>
263 </listitem>
264
265 <listitem>
266 <para>In order to check that traffic is forwarded between the VNFs,
267 connect to the iPerf VNF client console by using:
268 <literal>SSH</literal> -&gt; <literal>user</literal> (root)
269 -&gt;<literal>Connect</literal> and run the following
270 commands:<programlisting>virsh list
271virsh console
272root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting></para>
273 </listitem>
274 </orderedlist>
275 </section>
224 </section> 276 </section>
225 277
226 <section id="enea_vnf_demo"> 278 <section id="enea_vnf_examples">
227 <title>Enea VNF demo</title> 279 <title>Enea VNF Examples</title>
228 280
229 <para>Use case description: pktgen[DPDK] - PHY1 - PHY2 - [DPDK]OVS - 281 <section id="enea_vnf">
230 VM[DPDK]testpmd(forwarding) - OVS[DPDK] - VM[DPDK] 282 <title>TestPMD VNF</title>
231 testpmd(termination).</para>
232 283
233 <figure> 284 <para>Use case description: pktgen[DPDK] - PHY1 - PHY2 - [DPDK]OVS -
234 <title>Enea VNF Demo Overview</title> 285 VM[DPDK]testpmd(forwarding) - OVS[DPDK] - VM[DPDK]
286 testpmd(termination).</para>
235 287
236 <mediaobject> 288 <figure>
237 <imageobject> 289 <title>Enea VNF Example Overview</title>
238 <imagedata align="center"
239 fileref="images/enea_vnf_demo_overview.png" scale="80" />
240 </imageobject>
241 </mediaobject>
242 </figure>
243 290
244 <para><emphasis role="bold">How to setup the Enea VNF 291 <mediaobject>
245 Demo</emphasis></para> 292 <imageobject>
293 <imagedata align="center"
294 fileref="images/enea_vnf_demo_overview.png" scale="80" />
295 </imageobject>
296 </mediaobject>
297 </figure>
246 298
247 <orderedlist> 299 <para><emphasis role="bold">How to setup the Enea VNF
248 <listitem> 300 Example</emphasis></para>
249 <para>Host interfaces must be bound to the DPDK (target_1 -&gt;
250 Configuration -&gt; OpenVSwitch -&gt; Host Interfaces -&gt;
251 Add):</para>
252
253 <figure>
254 <title>Adding OVS Host Interfaces</title>
255
256 <mediaobject>
257 <imageobject>
258 <imagedata align="center"
259 fileref="images/ovs_host_interface.png" scale="80" />
260 </imageobject>
261 </mediaobject>
262 </figure>
263 </listitem>
264 301
265 <listitem> 302 <orderedlist>
266 <para>Select the network interface that will be used to connect to the 303 <listitem>
267 second target and configure it for the DPDK:</para> 304 <para>Bind the host interfaces to the DPDK by selecting the
268 305 target_1: <literal>Configuration</literal> -&gt;
269 <figure> 306 <literal>OpenVSwitch</literal> -&gt; <literal>Host
270 <title>Configuring the host interface</title> 307 Interfaces</literal> -&gt; <literal>Add</literal>:</para>
271
272 <mediaobject>
273 <imageobject>
274 <imagedata align="center"
275 fileref="images/secondtar_hostinterface.png"
276 scale="90" />
277 </imageobject>
278 </mediaobject>
279 </figure>
280 </listitem>
281 308
282 <listitem> 309 <figure>
283 <para>Select the "Create" button to send the configuration to the 310 <title>Adding OVS Host Interfaces</title>
284 target. The same steps must also be performed on the target_2
285 device.</para>
286 </listitem>
287 311
288 <listitem> 312 <mediaobject>
289 <para>Create an OpenVSwitch bridge (<literal>ovsbr0</literal>) on 313 <imageobject>
290 target_1 that uses one DPDK interface, by selecting the "Add" button 314 <imagedata align="center"
291 from the Bridges tab (target_1 -&gt; Configuration -&gt; 315 fileref="images/ovs_host_interface.png" scale="80" />
292 OpenVSwitch-&gt; Bridges):</para> 316 </imageobject>
293 317 </mediaobject>
294 <figure> 318 </figure>
295 <title>OVS Bridge Table</title> 319 </listitem>
296
297 <mediaobject>
298 <imageobject>
299 <imagedata align="center" fileref="images/ovs_bridge_tab.png"
300 scale="75" />
301 </imageobject>
302 </mediaobject>
303 </figure>
304
305 <figure>
306 <title>Adding the interface to the OVS Bridge</title>
307
308 <mediaobject>
309 <imageobject>
310 <imagedata align="center" fileref="images/ovs_bridge_two.png"
311 scale="90" />
312 </imageobject>
313 </mediaobject>
314 </figure>
315 </listitem>
316 320
317 <listitem> 321 <listitem>
318 <para>Instantiate the TestPMD VNFs on target_1 (target_1 -&gt; VNF 322 <para>Select the network interface that will be used to connect to
319 -&gt; Instances -&gt; Add).</para> 323 the second target and configure it for the DPDK:</para>
320 </listitem>
321 324
322 <listitem> 325 <figure>
323 <para>Configure the VNF that forwards traffic:</para> 326 <title>Configuring the host interface</title>
324
325 <figure>
326 <title>Configuring the fwdVNF</title>
327
328 <mediaobject>
329 <imageobject>
330 <imagedata align="center" fileref="images/traffic_forward.png"
331 scale="85" />
332 </imageobject>
333 </mediaobject>
334 </figure>
335 </listitem>
336 327
337 <listitem> 328 <mediaobject>
338 <para>Configure the VNF that terminates traffic:</para> 329 <imageobject>
339 330 <imagedata align="center"
340 <figure> 331 fileref="images/secondtar_hostinterface.png"
341 <title>Configuring the termVNF</title> 332 scale="90" />
342 333 </imageobject>
343 <mediaobject> 334 </mediaobject>
344 <imageobject> 335 </figure>
345 <imagedata align="center" fileref="images/traffic_terminate.png" 336 </listitem>
346 scale="85" />
347 </imageobject>
348 </mediaobject>
349 </figure>
350 </listitem>
351 337
352 <listitem> 338 <listitem>
353 <para>Add OpenVSwitch flows to control this traffic:</para> 339 <para>Select the <literal>Create</literal> button to send the
354 340 configuration to the target. The same steps must also be performed
355 <figure> 341 on the target_2.</para>
356 <title>Configuring the FWD flow</title> 342 </listitem>
357
358 <mediaobject>
359 <imageobject>
360 <imagedata align="center" fileref="images/flow_fwd.png"
361 scale="90" />
362 </imageobject>
363 </mediaobject>
364 </figure>
