Example Use-cases: Update Fortigate example

- Replace bundles with VNF images and update onboarding instructions - Remove screenshots of uCPE manager GUI - Cleanup of unnecessary information Change-Id I36ec799b5843be80c44c7606e6e7b8bc6b5979e6 Signed-off-by: Martin Borg <martin.borg@enea.com> Change-Id: I6f1f81443ca6d1c6764228cf1097ede8129c7c22
author: Martin Borg <martin.borg@enea.com> 2019-08-26 15:02:02 +0200
committer: Miruna Paun <Miruna.Paun@enea.com> 2019-09-04 18:11:48 +0200
commit: bcf37fdb8872b5073aa8ad919daca93090a48e61 (patch)
tree: 96ce0cb66df0e3b829b234b68594349bff1fbe99
parent: fd686f0cb191e2711b9aedae3dcfeeed474f98f4 (diff)
download: nfv-access-documentation-bcf37fdb8872b5073aa8ad919daca93090a48e61.tar.gz
1 files changed, 229 insertions, 455 deletions
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml b/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml
index 48f2995..6205ced 100644
--- a/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml
+++ b/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml
@@ -7,23 +7,10 @@
  appliances. The virtual appliances can be integrated in Firewall or SD-WAN
  solution development.</para>
-  <para>Enea provides a prepared VNF bundle for usage with Enea NFV Access.
-  The bundle includes the FortiGate VNF image as well as a VNF Descriptor and
-  other onboarding related configuration files.</para>
-  <para>The VNF Descriptor represents one specific setup, suitable for usage
-  with the Firewall and SD-WAN VPN instructions in this guide. Alternative VNF
-  Descriptor configurations may be needed to support other setups desired by
-  the customer.</para>
-  <para>Enea can offer assistance and provide alternative VNF Descriptor
-  configurations.</para>
  <section id="forti_firewall_prereq">
    <title>Prerequisites</title>
-    <para>The following hardware and software resources are needed for this
+    <para>System requirements for the uCPE device:</para>
-    example use case:</para>
    <itemizedlist>
      <listitem>
@@ -37,6 +24,15 @@
      <listitem>
        <para>1 GB of RAM memory</para>
      </listitem>
+    </itemizedlist>
+    <para>The following files are needed for this example use case:</para>
+    <itemizedlist>
+      <listitem>
+        <para>FortiGate VNF image. This file is provided by the local Fortinet
+        sales representatives in your region.</para>
+      </listitem>
      <listitem>
        <para>FortiGate VNF license file. This file is provided by the local
@@ -44,8 +40,13 @@
      </listitem>
      <listitem>
-        <para>FortiGate specific documentation. These files are provided by
+        <para>FortiGate specific documentation. This is provided by the local
-        the local Fortinet sales representatives in your region.</para>
+        Fortinet sales representatives in your region.</para>
+      </listitem>
+      <listitem>
+        <para>FortiGate configuration example files. These files are provided
+        with your Enea NFV Access release.</para>
      </listitem>
    </itemizedlist>
  </section>
@@ -53,13 +54,6 @@
  <section id="fortigate_firewall_uc_1">
    <title>FortiGate VNF as a Firewall</title>
-    <para>FortiGate Next Generation Firewall utilizes purpose-built security
-    processors and threat intelligence security services to deliver top-rated
-    protection and high performance, including encrypted traffic. FortiGate
-    reduces complexity with automated visibility into applications, users and
-    networks, and provides security ratings to adopt security best
-    practices.</para>
    <para>Enea provides an example of a simple base firewall configuration for
    the FortiGate VNF.</para>
@@ -67,7 +61,9 @@
      <title>FortiGate VNF Example Configuration</title>
      <tgroup cols="2">
-        <colspec align="center" />
+          <colspec align="center" colwidth="1*" />
+          <colspec align="center" colwidth="4*" />
        <thead>
          <row>
@@ -110,11 +106,11 @@
    </table>
    <para><superscript>1</superscript>FortiGate In-Band Management is a
-    feature for running FortiGate Management traffic over WAN.</para>
+    feature used for running FortiGate Management traffic over WAN.</para>
-    <para>Instructions on how to alter the default configuration are provided,
+    <para>Instructions on how to alter the default configuration are provided in section
    <olink targetdoc="book_enea_nfv_access_example_usecases"
-    targetptr="fortigate_webmg">FortiGate VNF Management in <xi:include
+    targetptr="fortigate_webmg">FortiGate VNF Web Management in <xi:include
    href="../../s_docbuild/olinkdb/pardoc-names.xml"
    xmlns:xi="http://www.w3.org/2001/XInclude"
    xpointer="element(book_enea_nfv_access_example_usecases/1)" /></olink>.</para>
@@ -123,8 +119,8 @@
      <title>Lab Setup</title>
      <para>Before starting the configuration of the FortiGate Firewall, a lab
-      setup of hardware and software configurations has to be built. The
+      setup concerning hardware and software components has to be created. The
-      following table illustrates the requirements.</para>
+      following table illustrates the requirements for this setup.</para>
      <table>
        <title>Lab Setup Prerequisites</title>
@@ -147,11 +143,11 @@
              <entrytbl cols="1">
                <tbody>
                  <row>
-                    <entry>DHCP enabled Lab Network</entry>
