Improve documentation around Fortinet SD-WAN

Change-Id: Ia8045f8ff4100c580fc985f7c102689a6de8a195

10 files changed, 478 insertions, 90 deletions

diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/demo_usecases.xml b/doc/book-enea-nfv-access-ucpe-solution/doc/demo_usecases.xml
index ff43601..d7f55f1 100644
--- a/doc/book-enea-nfv-access-ucpe-solution/doc/demo_usecases.xml
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/demo_usecases.xml
@@ -1294,41 +1294,337 @@ Run: tail -f /opt/testpmd-out</programlisting>
     <section id="fortigate_sdwan_vpn">
       <title>FortiGate VNF as an SD-WAN VPN</title>
 
+      <para>The software-defined wide-area network (SD-WAN or SDWAN) is a
+      specific application of software-defined networking (SDN) technology
+      applied to WAN connections. It connects enterprise networks, including
+      branch offices and data centers, over large geographic distances.</para>
+
+      <para>SD-WAN decouples the network from the management plane, detaching
+      the traffic management and monitoring functions from hardware. Most
+      forms of SD-WAN technology create a virtual overlay that is
+      transport-agnostic, i.e. it abstracts underlying private or public WAN
+      connections. With an overlay SD-WAN, a vendor provides an edge device to
+      the customer that contains the software necessary to run the SD-WAN
+      technology. For deployment, the customer plugs in WAN links into the
+      device, which automatically configures itself with the network.</para>
+
+      <para>The following will detail an SD-WAN setup for a branch to branch
+      connection using the FortiGate VNF. FortiGate provides native SD-WAN
+      along with integrated advanced threat protection.</para>
+
+      <note>
+        <para>Example SD-WAN configurations for the FortiGate VNF are provided
+        in the Enea Portal.</para>
+      </note>
+
+      <table>
+        <title>FortiGate VNF Example Configuration - SD-WAN Target 1</title>
+
+        <tgroup cols="2">
+          <colspec align="center" />
+
+          <thead>
+            <row>
+              <entry align="center">Component</entry>
+
+              <entry align="center">Description</entry>
+            </row>
+          </thead>
+
+          <tbody>
+            <row>
+              <entry>SD-WAN</entry>
+
+              <entry>VPN connection between two branches (Target 1 and Target
+              2).</entry>
+            </row>
+
+            <row>
+              <entry>VNFMgr (Virtual Port1)</entry>
+
+              <entry>DHCP Client, dynamically assigned IP address.</entry>
+            </row>
+
+            <row>
+              <entry>WAN (Virtual Port2)</entry>
+
+              <entry>IP address: 10.0.0.1</entry>
+            </row>
+
+            <row>
+              <entry>LAN (Virtual Port3)</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>IP address: 172.16.1.1</entry>
+                  </row>
+
+                  <row>
+                    <entry>DHCP server (IP range 172.16.1.2 -
+                    172.16.1.254)</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+
+      <table>
+        <title>FortiGate VNF Example Configuration - SD-WAN Target 2</title>
+
+        <tgroup cols="2">
+          <colspec align="center" />
+
+          <thead>
+            <row>
+              <entry align="center">Component</entry>
+
+              <entry align="center">Description</entry>
+            </row>
+          </thead>
+
+          <tbody>
+            <row>
+              <entry>SD-WAN</entry>
+
+              <entry>VPN connection between two branches (Target 2 and Target
+              1).</entry>
+            </row>
+
+            <row>
+              <entry>VNFMgr (Virtual Port1)</entry>
+
+              <entry>DHCP Client, dynamically assigned IP address.</entry>
+            </row>
+
+            <row>
+              <entry>WAN (Virtual Port2)</entry>
+
+              <entry>IP address: 10.0.0.2</entry>
+            </row>
+
+            <row>
+              <entry>LAN (Virtual Port3)</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>IP address: 172.16.2.1</entry>
+                  </row>
+
+                  <row>
+                    <entry>DHCP server (IP range 172.1.2.2 -
+                    172.16.2.254)</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+
+      <para><emphasis role="bold">Lab Setup</emphasis></para>
+
+      <para>The following table illustrates the use-case prerequisites of the
+      setup:</para>
+
+      <table>
+        <title>Lab Setup Prerequisites</title>
+
+        <tgroup cols="2">
+          <colspec align="center" />
+
+          <thead>
+            <row>
+              <entry align="center">Component</entry>
+
+              <entry align="center">Description</entry>
+            </row>
+          </thead>
+
+          <tbody>
+            <row>
+              <entry>Lab Network</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>DHCP enabled Lab Network.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Internet Connectivity.</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+
+            <row>
+              <entry>Two Intel Whitebox target devices</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>Minimum 4 Physical Network Devices.</entry>
+                  </row>
+
+                  <row>
+                    <entry>4 GB RAM and 4 cores (C3000 or Xeon D).</entry>
+                  </row>
+
+                  <row>
+                    <entry>Enea NFV Access Installed.</entry>
+                  </row>
+
+                  <row>
+                    <entry>VNFMgr Connected to Lab Network for VNF management
+                    access.</entry>
+                  </row>
+
+                  <row>
+                    <entry>WAN interfaces directly connected through Ethernet
+                    cable.</entry>
+                  </row>
+
+                  <row>
+                    <entry>LAN Connected to Test Machine.</entry>
+                  </row>
+
+                  <row>
+                    <entry>ETH0 connected to Lab Network (for Enea uCPE
+                    Manager communications).</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+
+            <row>
+              <entry>One Management Machine</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>Connected to Lab Network.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Running either Windows or CentOS.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Enea uCPE Manager installed.</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+
+            <row>
+              <entry>Two Test Machines</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>Connected to Whitebox LANs.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Internet Connectivity via LAN.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Configured as DHCP client on LAN.</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+
+            <row>
+              <entry>FortiGate VNF</entry>
+
+              <entrytbl cols="1">
+                <tbody>
+                  <row>
+                    <entry>Downloaded the FortiGate VNF Bundle from Enea
+                    Portal to the Lab Machine file system.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Downloaded FortiGate configuration examples from
+                    Enea Portal to Lab Machine file system. Unpack the
+                    configuration examples specific for SD-WAN on the
+                    Management Machine.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Retrieve the FortiGate VNF license from Fortinet
+                    and store it on the Management Machine file
+                    system.</entry>
+                  </row>
+
+                  <row>
+                    <entry>Optionally, retrieve FortiGate VNF documentation
+                    from Fortinet.</entry>
+                  </row>
+                </tbody>
+              </entrytbl>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+
       <figure>
-        <title>Overview: FortiGate VNF as an SD-WAN VPN</title>
+        <title>SD-WAN: VPN Configuration</title>
 