365
366 <figure>
367 <title>Configuring the TERM flow</title>
368
369 <mediaobject>
370 <imageobject>
371 <imagedata align="center" fileref="images/flow_term.png"
372 scale="90" />
373 </imageobject>
374 </mediaobject>
375 </figure>
376 </listitem>
377 343
378 <listitem> 344 <listitem>
379 <para>Start pktgen on target_2. Connect to the device by using SSH 345 <para>Create an OpenVSwitch bridge (<literal>ovsbr0</literal>) on
380 (target2 -&gt; SSH -&gt; user (root)) and perform the 346 target_1 that uses one DPDK interface, by selecting the
381 following:</para> 347 <literal>Add</literal> button from the Bridges tab and then
348 selcting: <literal>Configuration</literal> -&gt;
349 <literal>OpenVSwitch</literal>-&gt;
350 <literal>Bridges</literal>:</para>
351
352 <figure>
353 <title>OVS Bridge Table</title>
354
355 <mediaobject>
356 <imageobject>
357 <imagedata align="center" fileref="images/ovs_bridge_tab.png"
358 scale="75" />
359 </imageobject>
360 </mediaobject>
361 </figure>
362
363 <figure>
364 <title>Adding the interface to the OVS Bridge</title>
365
366 <mediaobject>
367 <imageobject>
368 <imagedata align="center" fileref="images/ovs_bridge_two.png"
369 scale="90" />
370 </imageobject>
371 </mediaobject>
372 </figure>
373 </listitem>
374
375 <listitem>
376 <para>Instantiate the TestPMD VNFs on target_1 by selecting:
377 <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
378 <literal>Add</literal>.</para>
379 </listitem>
382 380
383 <programlisting>killall ovsdb-server ovs-vswitchd 381 <listitem>
382 <para>Configure the VNF that forwards traffic:</para>
383
384 <figure>
385 <title>Configuring the fwdVNF</title>
386
387 <mediaobject>
388 <imageobject>
389 <imagedata align="center" fileref="images/traffic_forward.png"
390 scale="85" />
391 </imageobject>
392 </mediaobject>
393 </figure>
394 </listitem>
395
396 <listitem>
397 <para>Configure the VNF that terminates traffic:</para>
398
399 <figure>
400 <title>Configuring the termVNF</title>
401
402 <mediaobject>
403 <imageobject>
404 <imagedata align="center"
405 fileref="images/traffic_terminate.png" scale="85" />
406 </imageobject>
407 </mediaobject>
408 </figure>
409 </listitem>
410
411 <listitem>
412 <para>Add OpenVSwitch flows to control this traffic:</para>
413
414 <figure>
415 <title>Configuring the FWD flow</title>
416
417 <mediaobject>
418 <imageobject>
419 <imagedata align="center" fileref="images/flow_fwd.png"
420 scale="90" />
421 </imageobject>
422 </mediaobject>
423 </figure>
424
425 <figure>
426 <title>Configuring the TERM flow</title>
427
428 <mediaobject>
429 <imageobject>
430 <imagedata align="center" fileref="images/flow_term.png"
431 scale="90" />
432 </imageobject>
433 </mediaobject>
434 </figure>
435 </listitem>
436
437 <listitem>
438 <para>Start pktgen on target_2. Connect to the target by using:
439 <literal>SSH</literal> -&gt; <literal>user</literal> (root) and
440 perform the following:</para>
441
442 <programlisting>killall ovsdb-server ovs-vswitchd
384rm -rf /etc/openvswitch/* 443rm -rf /etc/openvswitch/*
385mkdir -p /var/run/openvswitch 444mkdir -p /var/run/openvswitch
386modprobe igb_uio 445modprobe igb_uio
@@ -389,210 +448,111 @@ cd /usr/share/apps/pktgen/
389./pktgen -c 0x7 -n 4 --proc-type auto --socket-mem 256 -w 0000:05:00.3 -- \ 448./pktgen -c 0x7 -n 4 --proc-type auto --socket-mem 256 -w 0000:05:00.3 -- \
390 -P -m "[1:2].0" 449 -P -m "[1:2].0"
391Pktgen:/&gt; start 0</programlisting> 450Pktgen:/&gt; start 0</programlisting>
392 </listitem> 451 </listitem>
393 452
394 <listitem> 453 <listitem>
395 <para>Connect to the forwarder VNF in order to check the traffic 454 <para>Connect to the forwarder VNF in order to check the traffic
396 statistics (target_1 -&gt; SSH):</para> 455 statistics by selecting target_1: <literal>SSH</literal> -&gt;
456 <literal>user</literal> (root):</para>
397 457
398 <programlisting>Virsh list 458 <programlisting>Virsh list
399Virsh console 1 459Virsh console 1
400# Qemux86-64 login: root 460# Qemux86-64 login: root
401tail -f /opt/testpmd-out</programlisting> 461tail -f /opt/testpmd-out</programlisting>
402 462
403 <figure> 463 <figure>
404 <title>Traffic Statistics</title> 464 <title>Traffic Statistics</title>
405
406 <mediaobject>
407 <imageobject>
408 <imagedata align="center"
409 fileref="images/connection_information.png"
410 scale="70" />
411 </imageobject>
412 </mediaobject>
413 </figure>
414 </listitem>
415 </orderedlist>
416 </section>
417
418 <section id="clav_demo_sriov">
419 <title>Clavister VNF demo using SR-IOV</title>
420
421 <para>In this use case, target 1 will run the iPerf server and iPerf
422 client VNFs using SR-IOV and target 2 will run the Clavister VNF using
423 SR-IOV with two virtual functions (vf1 and vf2):</para>
424
425 <figure>
426 <title>Demo Overview</title>
427
428 <mediaobject>
429 <imageobject>
430 <imagedata align="center" fileref="images/clav_VNF_demo_SR-IOV.png"
431 scale="60" />
432 </imageobject>
433 </mediaobject>
434 </figure>
435 465
436 <orderedlist> 466 <mediaobject>
437 <listitem> 467 <imageobject>
438 <para>On target 2, create an SR-IOV configuration with 2 virtual 468 <imagedata align="center"
439 functions (target 2 -&gt; Configuration -&gt; OpenVSwitch -&gt; Host 469 fileref="images/connection_information.png"
440 Interfaces -&gt; Add):</para> 470 scale="70" />
441 471 </imageobject>
442 <figure> 472 </mediaobject>
443 <title>SR-IOV configuration with 2 virtual functions</title> 473 </figure>
444 474 </listitem>
445 <mediaobject> 475 </orderedlist>
446 <imageobject> 476 </section>
447 <imagedata align="center"
448 fileref="images/sriov_configuration.png" scale="80" />
449 </imageobject>
450 </mediaobject>
451 </figure>
452 </listitem>
453 477
454 <listitem> 478 <section id="vnf_pci">