+                    <entry>DHCP enabled Lab Network.</entry>
                  </row>
                  <row>
-                    <entry>Internet Connectivity</entry>
+                    <entry>Internet Connectivity.</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -164,32 +160,32 @@
              <entrytbl cols="1">
                <tbody>
                  <row>
-                    <entry>Minimum 4 Physical Network Devices</entry>
+                    <entry>Minimum 4 Physical Network Devices.</entry>
                  </row>
                  <row>
-                    <entry>4 GB RAM and 4 cores (C3000 or Xeon D)</entry>
+                    <entry>4 GB RAM and 4 cores (C3000 or Xeon D).</entry>
                  </row>
                  <row>
-                    <entry>Enea NFV Access Installed</entry>
+                    <entry>Enea NFV Access Installed.</entry>
                  </row>
                  <row>
-                    <entry>WAN Connected to Lab Network</entry>
+                    <entry>WAN Connected to the Lab Network.</entry>
                  </row>
                  <row>
-                    <entry>LAN1 Connected to Test Machine</entry>
+                    <entry>LAN1 Connected to the Test Machine.</entry>
                  </row>
                  <row>
-                    <entry>LAN2 Unconnected</entry>
+                    <entry>LAN2 Unconnected.</entry>
                  </row>
                  <row>
                    <entry>ETH0 connected to the Lab Network (for Enea uCPE
-                    Manager communications)</entry>
+                    Manager communications).</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -201,15 +197,15 @@
              <entrytbl cols="1">
                <tbody>
                  <row>
-                    <entry>Connected to Lab Network</entry>
+                    <entry>Connected to the Lab Network.</entry>
                  </row>
                  <row>
-                    <entry>Running either Windows or CentOS</entry>
+                    <entry>Running either Windows or CentOS.</entry>
                  </row>
                  <row>
-                    <entry>Enea uCPE Manager installed</entry>
+                    <entry>The Enea uCPE Manager installed.</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -221,45 +217,15 @@
              <entrytbl cols="1">
                <tbody>
                  <row>
-                    <entry>Connected to Whitebox LAN</entry>
+                    <entry>Connected to Whitebox LAN.</entry>
-                  </row>
-                  <row>
-                    <entry>Internet Connectivity via LAN</entry>
                  </row>
                  <row>
-                    <entry>Configured as DHCP client on LAN</entry>
+                    <entry>Internet Connectivity via LAN.</entry>
-                  </row>
-                </tbody>
-              </entrytbl>
-            </row>
-            <row>
-              <entry align="left">FortiGate VNF</entry>
-              <entrytbl cols="1">
-                <tbody>
-                  <row>
-                    <entry>Copy the FortiGate VNF Bundle provided by Enea to
-                    the Lab Machine file system.</entry>
-                  </row>
-                  <row>
-                    <entry>Copy the FortiGate configuration examples from Enea
-                    to the Lab Machine file system. Unpack the configuration
-                    examples onto the Lab Machine.</entry>
-                  </row>
-                  <row>
-                    <entry>Retrieve the FortiGate VNF license file from
-                    Fortinet and store it on the Lab Machine file system. See
-                    FortiGate VNF for details.</entry>
                  </row>
                  <row>
-                    <entry>Optionally, retrieve FortiGate VNF documentation
+                    <entry>Configured as the DHCP client on LAN.</entry>
-                    from Fortinet. See FortiGate VNF for details.</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -274,7 +240,7 @@
        <mediaobject>
          <imageobject>
            <imagedata align="center" fileref="images/intel_whitebox.png"
-                       scale="45" />
+                       contentwidth="600" />
          </imageobject>
        </mediaobject>
      </figure>
@@ -283,93 +249,43 @@
    <section id="exam_setup_fortifirewall">
      <title>Use-case Setup</title>
-      <para><emphasis role="bold">Configuring Network Interfaces on uCPE
+      <para><emphasis role="bold">Network Configuration:</emphasis></para>
-      devices</emphasis></para>
-      <para>Before deploying the FortiGate Firewall, the Enea NFV Access
-      platform has to be configured to the specific networking setup.</para>
      <para>Since the firewall uses three External Network Interfaces, three
      bridges need to be configured. Each bridge provides the ability to
      connect a physical network interface to the virtual machines' virtual
-      network interface. Each physical to virtual network interface connection
+      network interface.</para>
-      is setup in two steps:</para>
-      <itemizedlist>
-        <listitem>
-          <para>Bind the physical network interfaces with a DPDK
-          driver.</para>
-        </listitem>
-        <listitem>
-          <para>Create a named bridge for each physical network