         <mediaobject>
           <imageobject>
-            <imagedata align="center" contentwidth="600"
-                       fileref="images/sdwan_vpn_overview.svg" />
+            <imagedata align="center"
+                       fileref="images/sdwan_vpn_overview_1.png" scale="50" />
           </imageobject>
         </mediaobject>
       </figure>
 
-      <para>For each target, the setup will require the creation of three
-      bridges, one for each type of connection. Each VNF instance will have
-      three interfaces attached: one for VNF management, one for the WAN
-      network and one for LAN communication. In this use case, a separate WAN
-      interface was used because it allows us to provide a VPN example using
-      static IP addresses (VPN requires information about peer
-      targets).</para>
+      <para><emphasis role="bold">uCPE Networking Setup</emphasis></para>
 
-      <para><emphasis role="bold">How to setup the FortiGate VNF as an SD-WAN
-      VPN</emphasis></para>
+      <para>Before deploying the FortiGate SD-WAN, the Enea NFV Access
+      platform has to be configured to the specific networking setup.</para>
+
+      <para>Since the SD-WAN VNF uses three External Network Interfaces, three
+      bridges need to be configured. Each bridge provides the ability to
+      connect a physical network interface to the virtual machine's virtual
+      network interface. Each physical to virtual network interface connection
+      is setup in two steps:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Bind the physical network interfaces with a DPDK
+          driver.</para>
+        </listitem>
+
+        <listitem>
+          <para>Create a named bridge for each physical network
+          interface.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>Start the setup by preparing each physical interface for
+      attachment to a bridge. Each VNF instance will have a virtual interface
+      for VNF management, for the WAN network and for LAN
+      communication.</para>
 
       <orderedlist>
         <listitem>
-          <para>Start by preparing each interface attachment to a bridge. Host
-          interfaces must be bound to the DPDK (target_1 -&gt; Configuration
+          <para>Bind physical interface to DPDK (target_1 -&gt; Configuration
           -&gt; OpenVSwitch -&gt; Host Interfaces -&gt; Add):</para>
 
           <figure>
-            <title>Attaching the Interface</title>
+            <title>Binding the Physical Interface</title>
 
             <mediaobject>
               <imageobject>
                 <imagedata align="center"
-                           fileref="images/interface_attach.png" />
+                           fileref="images/bind_phys_interface.png" scale="90" />
               </imageobject>
             </mediaobject>
           </figure>
@@ -1337,42 +1633,46 @@ Run: tail -f /opt/testpmd-out</programlisting>
           the following:</para>
 
           <figure>
-            <title>Binding results</title>
+            <title>Results of Binding</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center"
-                           fileref="images/attachment_results.png" scale="70" />
+                <imagedata align="center" fileref="images/binding_results.png"
+                           scale="70" />
               </imageobject>
             </mediaobject>
           </figure>
         </listitem>
 
         <listitem>
-          <para>Create an OpenVSwitch bridge for each type of connection (VNF
-          management, WAN and LAN) by selecting the "Add" button from Bridges
-          tab (target -&gt; Configuration -&gt; OpenvSwitch-&gt; Bridges). A
-          popup should appear:</para>
+          <para>Create one OpenVSwitch bridge for each SD-WAN network
+          connection (VNF management, WAN and LAN) by selecting the "Add"
+          button from the Bridges tab (target -&gt; Configuration -&gt;
+          OpenvSwitch-&gt; Bridges). A popup like this should appear:</para>
 