455 <para>Instantiate the Clavister VNF on target 2, by clicking VNF -&gt; 479 <title>TestPMD VNF using PCI passthrough</title>
456 Instances -&gt; Add.</para>
457
458 <para>Select "SrIovAdapterPool" for both Interface1 type and 2 type,
459 before clicking "Create":</para>
460
461 <figure>
462 <title>Instantiating the Clavister VNF on target 2</title>
463
464 <mediaobject>
465 <imageobject>
466 <imagedata align="center" fileref="images/srlov_adap_pool.png"
467 scale="70" />
468 </imageobject>
469 </mediaobject>
470 </figure>
471 </listitem>
472 480
473 <listitem> 481 <para>In this use case, target 1 will run the Pktgen and target 2 will
474 <para>On target 1, create an SR-IOV interface as done in step 482 run the TestPMD VNF. Both will be using PCI passthrough:</para>
475 1.</para>
476 </listitem>
477 483
478 <listitem> 484 <figure>
479 <para>Create the iPerf server on target 1. Select "SrIovAdapterPool" 485 <title>TestPMD VNF using PCI passthrough Overview</title>
480 as an Interface type:</para>
481
482 <figure>
483 <title>IPerf Server Interface Type</title>
484
485 <mediaobject>
486 <imageobject>
487 <imagedata align="center"
488 fileref="images/iperf_server_inttype.png" scale="70" />
489 </imageobject>
490 </mediaobject>
491 </figure>
492 </listitem>
493 486
494 <listitem> 487 <mediaobject>
495 <para>Create the iPerf client on target 1. Select "SrIovAdapterPool" 488 <imageobject>
496 as an Interface type and tick the "Client mode IPerf" checkbox:</para> 489 <imagedata align="center" fileref="images/testPMD_VNF_PCI.png"
497 490 scale="65" />
498 <figure> 491 </imageobject>
499 <title>IPerf Client Interface Type</title> 492 </mediaobject>
500 493 </figure>
501 <mediaobject>
502 <imageobject>
503 <imagedata align="center"
504 fileref="images/iperf_client_inttype.png" scale="70" />
505 </imageobject>
506 </mediaobject>
507 </figure>
508 </listitem>
509 494
510 <listitem> 495 <orderedlist>
511 <para>In order to check that traffic is forwarded between the VNFs, 496 <listitem>
512 connect to the iPerf VNF client console (target 1 -&gt; SSH - &gt; 497 <para>Make sure that neither target 1 nor target 2 have any
513 user:root -&gt; Connect) and run the following 498 configured host interfaces by selcting target:
514 commands:<programlisting>virsh list 499 <literal>Configuration</literal> -&gt;
515virsh console 500 <literal>OpenVSwitch</literal> -&gt; <literal>Host
516root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting></para> 501 Interfaces</literal>.</para>
517 </listitem> 502 </listitem>
518 </orderedlist>
519 </section>
520 503
521 <section id="vnf_pci"> 504 <listitem>
522 <title>TestPMD VNF using PCI passthrough</title> 505 <para>On target 1 start the Pktgen VNF. Select
506 <literal>PciPassthrough</literal> as the Interface type.</para>
523 507
524 <para>In this use case, target 1 will run the Pktgen and target 2 will run 508 <para>From the drop-down list, select the PCI interface
525 the TestPMD VNF. Both will be using PCI passthrough:</para> 509 corresponding to the NIC which is connected to target 2:</para>
526 510
527 <figure> 511 <figure>
528 <title>TestPMD VNF using PCI passthrough Overview</title> 512 <title>Selecting the Pktgen VNF Interface</title>
529 513
530 <mediaobject> 514 <mediaobject>
531 <imageobject> 515 <imageobject>
532 <imagedata align="center" fileref="images/testPMD_VNF_PCI.png" 516 <imagedata align="center"
533 scale="65" /> 517 fileref="images/pciPass_interface.png" scale="70" />
534 </imageobject> 518 </imageobject>
535 </mediaobject> 519 </mediaobject>
536 </figure> 520 </figure>
521 </listitem>
537 522
538 <orderedlist> 523 <listitem>
539 <listitem> 524 <para>On target 2, start the TestPmdForwarder VNF. Select
540 <para>Make sure that neither target 1 nor target 2 have any configured 525 "PciPassthrough" as the Interface type. From the drop-down list,
541 host interfaces (target -&gt; Configuration -&gt; OpenVSwitch -&gt; 526 select the PCI interface corresponding to the NIC which is connected
542 Host Interfaces).</para> 527 to target 1:</para>
543 </listitem>
544 528
545 <listitem> 529 <figure>
546 <para>On target 1 start the Pktgen VNF. Select "PciPassthrough" as the 530 <title>Selecting the TestPmdForwarder VNF Interface</title>
547 Interface type.</para>
548
549 <para>From the drop-down list, select the PCI interface corresponding
550 to the NIC which is connected to target 2:</para>
551
552 <figure>
553 <title>Selecting the Pktgen VNF Interface</title>
554
555 <mediaobject>
556 <imageobject>
557 <imagedata align="center" fileref="images/pciPass_interface.png"
558 scale="70" />
559 </imageobject>
560 </mediaobject>
561 </figure>
562 </listitem>
563 531
564 <listitem> 532 <mediaobject>
565 <para>On target 2, start the TestPmdForwarder VNF. Select 533 <imageobject>
566 "PciPassthrough" as the Interface type. From the drop-down list, 534 <imagedata align="center"
567 select the PCI interface corresponding to the NIC which is connected 535 fileref="images/testpmd_fwdvnf_int.png" scale="70" />
568 to target 1:</para> 536 </imageobject>
569 537 </mediaobject>
570 <figure> 538 </figure>
571 <title>Selecting the TestPmdForwarder VNF Interface</title> 539 </listitem>
572
573 <mediaobject>
574 <imageobject>
575 <imagedata align="center"
576 fileref="images/testpmd_fwdvnf_int.png" scale="70" />
577 </imageobject>
578 </mediaobject>
579 </figure>
580 </listitem>
581 540
582 <listitem> 541 <listitem>
583 <para>To check that traffic is being forwarded from target 2, SSH to 542 <para>To check that traffic is being forwarded from target 2, SSH to
584 the target and connect to the VNFs console:</para> 543 the target and connect to the VNFs console:</para>
585 544
586 <programlisting>Right click on target 2 and select SSH. 545 <programlisting>Right click on target 2 and select SSH.