-          interface.</para>
-        </listitem>
-      </itemizedlist>
      <orderedlist>
        <listitem>
-          <para>Start the setup by preparing each interface for attachment to
+          <para>Select the uCPE device, access
-          a bridge. Bind the physical network interfaces to the DPDK by
+          <literal>Configuration</literal> and bind the three physical network
-          selecting the uCPE device, then accessing:
+          interfaces to DPDK.</para>
-          <literal>Configuration</literal> -&gt;
-          <literal>OpenVSwitch</literal> -&gt; <literal>Host Interfaces
-          </literal>-&gt; <literal>Add</literal>.</para>
-          <para>The result of binding these three physical network interfaces
-          should look like the following:</para>
-          <figure>
-            <title>Successful Binding</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center"
-                           fileref="images/result_of_binding.png" scale="65" />
-              </imageobject>
-            </mediaobject>
-          </figure>
-        </listitem>
-        <listitem>
-          <para>Create one Open vSwitch bridge for each firewall network
-          connection (WAN, LAN1 and LAN2), by selecting:
-          <literal>Configuration</literal> -&gt;
-          <literal>OpenVSwitch</literal> -&gt; <literal>Bridges</literal>
-          -&gt; <literal>Add</literal>.</para>
        </listitem>
        <listitem>
-          <para>Repeat this step for each type of connection until all are
+          <para>Create three OVS bridges, one for each DPDK network interface
-          bridges are configured.</para>
+          (WAN, LAN1 and LAN2).</para>
-          <figure>
-            <title>Configured Bridges per Connection Type</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center"
-                           fileref="images/configured_bridges.png" scale="68" />
-              </imageobject>
-            </mediaobject>
-          </figure>
        </listitem>
      </orderedlist>
      <para>Alternatively, the firewall can be setup to use bridges as
-      connection points for the Fortigate VNF, by replacing the OVS-DPDK
+      connection points for the FortiGate VNF, by replacing the OVS-DPDK
      bridges with SR-IOV connection points.</para>
-      <para>It was previously assumed that three physical interfaces are
+      <para>Please note that while previously three physical interfaces were 
-      available for VNF connection. In the case of a firewall setup only two
+        presumed necessary for VNF connection, in the case of a firewall setup 
-      physical interfaces are needed for the data path (one for WAN and one
+        only two physical interfaces are required for the data path 
-      for LAN). Only two interfaces will be configured as DPDK, with two
+        (one for WAN and one for LAN).</para>
-      bridges created, one for each type of connection.</para>
+      
+      <para>Only two interfaces will be configured as DPDK, with two bridges 
+        created, one for each type of connection.</para>
-      <para>Please note that at VNF instantiation instead of assigning
+      <note><para>At VNF instantiation instead of assigning distinct bridges for 
-      distinct bridges for each LAN interface, only one will be used for both
+        each LAN interface, only one will be used for both LAN1 and LAN2, 
-      LAN1 and LAN2, with no changes in WAN interface configuration. Please
+        with no changes in WAN interface configuration.</para></note>
-      see the picture below for the final setup:</para>
+        
+        <para>See the picture below for the final setup:</para>
      <figure>
        <title>Two-Interface Configuration</title>
@@ -377,123 +293,138 @@
        <mediaobject>
          <imageobject>
            <imagedata align="center" fileref="images/two_inst_firewall.png"
-                       scale="65" />
+                       contentwidth="600" />
          </imageobject>
        </mediaobject>
      </figure>
-      <para><emphasis role="bold">Onboarding the FortiGate
+      <para><emphasis role="bold">Onboarding the VNF:</emphasis></para>
-      VNF:</emphasis></para>
-      <orderedlist>
+      <para>Onboard the FortiGate VNF by filling the required fields with the
+      following values:</para>
+      <itemizedlist spacing="compact">
        <listitem>
-          <para>To onboard the Fortigate VNF select from the top toolbar
+          <para><emphasis role="bold">VM Image File</emphasis>: Provide the
-          <literal>VNF</literal> -&gt; <literal>Descriptors</literal> -&gt;
+          path to the FortiGate VNF qcow2 image.</para>
-          <literal>On-board.</literal></para>
        </listitem>
        <listitem>
-          <para>Click <literal>Browse</literal> to view selections, and choose
+          <para><emphasis role="bold">Memory in MB</emphasis>: 1024</para>
-          the <literal>Fortigate.zip</literal> file, before clicking
-          <literal>Send</literal>.</para>
        </listitem>
-      </orderedlist>
-      <para><emphasis role="bold">Instantiating the FortiGate
+        <listitem>
-      VNF</emphasis></para>
+          <para><emphasis role="bold">Num of CPUs</emphasis>: 1</para>
+        </listitem>
-      <orderedlist>
        <listitem>
-          <para>Fortigate VNF instantiation requires the following