587Run: virsh list 546Run: virsh list
588Run: virsh console [VM NAME] 547Run: virsh console [VM NAME]
589Run: tail -f /opt/testpmd-out</programlisting> 548Run: tail -f /opt/testpmd-out</programlisting>
590 </listitem> 549 </listitem>
591 </orderedlist> 550 </orderedlist>
551 </section>
592 </section> 552 </section>
593 553
594 <section id="vnf_fortigate"> 554 <section id="vnf_fortigate">
595 <title>FortiGate VNF</title> 555 <title>FortiGate VNF Example</title>
596 556
597 <para>FortiGate virtual appliances <remark>is "appliances" the correct 557 <para>FortiGate virtual appliances <remark>is "appliances" the correct
598 word to use here?</remark> feature all of the security and networking 558 word to use here?</remark> feature all of the security and networking
@@ -893,9 +853,10 @@ Run: tail -f /opt/testpmd-out</programlisting>
893 <orderedlist> 853 <orderedlist>
894 <listitem> 854 <listitem>
895 <para>Start the setup by preparing each interface for attachment to 855 <para>Start the setup by preparing each interface for attachment to
896 a bridge. Bind the physical network interfaces to the DPDK (target 856 a bridge. Bind the physical network interfaces to the DPDK by
897 -&gt; Configuration -&gt; OpenVSwitch -&gt; Host Interfaces -&gt; 857 selecting the target: <literal>Configuration</literal> -&gt;
898 Add):</para> 858 <literal>OpenVSwitch</literal> -&gt; <literal>Host Interfaces
859 </literal>-&gt; <literal>Add</literal>:</para>
899 860
900 <figure> 861 <figure>
901 <title>Binding the physical network interface</title> 862 <title>Binding the physical network interface</title>
@@ -925,9 +886,11 @@ Run: tail -f /opt/testpmd-out</programlisting>
925 886
926 <listitem> 887 <listitem>
927 <para>Create one OpenVSwitch bridge for each firewall network 888 <para>Create one OpenVSwitch bridge for each firewall network
928 connection (WAN, LAN1 and LAN2), by selecting the "Add" button from 889 connection (WAN, LAN1 and LAN2), by selecting the
929 Bridges tab (target -&gt; Configuration -&gt; OpenvSwitch-&gt; 890 <literal>Add</literal> button from Bridges tab:
930 Bridges). A popup like the following should appear:</para> 891 <literal>Configuration</literal> -&gt;
892 <literal>OpenvSwitch</literal>-&gt; <literal>Bridges</literal>. A
893 popup like the following should appear:</para>
931 894
932 <figure> 895 <figure>
933 <title>Creating a bridge each Firewall Net. Connection</title> 896 <title>Creating a bridge each Firewall Net. Connection</title>
@@ -963,12 +926,12 @@ Run: tail -f /opt/testpmd-out</programlisting>
963 926
964 <orderedlist> 927 <orderedlist>
965 <listitem> 928 <listitem>
966 <para>To on-board the Fortigate VNF click the VNF tab in the top 929 <para>To on-board the Fortigate VNF click the <literal>VNF</literal>
967 toolbar and select the Descriptors button.</para> 930 tab in the top toolbar: <literal>VNF</literal> -&gt;
968 931 <literal>Descriptors</literal> -&gt; <literal>On-board
969 <para>Click on the "Descriptors(2)" -&gt; "On-board(3)" -&gt; 932 </literal>-&gt; <literal>Browse</literal> options, and select the
970 "Browse(4)" options, and select the "Fortigate.zip" file, before 933 <literal>Fortigate.zip</literal> file, before clicking
971 clicking "Send":</para> 934 <literal>Send</literal>:</para>
972 935
973 <figure> 936 <figure>
974 <title>Selecting Descriptors</title> 937 <title>Selecting Descriptors</title>
@@ -983,8 +946,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
983 </listitem> 946 </listitem>
984 947
985 <listitem> 948 <listitem>
986 <para>Wait for the "Onboarding Status" popup to display the 949 <para>Wait for the <literal>Onboarding Status</literal> popup to
987 confirmation message (listed in green) and select "OK":</para> 950 display the confirmation message (listed in green) and select
951 <literal>OK</literal>:</para>
988 952
989 <figure> 953 <figure>
990 <title>Onboarding the new VNF</title> 954 <title>Onboarding the new VNF</title>
@@ -1004,8 +968,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
1004 968
1005 <orderedlist> 969 <orderedlist>
1006 <listitem> 970 <listitem>
1007 <para>Select the target device, then from the top toolbar the select 971 <para>Select the target, then from the top toolbar the select:
1008 "VNF" -&gt; "Instances" -&gt; "Add":</para> 972 <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
973 <literal>Add</literal>:</para>
1009 974
1010 <figure> 975 <figure>
1011 <title>Adding Instances to Target</title> 976 <title>Adding Instances to Target</title>
@@ -1193,8 +1158,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
1193 1158
1194 <orderedlist> 1159 <orderedlist>
1195 <listitem> 1160 <listitem>
1196 <para>SSH to the target device from the Lab Machine and attach to 1161 <para>Connect to the Fortigate VNF by using: <literal>SSH</literal>
1197 the VNF's console using the "virsh console" command shown 1162 -&gt; <literal>user</literal> (root) and attach to the VNF's console
1163 using the <literal>virsh console</literal> command shown
1198 below:</para> 1164 below:</para>
1199 1165
1200 <figure> 1166 <figure>
@@ -1210,11 +1176,12 @@ Run: tail -f /opt/testpmd-out</programlisting>
1210 </listitem> 1176 </listitem>
1211 1177
1212 <listitem> 1178 <listitem>