+          <para><emphasis role="bold">Storage in GB</emphasis>: 20</para>
-          settings:</para>
+        </listitem>
-          <table>
+        <listitem>
-            <title>Instantiation Requirements</title>
+          <para><emphasis role="bold">Interfaces</emphasis>: Add 3
+          interfaces.</para>
+        </listitem>
-            <tgroup cols="2">
+        <listitem>
-              <colspec align="center" colwidth="1*" />
+          <para><emphasis role="bold">Cloud-init Datasource</emphasis>:
+          ConfigDrive</para>
+        </listitem>
-              <colspec align="center" colwidth="4*" />
+        <listitem>
+          <para><emphasis role="bold">Cloud-init Disk Type</emphasis>:
+          cdrom</para>
+        </listitem>
-              <thead>
+        <listitem>
-                <row>
+          <para><emphasis role="bold">Cloud-init content file</emphasis>: Add
-                  <entry align="center">Component</entry>
+          a license file entry.</para>
+        </listitem>
+      </itemizedlist>
-                  <entry align="center">Description</entry>
+      <para><emphasis role="bold">Instantiating the VNF:</emphasis></para>
-                </row>
-              </thead>
-              <tbody>
+      <para>Instantiate the FortiGate VNF by filling the required fields with
-                <row>
+      the following values:</para>
-                  <entry align="left">Name</entry>
-                  <entry align="left">Name of the VM which will be created on
+      <table>
-                  the uCPE device.</entry>
+        <title>Instantiation Requirements</title>
-                </row>
-                <row>
+        <tgroup cols="2">
-                  <entry align="left">VNF Type</entry>
+          <colspec align="center" colwidth="1*" />
-                  <entry align="left">Name of the onboarded VNF
+          <colspec align="center" colwidth="4*" />
-                  bundle.</entry>
-                </row>
-                <row>
+          <thead>
-                  <entry align="left">VIM</entry>
+            <row>
+              <entry align="center">Field</entry>
-                  <entry align="left">Name and IP address of the device where
+              <entry align="center">Description</entry>
-                  the VNF will be instantiated.</entry>
+            </row>
-                </row>
+          </thead>
-                <row>
+          <tbody>
-                  <entry align="left">License file</entry>
+            <row>
+              <entry align="left">Name</entry>
-                  <entry align="left">FortiGate license file provided by
+              <entry align="left">Name of the VM which will be created on the
-                  Fortinet.</entry>
+              uCPE device.</entry>
-                </row>
+            </row>
-                <row>
+            <row>
-                  <entry align="left">Configuration file</entry>
+              <entry align="left">VNF Type</entry>
-                  <entry align="left">Firewall example configuration file
+              <entry align="left">Name of the onboarded VNF.</entry>
-                  provided by Enea
+            </row>
-                  (<filename>FGVM080000136187_20180828_0353_basic_fw.conf</filename>).</entry>
-                </row>
-                <row>
+            <row>
-                  <entry align="left">Port1 - WAN</entry>
+              <entry align="left">uCPE Device</entry>
-                  <entry align="left">Set the External Interface type to Dpdk
+              <entry align="left">Select the uCPE device where the VNF will be
-                  and connect it to the <literal>wanmgrbr</literal> ovs
+              instantiated.</entry>
-                  bridge.</entry>
+            </row>
-                </row>
-                <row>
+            <row>
-                  <entry align="left">Port2 - LAN1</entry>
+              <entry align="left">License file</entry>
-                  <entry align="left">Set the Incoming Interface type to Dpdk
+              <entry align="left">The FortiGate license file provided by
-                  and connect it to the <literal>lan1</literal> ovs
+              Fortinet.</entry>
-                  bridge.</entry>
+            </row>
-                </row>
-                <row>
+            <row>
-                  <entry align="left">Port3 - LAN2</entry>
+              <entry align="left">Configuration file</entry>
-                  <entry align="left">Set the Outgoing Interface type to Dpdk
+              <entry align="left">The Firewall example configuration file provided
-                  and connect it to the <literal>lan2</literal> ovs
+              by Enea
-                  bridge.</entry>
+              (<filename>FGVM080000136187_20180828_0353_basic_fw.conf</filename>).</entry>
-                </row>
+            </row>
-              </tbody>
-            </tgroup>
-          </table>
-        </listitem>
-        <listitem>
+            <row>
-          <para>Select the uCPE device, then from the top toolbar select
+              <entry align="left">Port1 - WAN</entry>
-          <literal>VNF</literal> -&gt; <literal>Instances</literal> -&gt;
-          <literal>Add</literal>.</para>
+              <entry align="left">Set the <literal>External Interface</literal> type to 
-        </listitem>
+                <literal>DPDK</literal> and connect it to the <literal>wanmgrbr</literal> ovs