1213 <para>To access Fortigate CLI, use the credential "admin" for the 1179 <para>To access Fortigate CLI, use the credential
1214 user, leaving the password blank, then press enter.</para> 1180 <literal>admin</literal> for the user, leaving the password blank,
1181 then press enter.</para>
1215 1182
1216 <para>Use the CLI command "get system interface" to get the dynamic 1183 <para>Use the CLI command <literal>get system interface</literal> to
1217 interfaces configuration.</para> 1184 get the dynamic interfaces configuration.</para>
1218 1185
1219 <figure> 1186 <figure>
1220 <title>Acessing and configuring Fortigate CLI</title> 1187 <title>Acessing and configuring Fortigate CLI</title>
@@ -1621,8 +1588,10 @@ Run: tail -f /opt/testpmd-out</programlisting>
1621 1588
1622 <orderedlist> 1589 <orderedlist>
1623 <listitem> 1590 <listitem>
1624 <para>Bind physical interface to DPDK (target_1 -&gt; Configuration 1591 <para>Bind physical interface to DPDK by selecting the target_1:
1625 -&gt; OpenVSwitch -&gt; Host Interfaces -&gt; Add):</para> 1592 <literal>Configuration</literal> -&gt;
1593 <literal>OpenVSwitch</literal> -&gt; <literal>Host
1594 Interfaces</literal> -&gt; <literal>Add</literal>:</para>
1626 1595
1627 <figure> 1596 <figure>
1628 <title>Binding the Physical Interface</title> 1597 <title>Binding the Physical Interface</title>
@@ -1652,9 +1621,11 @@ Run: tail -f /opt/testpmd-out</programlisting>
1652 1621
1653 <listitem> 1622 <listitem>
1654 <para>Create one OpenVSwitch bridge for each SD-WAN network 1623 <para>Create one OpenVSwitch bridge for each SD-WAN network
1655 connection (VNF management, WAN and LAN) by selecting the "Add" 1624 connection (VNF management, WAN and LAN) by selecting the
1656 button from the Bridges tab (target -&gt; Configuration -&gt; 1625 <literal>Add</literal> button from the Bridges tab by selecting the
1657 OpenvSwitch-&gt; Bridges). A popup like this should appear:</para> 1626 target: <literal>Configuration</literal> -&gt;
1627 <literal>OpenvSwitch</literal>-&gt; <literal>Bridges</literal>. A
1628 popup like this should appear:</para>
1658 1629
1659 <figure> 1630 <figure>
1660 <title>Creating an OpenVSwitch bridge for an SD-WAN network 1631 <title>Creating an OpenVSwitch bridge for an SD-WAN network
@@ -1694,11 +1665,12 @@ Run: tail -f /opt/testpmd-out</programlisting>
1694 1665
1695 <orderedlist> 1666 <orderedlist>
1696 <listitem> 1667 <listitem>
1697 <para>To on-board a VNF, select a target device on the map and click 1668 <para>To on-board a VNF, select target on the map and click the
1698 the VNF button in the top toolbar. Then, click the "Descriptors" 1669 <literal>VNF</literal> button in the top toolbar. Then, click the
1699 -&gt; "On-board" -&gt; "Browse" options, and select the 1670 <literal>Descriptors</literal> -&gt; <literal>On-board</literal>
1671 -&gt; <literal>Browse</literal> options, and select the
1700 <filename>Fortigate.zip</filename> file, before clicking 1672 <filename>Fortigate.zip</filename> file, before clicking
1701 "Send":</para> 1673 <literal>Send</literal>:</para>
1702 1674
1703 <figure> 1675 <figure>
1704 <title>On-boarding FortiGate VNF</title> 1676 <title>On-boarding FortiGate VNF</title>
@@ -1713,8 +1685,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
1713 </listitem> 1685 </listitem>
1714 1686
1715 <listitem> 1687 <listitem>
1716 <para>Wait for the "Onboarding Status" popup to display the 1688 <para>Wait for the <literal>Onboarding Status</literal> popup to
1717 confirmation message and select "OK":</para> 1689 display the confirmation message and select
1690 <literal>OK</literal>:</para>
1718 1691
1719 <figure> 1692 <figure>
1720 <title>Successful Confirmation</title> 1693 <title>Successful Confirmation</title>
@@ -1738,8 +1711,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
1738 1711
1739 <orderedlist> 1712 <orderedlist>
1740 <listitem> 1713 <listitem>
1741 <para>Select the target, then from the top toolbar click on "VNF" 1714 <para>Select the target, then from the top toolbar click on
1742 and choose the "Instances" -&gt; "Add" options:</para> 1715 <literal>VNF</literal>-&gt; <literal>Instances</literal> -&gt;
1716 <literal>Add</literal> options:</para>
1743 1717
1744 <figure> 1718 <figure>
1745 <title>Adding an Instance</title> 1719 <title>Adding an Instance</title>
@@ -1861,7 +1835,7 @@ Run: tail -f /opt/testpmd-out</programlisting>
1861 VPN</emphasis></para> 1835 VPN</emphasis></para>
1862 1836
1863 <para>Once the full SD-WAN setup is in place a VPN connection needs to 1837 <para>Once the full SD-WAN setup is in place a VPN connection needs to
1864 established between the two devices. The Test Machines can be connected 1838 established between the two targets. The Test Machines can be connected
1865 to the LAN interface on each target.</para> 1839 to the LAN interface on each target.</para>
1866 1840
1867 <para>The connected Test Machine can be a laptop or a target that has 1841 <para>The connected Test Machine can be a laptop or a target that has
@@ -1886,8 +1860,8 @@ Run: tail -f /opt/testpmd-out</programlisting>
1886 </mediaobject> 1860 </mediaobject>
1887 </figure> 1861 </figure>
1888 1862
1889 <para>Test Machine-1 should be able to ping Test Machine-2 in this setup 1863 <para>Target 1 should be able to ping Test target 2 in this setup over
1890 over the WAN connection.</para> 1864 the WAN connection.</para>
1891 1865
1892 <para>In the figure above and this example, the FortiGate VNF management 1866 <para>In the figure above and this example, the FortiGate VNF management
1893 interface is accessible through a dedicated Mgmt interface. The Mgmt IP 1867 interface is accessible through a dedicated Mgmt interface. The Mgmt IP
@@ -1907,9 +1881,9 @@ Run: tail -f /opt/testpmd-out</programlisting>
1907 1881
1908 <para>In the case of an NFV Access device installed on a network with 1882 <para>In the case of an NFV Access device installed on a network with
1909 limited access, In-band management can be a solution to manage the device 1883 limited access, In-band management can be a solution to manage the device
1910 and to pass data traffic (through only one physical interface). This demo 1884 and to pass data traffic (through only one physical interface). This
1911 use-case will show how to enable the In-band management on the NFV Access 1885 example use-case will show how to enable the In-band management on the NFV
1912 device and to access a VNF on the same physical interface.</para> 1886 Access device and to access a VNF on the same physical interface.</para>
1913 1887
1914 <figure> 1888 <figure>
1915 <title>NFV Access In-band management solution setup</title> 1889 <title>NFV Access In-band management solution setup</title>
@@ -2202,4 +2176,350 @@ Run: tail -f /opt/testpmd-out</programlisting>
2202 LAN port, try a test ping to the internet e.g. "ping 8.8.8.8".</para> 2176 LAN port, try a test ping to the internet e.g. "ping 8.8.8.8".</para>
2203 </section> 2177 </section>
2204 </section> 2178 </section>
2205</chapter> \ No newline at end of file 2179
2180 <section id="vnf_chaining">
2181 <title>VNF Chaining Example</title>
2182
2183 <section id="VNF_chain_intro">
2184 <title>Introduction</title>
2185
2186 <para>The purpose of this chapter is to describe an example of how to
2187 setup and configure a branch-to-branch service comprised on two
2188 commercial VNFs (SD-WAN + Firewall), running in a service chain on top
2189 of Enea NFV Access virtualization platform and deployed through Enea
2190 uCPE Manager. In the example setup the following commercial VNFs are
2191 used: Juniper vSRX as SD-WAN VNF and Fortigate as
2192 Router/Firewall.</para>
2193
2194 <para>The setup requires two physical appliances (uCPEs), each of them
2195 having three DPDK-compatible NICs and one interface available for uCPE
2196 management (i.e. connected to Enea uCPE Manager). On each uCPE, one of
2197 the DPDK-compatible interfaces shall be connected back-to-back with one
2198 interface from the other uCPE device - this link is simulating
2199 WAN/uplink connection.</para>
2200
2201 <para>Optionally, one additional device (PC/laptop) can be connected on
2202 the LAN port of each branch for running LAN-to-LAN connectivity
2203 tests.</para>
2204
2205 <figure>
2206 <title>Example Setup</title>
2207
2208 <mediaobject>
2209 <imageobject>
2210 <imagedata align="center" fileref="images/example_setup.png"
2211 scale="90" />
2212 </imageobject>
2213 </mediaobject>
2214 </figure>
2215
2216 <note><para>For simplicity, image does not present management-plane, which will be
2217 described in the Setup steps.</para></note>
2218 </section>
2219
2220 <section id="crateing_setup">
2221 <title>Creating the setup</title>
2222
2223 <para>Both branches in the example have similar setups, therefore
2224 necessary step details are presented on only one branch. The second
2225 branch shall be configured in the same way, by changing corresponding
2226 VNFs configurations files.</para>
2227
2228 <orderedlist>
2229 <listitem>
2230 <para>Assign three physical interfaces to DPDK (for management, wan
2231 and lan). In the example, one of them gets IP through DHCP and it
2232 will be used exclusively for management plane.</para>
2233 </listitem>
2234
2235 <listitem>
2236 <para>Create the following OVS-DPDK bridges:</para>
2237
2238 <itemizedlist>
2239 <listitem>
2240 <para>vnf_mgmt_br : used by VNFs management ports.</para>
2241 </listitem>
2242
2243 <listitem>
2244 <para>wan_br : used by service uplink connection. In our case,
2245 Juniper vSRX will have its WAN virtual interface in this
2246 bridge.</para>
2247 </listitem>
2248
2249 <listitem>
2250 <para>sfc_br : used for creating the service chain. Each VNF
2251 will have a virtual interface in this bridge.</para>
2252 </listitem>
2253
2254 <listitem>
2255 <para>lan_br : used for LAN interface of the Fortigate
2256 FW.</para>
2257 </listitem>
2258 </itemizedlist>
2259 </listitem>
2260
2261 <listitem>
2262 <para>Add corresponding DPDK ports (see Step 1) to the management,
2263 wan and lan bridges (sfc_br does not have a physical port attached
2264 to it).</para>
2265
2266 <note>
2267 <para>This networking setup (Steps 1-3) can be modeled using
2268 Offline Configuration entry, so it is automatically provisioned on
2269 the uCPE, once it gets enrolled into the management system (uCPE
2270 Manager).</para>
2271 </note>
2272 </listitem>
2273
2274 <listitem>
2275 <para>Onboard Juniper vSRX using Onboarding Wizard:</para>
2276
2277 <itemizedlist>
2278 <listitem>
2279 <para>Flavor shall have at least 2 vCPUs and 4 GB RAM since vSRX