-      </orderedlist>
+              bridge.</entry>
+            </row>
+            <row>
+              <entry align="left">Port2 - LAN1</entry>
+              <entry align="left">Set the <literal>Incoming Interface</literal> type to 
+                <literal>DPDK</literal> and connect it to the <literal>lan1</literal> ovs 
+                bridge.</entry>
+            </row>
+            <row>
+              <entry align="left">Port3 - LAN2</entry>
+              <entry align="left">Set the <literal>Outgoing Interface</literal> type to 
+                <literal>DPDK</literal> and connect it to the <literal>lan2</literal> ovs 
+                bridge.</entry>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
    </section>
    <section id="testing_fortigate_uc_1">
@@ -513,9 +444,9 @@
      <para>The FortiGate VNF management interface is accessible through the
      WAN interface. The WAN IP address can be used from a web browser on the
-      Lab Machine to access the Fortigate VNF Management Web UI. Please check
+      Lab Machine to access the FortiGate VNF Management Web UI. Please check
      <olink targetdoc="book_enea_nfv_access_example_usecases"
-      targetptr="fortigate_webmg">Fortigate VNF web management<xi:include
+      targetptr="fortigate_webmg">FortiGate VNF web management<xi:include
      href="../../s_docbuild/olinkdb/pardoc-names.xml"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      xpointer="element(book_enea_nfv_access_example_usecases/1)" /></olink>
@@ -526,19 +457,12 @@
  <section id="fortigate_sdwan_vpn">
    <title>FortiGate VNF as an SD-WAN VPN</title>
-    <para>The Software-Defined Wide-Area Network (SD-WAN or SDWAN) is a
-    specific application of software-defined networking (SDN) technology
-    applied to WAN connections. It connects enterprise networks, including
-    branch offices and data centers, over large geographic distances.</para>
    <para>SD-WAN decouples the network from the management plane, detaching
    traffic management and monitoring functions from hardware. Most forms of
    SD-WAN technology create a virtual overlay that is transport-agnostic,
-    i.e. it abstracts underlying private or public WAN connections. With an
+    i.e. it abstracts underlying private or public WAN connections.</para>
-    overlay SD-WAN, a vendor provides an edge device to the customer that
-    contains the software necessary to run the SD-WAN technology. </para>
-    <para>For deployment, the customer plugs in WAN links into the device,
+    <para>For deployment, the user plugs in WAN links into the device,
    which automatically configures itself with the network.</para>
    <para>Example SD-WAN configurations for the FortiGate VNF are provided by
@@ -547,7 +471,7 @@
    <section id="prereq_forti_sdwan_vpn">
      <title>Prerequisites</title>
-      <para>The following table illustrates the use-case prerequisites of the
+      <para>The following table illustrates the use-case prerequisites for the
      setup:</para>
      <table>
@@ -599,21 +523,21 @@
                  </row>
                  <row>
-                    <entry>VNFMgr Connected to Lab Network for VNF management
+                    <entry>VNFMgr connected to the Lab Network for VNF management
                    access.</entry>
                  </row>
                  <row>
-                    <entry>WAN interfaces directly connected through Ethernet
+                    <entry>WAN interfaces directly connected through the Ethernet
                    cable.</entry>
                  </row>
                  <row>
-                    <entry>LAN Connected to Test Machine.</entry>
+                    <entry>LAN connected to the Test Machine.</entry>
                  </row>
                  <row>
-                    <entry>ETH0 connected to Lab Network (for Enea uCPE
+                    <entry>ETH0 connected to the Lab Network (for Enea uCPE
                    Manager communications).</entry>
                  </row>
                </tbody>
@@ -626,7 +550,7 @@
              <entrytbl cols="1">
                <tbody>
                  <row>
-                    <entry>Connected to Lab Network.</entry>
+                    <entry>Connected to the Lab Network.</entry>
                  </row>
                  <row>
@@ -634,7 +558,7 @@
                  </row>
                  <row>
-                    <entry>Enea uCPE Manager installed.</entry>
+                    <entry>The Enea uCPE Manager installed.</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -654,36 +578,7 @@
                  </row>
                  <row>
-                    <entry>Configured as DHCP client on LAN.</entry>
+                    <entry>Configured as the DHCP client on LAN.</entry>
-                  </row>
-                </tbody>
-              </entrytbl>
-            </row>
-            <row>
-              <entry align="left">FortiGate VNF</entry>
-              <entrytbl cols="1">
-                <tbody>
-                  <row>
-                    <entry>FortiGate VNF Bundle copied from Enea to the Lab
-                    Machine file system.</entry>
-                  </row>
-                  <row>
-                    <entry>FortiGate configuration examples from Enea, copied
-                    to the Lab Machine file system. Unpack the configuration