2280 is quite resource consuming. (We actually tested with 4 vCPUs/ 6
2281 GB RAM).</para>
2282 </listitem>
2283
2284 <listitem>
2285 <para>Add three virtual interfaces: management, wan and
2286 lan.</para>
2287 </listitem>
2288
2289 <listitem>
2290 <para>Select ISO/cdrom on the Cloud-Init tab.</para>
2291 </listitem>
2292 </itemizedlist>
2293 </listitem>
2294
2295 <listitem>
2296 <para>Onboard Fortigate FW using Onboarding Wizard:</para>
2297
2298 <itemizedlist>
2299 <listitem>
2300 <para>Flavor can be quite light in resources, e.g. 1 vCPU and 2
2301 GB RAM.</para>
2302 </listitem>
2303
2304 <listitem>
2305 <para>Add three virtual interfaces: management, wan and
2306 lan.</para>
2307 </listitem>
2308
2309 <listitem>
2310 <para>Select ConfigDrive/cdrom on the Cloud-Init tab.</para>
2311 </listitem>
2312
2313 <listitem>
2314 <para>Add <literal>license</literal> as Cloud-Init content on the Cloud-Init tab
2315 files.</para>
2316 </listitem>
2317 </itemizedlist>
2318
2319 <note>
2320 <para>Steps 4-5 shall be done only once, i.e. they will not be
2321 repeated for Site 2.</para>
2322 </note>
2323 </listitem>
2324
2325 <listitem>
2326 <para>Create vSRX instance:</para>
2327
2328 <itemizedlist>
2329 <listitem>
2330 <para>Use vSRX-Site1.iso as Cloud Init file.</para>
2331 </listitem>
2332
2333 <listitem>
2334 <para>Domain Update Script can be left empty for Atom C3000
2335 architecture, while for XeonD please use
2336 vSRX-domain-update-script file.</para>
2337 </listitem>
2338
2339 <listitem>
2340 <para>Add virtual interfaces:</para>
2341
2342 <itemizedlist>
2343 <listitem>
2344 <para>Management interface added to vnf_mgmt_br.</para>
2345 </listitem>
2346 </itemizedlist>
2347
2348 <itemizedlist>
2349 <listitem>
2350 <para>Wan interface added to wan_br.</para>
2351 </listitem>
2352 </itemizedlist>
2353
2354 <itemizedlist>
2355 <listitem>
2356 <para>Lan interface added to sfc_br.</para>
2357 </listitem>
2358 </itemizedlist>
2359 </listitem>
2360 </itemizedlist>
2361
2362 <note>
2363 <para>login/password for vSRX VNF are root/vsrx1234.</para>
2364 </note>
2365 </listitem>
2366
2367 <listitem>
2368 <para>Create Fortigate FW instance</para>
2369
2370 <itemizedlist>
2371 <listitem>
2372 <para>Use FortiFW-Site1.conf as Cloud Init file.</para>
2373 </listitem>
2374
2375 <listitem>
2376 <para>Add .lic file (not part of the folder) as license
2377 file.</para>
2378 </listitem>
2379
2380 <listitem>
2381 <para>Add virtual interfaces:</para>
2382
2383 <itemizedlist>
2384 <listitem>
2385 <para>Management interface added to vnf_mgmt_br.</para>
2386 </listitem>
2387 </itemizedlist>
2388
2389 <itemizedlist>
2390 <listitem>
2391 <para>Wan interface added to sfc_br.</para>
2392 </listitem>
2393 </itemizedlist>
2394
2395 <itemizedlist>
2396 <listitem>
2397 <para>Lan interface added to lan_br.</para>
2398 </listitem>
2399 </itemizedlist>
2400 </listitem>
2401 </itemizedlist>
2402
2403 <note>
2404 <para>login/password for Juniper VNF are admin/&lt;empty
2405 password&gt;.</para>
2406 </note>
2407 </listitem>
2408 </orderedlist>
2409
2410 <para>At this stage service shall be up and running on Site1. Repeat
2411 necessary steps of Site2, by changing configuration files. After service
2412 is deployed on both branches, VPN tunnel is established and we can
2413 verify LAN to LAN visibility by connecting one device on each uCPE LAN
2414 port (see below).</para>
2415 </section>
2416
2417 <section id="test_setup">
2418 <title>Testing the setup</title>
2419
2420 <para>Before testing LAN to LAN connectivity, one can run preliminary
2421 tests of service to ensure everything was set-up properly. For instance,
2422 by connecting to vSRX CLI (any site), one can test IKE security
2423 associations:</para>
2424
2425 <programlisting>root@Atom-C3000&gt; show security ike security-associations
2426Index State Initiator cookie Responder cookie Mode Remote Address
24271588673 UP 2f2047b144ebfce4 0000000000000000 Aggressive 10.1.1.2
2428...
2429root@Atom-C3000&gt; show security ike security-associations index 1588673 detail
2430...</programlisting>
2431
2432 <para>Also, from vSRX CLI, one can check that VPN tunnel was established
2433 and get statistics of the packets passing the tunnel:</para>
2434
2435 <programlisting>root@Atom-C3000&gt; show security ipsec security-associations
2436...
2437root@Atom-C3000&gt; show security ipsec statistics index &lt;xxxxx&gt;
2438...</programlisting>
2439
2440 <para>From Fortigate Firewall CLI on Site 1, one can check connectivity
2441 to remote Fortigate FW (from Site 2):</para>
2442
2443 <programlisting>FGVM080000136187 # execute ping 192.168.168.2
2444PING 192.168.168.2 (192.168.168.2): 56 data bytes
244564 bytes from 192.168.168.2: icmp_seq=0 ttl=255 time=0.0 ms
244664 bytes from 192.168.168.2: icmp_seq=1 ttl=255 time=0.0 ms
244764 bytes from 192.168.168.2: icmp_seq=2 ttl=255 time=0.0 ms
2448...</programlisting>
2449
2450 <para>As VNFs management ports were configured to get IPs through DHCP,
2451 one can use Web-based management UI to check and modify the
2452 configurations of both vSRX and Fortigate.</para>
2453
2454 <para>For example, in case of vSRX, from VNF CLI you can list the
2455 virtual interfaces as below:</para>
2456
2457 <programlisting>root@Atom-C3000&gt; show interfaces terse
2458...