-                    examples specific for SD-WAN onto the Lab Machine.</entry>
-                  </row>
-                  <row>
-                    <entry>Retrieve the FortiGate VNF license from Fortinet
-                    and store it on the Lab Machine file system.</entry>
-                  </row>
-                  <row>
-                    <entry>Optionally, retrieve FortiGate VNF documentation
-                    from Fortinet.</entry>
                  </row>
                </tbody>
              </entrytbl>
@@ -810,17 +705,13 @@
        </tgroup>
      </table>
-      <para>Download locally the valid license files for the Fortigate VNF
-      from Fortinet and the configuration file provided by Enea as
-      examples.</para>
      <figure>
        <title>SD-WAN: VPN Configuration</title>
        <mediaobject>
          <imageobject>
            <imagedata align="center"
-                       fileref="images/sdwan_vpn_overview_1.png" scale="55" />
+                       fileref="images/sdwan_vpn_overview_1.png" contentwidth="600" />
          </imageobject>
        </mediaobject>
      </figure>
@@ -829,130 +720,52 @@
    <section id="forti_examsetup_uc2">
      <title>Use-case Setup</title>
-      <para><emphasis role="bold">Configuring Network Interfaces on uCPE
+      <para><emphasis role="bold">Network Configuration:</emphasis></para>
-      devices</emphasis></para>
-      <para>Before deploying the FortiGate SD-WAN, the Enea NFV Access
-      platform has to be configured to the specific networking setup.</para>
      <para>Since the SD-WAN VNF uses three External Network Interfaces, three
      bridges need to be configured. Each bridge provides the ability to
      connect a physical network interface to the VM's virtual network
-      interface. Each physical to virtual network interface connection is
+        interface.</para>
-      setup in two steps:</para>
+      
+      <para>Each VNF instance will have a virtual interface for VNF
-      <itemizedlist>
+      management, for the WAN network and for LAN communication.</para>
-        <listitem>
-          <para>Bind the physical network interfaces with a DPDK
-          driver.</para>
-        </listitem>
-        <listitem>
-          <para>Create a named bridge for each physical network
-          interface.</para>
-        </listitem>
-      </itemizedlist>
-      <para>Start the setup by preparing each physical interface for
-      attachment to a bridge. Each VNF instance will have a virtual interface
-      for VNF management, for the WAN network and for LAN
-      communication.</para>
      <orderedlist>
        <listitem>
-          <para>Bind a physical interface to the DPDK by selecting uCPE device
+          <para>Select uCPE Device 1, access <literal>Configuration</literal>
-          1 first, then: <literal>Configuration</literal> -&gt;
+          and bind the three physical network interfaces to the DPDK.</para>
-          <literal>OpenVSwitch</literal> -&gt; <literal>Host
-          Interfaces</literal> -&gt; <literal>Add</literal>.</para>
-          <para>Repeat this step for the other two interfaces. The result of a
-          successful binding should look like the following:</para>
-          <figure>
-            <title>Results of Binding</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center" fileref="images/binding_results.png"
-                           scale="70" />
-              </imageobject>
-            </mediaobject>
-          </figure>
        </listitem>
        <listitem>
-          <para>Create an Open vSwitch bridge for each SD-WAN network
+          <para>Create three OVS bridges, one for each DPDK network interface
-          connection (VNF management, WAN and LAN) by selecting the uCPE
+          (VNF management, WAN and LAN).</para>
-          device then: <literal>Configuration</literal> -&gt;
-          <literal>OpenvSwitch</literal> -&gt; <literal>Bridges</literal>
-          -&gt; <literal>Add</literal>.</para>
        </listitem>
        <listitem>
-          <para>Repeat this step for all network connections. Three bridges
+          <para>Repeat the steps above for uCPE device 2.</para>
-          will be created:</para>
-          <figure>
-            <title>OVS Bridges</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center" fileref="images/created_bridges.png"
-                           scale="70" />
-              </imageobject>
-            </mediaobject>
-          </figure>
        </listitem>
      </orderedlist>
-      <para><emphasis role="bold">Onboarding the FortiGate
+      <para><emphasis role="bold">Onboarding the FortiGate VNF</emphasis></para>
-      VNF</emphasis></para>
-      <orderedlist>
-        <listitem>
-          <para>To onboard a VNF, select a uCPE device on the map and click
-          the <literal>VNF</literal> button in the top toolbar. Then, click
-          the <literal>Descriptors</literal> -&gt; <literal>On-board</literal>
-          -&gt; <literal>Browse</literal> options, and select the
-          <filename>Fortigate.zip</filename> file, before pressing
-          <literal>Send</literal>:</para>
-          <figure>
-            <title>Onboarding FortiGate VNF</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center" fileref="images/onboard.png"
-                           scale="45" />
-              </imageobject>
-            </mediaobject>
-          </figure>