2459fxp0.0 up up inet 172.24.15.92/22
2460gre up up
2461ipip up up
2462...
2463</programlisting>
2464
2465 <para>When using provided configurations, VNF management port of Juniper
2466 vSRX is always "fxp0.0".</para>
2467
2468 <para>In case of Fortigate, from VNF CLI you can list the virtual
2469 interfaces like :</para>
2470
2471 <programlisting>FGVM080000136187 # get system interface
2472== [ port1 ]
2473name: port1 mode: dhcp ip: 172.24.15.94 255.255.252.0 status: up netbios-forward:
2474disable type: physical netflow-sampler: disable sflow-sampler: disable...
2475...</programlisting>
2476
2477 <para>When using provided configurations, VNF management port of
2478 Fortigate is always "port1".</para>
2479
2480 <note>
2481 <para>Please note that VNFs' management ports will get dynamically
2482 allocated IPs only if physical NIC used for management is configured
2483 to get its IP through DHCP (see Step 1 from above).</para>
2484 </note>
2485
2486 <para>If everything is working, we can check LAN-to-LAN connectivity
2487 (through VPN tunnel) by using two devices (PC/laptop) connected to the
2488 LAN ports of each uCPE. Optionally, these devices can be simulated by
2489 using Enea's sample VNF running on both uCPEs and connected to the
2490 lan_br on each side. However, instructions for onboarding and
2491 instantiating this VNF is not in the scope of this document.</para>
2492
2493 <para>Since Fortigate VNF, which is acting as router and firewall, is
2494 configured to be DHCP server for LAN network, device interface connected
2495 to uCPE LAN port has to be configured to get dinamically assigned IP.
2496 These IPs are in 172.0.0.0/24 network for Site1 and 172.10.10.0/24
2497 network for Site2. Therefore, site-to-site connectivity can be checked
2498 like (from Site1):</para>
2499
2500 <programlisting>root@atom-c3000:~# ping 172.10.10.2
2501PING 172.10.10.1 (172.10.10.2): 56 data bytes
2502...
2503</programlisting>
2504 </section>
2505
2506 <section id="limitation">
2507 <title>Out-of-Scope/Limitations</title>
2508 <para>Below is a list of known limitations:</para>
2509 <itemizedlist>
2510 <listitem>
2511 <para>vSRX VNF has no trust-to-untrust and untrust-to-trust policies
2512 (only trust-to-vpn and vpn-to-trust were configured). Therefore,
2513 uCPEs were not configured for "direct Internet access"
2514 use-case.</para>
2515 </listitem>
2516
2517 <listitem>
2518 <para>Fortigate VNF has no "real" firewall policies set, i.e. all
2519 traffic from LAN is allowed to pass through WAN interface and
2520 vice-versa.</para>
2521 </listitem>
2522 </itemizedlist>
2523 </section>
2524 </section>
2525</chapter>
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/images/example_setup.png b/doc/book-enea-nfv-access-example-usecases/doc/images/example_setup.png
new file mode 100755
index 0000000..e6f6cf4
--- /dev/null
+++ b/doc/book-enea-nfv-access-example-usecases/doc/images/example_setup.png
Binary files differ
diff --git a/doc/book-enea-nfv-access-getting-started/doc/getting_started_nfv_access.xml b/doc/book-enea-nfv-access-getting-started/doc/getting_started_nfv_access.xml
index 3fdedad..ccb49e6 100644
--- a/doc/book-enea-nfv-access-getting-started/doc/getting_started_nfv_access.xml
+++ b/doc/book-enea-nfv-access-getting-started/doc/getting_started_nfv_access.xml
@@ -6,9 +6,8 @@
6 6
7 <para>Enea NFV Access is a virtualization and management platform for white 7 <para>Enea NFV Access is a virtualization and management platform for white
8 box uCPEs. It scales from ultra-low to high end CPEs, providing minimal 8 box uCPEs. It scales from ultra-low to high end CPEs, providing minimal
9 footprint and maximum networking performance. NFV Access can be deployed on 9 footprint and maximum networking performance. The NFV Access platform can be
10 large number of devices with various hardware configurations.</para> 10 deployed on a large number of devices with various hardware configurations.</para>
11
12 <section id="access_installer"> 11 <section id="access_installer">
13 <title>Enea NFV Access Installer</title> 12 <title>Enea NFV Access Installer</title>
14 13
@@ -277,7 +276,7 @@ of=/dev/sdb bs=4M conv=fsync</programlisting></para>
277 </listitem> 276 </listitem>
278 277
279 <listitem> 278 <listitem>
280 <para>To launch the installer, select <command>installer</command> 279 <para>To launch the installer, select the <command>installer</command>
281 option from the GRUB menu:</para> 280 option from the GRUB menu:</para>
282 281
283 <itemizedlist> 282 <itemizedlist>
diff --git a/doc/book-enea-nfv-access-getting-started/doc/introduction.xml b/doc/book-enea-nfv-access-getting-started/doc/introduction.xml
index c0496e7..1f5bb0b 100644
--- a/doc/book-enea-nfv-access-getting-started/doc/introduction.xml
+++ b/doc/book-enea-nfv-access-getting-started/doc/introduction.xml
@@ -98,8 +98,7 @@
98 </listitem> 98 </listitem>
99 </itemizedlist> 99 </itemizedlist>
100 <para>For additional information about features provided in Enea NFV 100 <para>For additional information about features provided in Enea NFV
101 Access, refer to the <olink targetdoc= 101 Access, refer to the Enea NFV Access Reference Guide
102 "book_enea_nfv_access_reference_guide_intel">Enea NFV Access Reference Guide</olink>
103 provided with your release. For how to install and run Enea 102 provided with your release. For how to install and run Enea
104 NFV Access on supported devices, please refer to <xref 103 NFV Access on supported devices, please refer to <xref
105 linkend="plat-release-content"> 104 linkend="plat-release-content">
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 23:08:54 +0000