-        </listitem>
-        <listitem>
+      <para>See the onboarding parameters detailed in the previous use-case above.</para>
-          <para>Wait for the <literal>Onboarding Status</literal> popup to
-          display the confirmation message and select
-          <literal>OK</literal>.</para>
-        </listitem>
-      </orderedlist>
-      <para><emphasis role="bold">Instantiating the FortiGate
+      <para><emphasis role="bold">Instantiating the FortiGate VNF</emphasis></para>
-      VNF</emphasis></para>
-      <para>FortiGate VNF instantiation requires the following
+      <para>Instantiate the FortiGate VNF by filling the required fields with
-      settings:</para>
+      the following values:</para>
      <table>
-        <title>FortiGate VNF Instantiation Requirements</title>
+        <title>Instantiation Requirements</title>
        <tgroup cols="2">
-          <colspec align="left" colwidth="2*" />
+          <colspec align="center" colwidth="1*" />
-          <colspec align="left" colwidth="4*" />
+          <colspec align="center" colwidth="4*" />
          <thead>
            <row>
-              <entry align="center">Component</entry>
+              <entry align="center">Field</entry>
              <entry align="center">Description</entry>
            </row>
@@ -960,57 +773,59 @@
          <tbody>
            <row>
-              <entry>Name</entry>
+              <entry align="left">Name</entry>
-              <entry>The name of the VM which will be created on the uCPE
+              <entry align="left">Name of the VM which will be created on the
-              device.</entry>
+              uCPE device.</entry>
            </row>
            <row>
-              <entry>VNF Type</entry>
+              <entry align="left">VNF Type</entry>
-              <entry>The name of the onboarded VNF bundle.</entry>
+              <entry align="left">Name of the onboarded VNF.</entry>
            </row>
            <row>
-              <entry>VIM</entry>
+              <entry align="left">uCPE Device</entry>
-              <entry>Name and IP address of the device where the VNF will be
+              <entry align="left">Select the uCPE device where the VNF will be
              instantiated.</entry>
            </row>
            <row>
-              <entry>License file</entry>
+              <entry align="left">License file</entry>
-              <entry>The FortiGate license file provided by Fortinet.</entry>
+              <entry align="left">The FortiGate license file provided by
+              Fortinet.</entry>
            </row>
            <row>
-              <entry>Configuration file(s)</entry>
+              <entry align="left">Configuration files</entry>
-              <entry>SD-WAN example configuration files provided by Enea:
+              <entry align="left">The SD-WAN example configuration files provided
+              by Enea:
              <literal>FGVM080000136187_20180215_0708_sdwan1.conf</literal>
              <literal>FGVM080000136188_20180215_0708_sdwan2.conf</literal></entry>
            </row>
            <row>
-              <entry>Port1 - VNFMgr</entry>
+              <entry align="left">Port1 - VNFMgr</entry>
-              <entry>Set as Dpdk type and connect it to the
+              <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the
              <literal>vnfmgrbr</literal> bridge.</entry>
            </row>
            <row>
-              <entry>Port2 - WAN</entry>
+              <entry align="left">Port2 - WAN</entry>
-              <entry>Set as Dpdk type and connect it to the
+              <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the
              <literal>wanbr</literal> bridge.</entry>
            </row>
            <row>
-              <entry>Port3 - LAN</entry>
+              <entry align="left">Port3 - LAN</entry>
-              <entry>Set as Dpdk type and connect it to the
+              <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the
              <literal>lanbr</literal> bridge.</entry>
            </row>
          </tbody>
@@ -1019,33 +834,15 @@
      <orderedlist>
        <listitem>
-          <para>Select a uCPE device on the map, then from the top toolbar
+          <para>Instantiate the FortiGate VNF on uCPE device 1 using the
-          click <literal>VNF</literal> -&gt; <literal>Instances</literal>
+          <literal>sdwan1</literal> example configuration file.</para>
-          -&gt; <literal>Add</literal>.</para>
        </listitem>
        <listitem>
-          <para>Use the <literal>sdwan1</literal> example configuration file
+          <para>To complete the branch-to-branch setup, configure <literal>uCPE device
-          for uCPE device 1:</para>
+          2</literal> in the same way as <literal>uCPE device 1</literal>. Make sure to
+          use the <literal>sdwan2</literal> configuration file for the second VNF
-          <figure>
+          instantiation.</para>
-            <title>Configuring uCPE device 1</title>
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center"
-                           fileref="images/sdwan1_eg_config.png" scale="70" />
-              </imageobject>
-            </mediaobject>
-          </figure>
-        </listitem>
-        <listitem>
-          <para>To complete the branch-to-branch setup, configure the peer
-          uCPE device in the same way as <literal>uCPE device 1</literal>.
-          Make sure to use the
-          <filename>FGVM080000136188_20180215_0708_sdwan2.conf</filename>
-          configuration file for the second VNF instantiation.</para>
        </listitem>
      </orderedlist>
    </section>
@@ -1080,7 +877,7 @@
      <note>
        <para>In this SD-WAN VPN setup example, bridges were used as
-        connection points for the Fortigate VNF. It is possible to replace
+        connection points for the FortiGate VNF. It is possible to replace
        OVS-DPDK bridges with SR-IOV connection points.</para>
      </note>
    </section>
@@ -1089,74 +886,51 @@
  <section id="fortigate_webmg">
    <title>FortiGate VNF Web Management</title>
-    <para>In order to check the IP address assigned to the Fortigate VNF you
+    <para>In order to check the IP address assigned to the FortiGate VNF you
-    need to connect to the Fortigate CLI.</para>
+    need to connect to the FortiGate CLI.</para>
-    <para><emphasis role="bold">Connecting to the Fortigate
-    CLI</emphasis></para>
    <orderedlist>
      <listitem>
-        <para>Connect to the Fortigate VNF by using: <literal>SSH</literal>
+        <para>SSH to the uCPE Device (Username: root) and connect to the
-        -&gt; <literal>user</literal> (root) and attach to the VNF's console
+        FortiGate VNF console:</para>
-        using the <literal>virsh console</literal> command shown below:</para>
-        <figure>
-          <title>Attaching to the VNF Console</title>
-          <mediaobject>
+        <programlisting>virsh list
-            <imageobject>
+virsh console &lt;id of FortiGate VNF&gt;</programlisting>
-              <imagedata align="center" fileref="images/virsh_console.png"
-                         scale="80" />
-            </imageobject>
-          </mediaobject>
-        </figure>
      </listitem>
      <listitem>
-        <para>To access Fortigate CLI, use <literal>admin</literal> as the
+        <para>To access the FortiGate CLI, use <literal>admin</literal> as the
        user, leaving the password blank/empty, and press enter.</para>
        <para>Use the CLI command <literal>get system interface</literal> to
        get the dynamic interfaces configuration.</para>
-        <figure>
-          <title>Accessing and configuring Fortigate CLI</title>
-          <mediaobject>
-            <imageobject>
-              <imagedata align="center"
-                         fileref="images/access_fortigate_cli.png" scale="58" />
-            </imageobject>
-          </mediaobject>
-        </figure>
      </listitem>
      <listitem>
        <para>Use the IP address assigned for the management interface in the
        web browser (<literal>https://&lt;IP&gt;</literal>), to access the
-        Fortinet VNF web management interface. Use the same credentials as
+        FortiGate VNF Web Management Interface. Use the same credentials as
        before to login.</para>
      </listitem>
      <listitem>
-        <para>You can browse through the configuration and perform changes
+        <para>Browse through the configuration and perform changes
        according to your setup:</para>
        <figure>
-          <title>The Fortinet Web Interface</title>
+          <title>The FortiGate VNF Web Management Interface</title>
          <mediaobject>
            <imageobject>
              <imagedata align="center"
-                         fileref="images/fortinet_interface.png" scale="33" />
+                         fileref="images/fortinet_interface.png" contentwidth="600" />
            </imageobject>
          </mediaobject>
        </figure>
      </listitem>
      <listitem>
-        <para>Optionally, alter the default Fortinet example configuration
+        <para>Optionally, alter the default FortiGate example configuration
        provided by Enea, through the following steps:</para>
        <orderedlist>
@@ -1188,4 +962,4 @@
      </listitem>
    </orderedlist>
  </section>
-</chapter>
-\ No newline at end of file
+</chapter>
author	Martin Borg <martin.borg@enea.com>	2019-08-26 15:02:02 +0200
committer	Miruna Paun <Miruna.Paun@enea.com>	2019-09-04 18:11:48 +0200
commit	bcf37fdb8872b5073aa8ad919daca93090a48e61 (patch)
tree	96ce0cb66df0e3b829b234b68594349bff1fbe99
parent	fd686f0cb191e2711b9aedae3dcfeeed474f98f4 (diff)
download	nfv-access-documentation-bcf37fdb8872b5073aa8ad919daca93090a48e61.tar.gz