           <figure>
-            <title>Creating the Bridge</title>
+            <title>Creating an OpenVSwitch bridge for an SD-WAN network
+            connection</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center"
-                           fileref="images/ovs_bridge_three.png" scale="80" />
+                <imagedata align="center" fileref="images/ovs_bridge_four.png"
+                           scale="70" />
               </imageobject>
             </mediaobject>
           </figure>
+        </listitem>
 
-          <para>Three bridges will be created:</para>
+        <listitem>
+          <para>Repeat this step for all network connections. Three bridges
+          will be created:</para>
 
           <figure>
-            <title>OVS Bridges</title>
+            <title>The three newly created Bridges</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center" fileref="images/three_bridges.png"
+                <imagedata align="center" fileref="images/created_bridges.png"
                            scale="70" />
               </imageobject>
             </mediaobject>
@@ -1380,26 +1680,27 @@ Run: tail -f /opt/testpmd-out</programlisting>
         </listitem>
       </orderedlist>
 
-      <para>Once the interfaces and bridges are ready, only on-boarding and
-      instantiating the VNF remains to be done.</para>
+      <para>Once the interfaces and bridges are ready, only the on-boarding
+      and instantiation of the VNF remains to be done.</para>
 
-      <para><emphasis role="bold">How to on-board a VNF</emphasis></para>
+      <para><emphasis role="bold">Onboarding the FortiGate
+      VNF</emphasis></para>
 
       <orderedlist>
         <listitem>
-          <para>Select a target device on the map and click the VNF button in
-          the top toolbar, then select the "Descriptors" -&gt; "On-board"
-          -&gt; "Browse" options, and upload the
-          <filename>Fortigate.zip</filename> file, before pressing
+          <para>To on-board a VNF, select a target device on the map and click
+          the VNF button in the top toolbar. Then, click the "Descriptors"
+          -&gt; "On-board" -&gt; "Browse" options, and select the
+          <filename>Fortigate.zip</filename> file, before clicking
           "Send":</para>
 
           <figure>
-            <title>On-boarding the VNF</title>
+            <title>On-boarding FortiGate VNF</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center" fileref="images/onboarding_vnf.png"
-                           scale="45" />
+                <imagedata align="center"
+                           fileref="images/onboarding_new_vnf.png" scale="50" />
               </imageobject>
             </mediaobject>
           </figure>
@@ -1410,100 +1711,187 @@ Run: tail -f /opt/testpmd-out</programlisting>
           confirmation message and select "OK":</para>
 
           <figure>
-            <title>Onboarding Status Results</title>
+            <title>Successful Confirmation</title>
 
             <mediaobject>
               <imageobject>
                 <imagedata align="center"
-                           fileref="images/onboarding_vnf_status.png"
-                           scale="80" />
+                           fileref="images/onboarding_status.png" scale="80" />
               </imageobject>
             </mediaobject>
           </figure>
         </listitem>
       </orderedlist>
 
-      <para><emphasis role="bold">How to instantiate the Fortigate
+      <para><emphasis role="bold">Instantiating the FortiGate
       VNF</emphasis></para>
 
+      <para>The following steps describe how to instantiate the Fortigate
+      VNF.</para>
+
       <orderedlist>
         <listitem>
-          <para>Select the target, then from the top toolbar select "VNF"
-          -&gt; "Instances" -&gt; "Add":</para>
+          <para>Select the target, then from the top toolbar click on "VNF"
+          and choose the "Instances" -&gt; "Add" options:</para>
 
           <figure>
-            <title>Adding a VNF instance</title>
+            <title>Adding an Instance</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center"
-                           fileref="images/vnf_instance_two.png" scale="50" />
+                <imagedata align="center" fileref="images/adding_instance.png"
+                           scale="50" />
               </imageobject>
             </mediaobject>
           </figure>
 
           <note>
-            <para>Make sure you have downloaded locally valid license files
-            for the Fortigate VNF from Fortinet and the configuration file
-            provided by Enea, as examples.</para>
+            <para>Download locally the valid license files for the Fortigate
+            VNF from Fortinet and the configuration file provided by Enea as
+            examples.</para>
           </note>
         </listitem>
 
         <listitem>
-          <para>For the first target, we are going to use the
-          <filename>sdwan_vpn1</filename> example configuration file:</para>
+          <para>Use the <literal>sdwan1</literal> example configuration file
+          for the first target:</para>
 
           <figure>
-            <title>sdwan_vpn1 configuration file</title>
+            <title>Configuring target_1</title>
 
             <mediaobject>
               <imageobject>
-                <imagedata align="center" fileref="images/sdwan_vpn1.png"
-                           scale="75" />
+                <imagedata align="center"
+                           fileref="images/sdwan1_eg_config.png" scale="70" />
               </imageobject>
             </mediaobject>
           </figure>
-
-          <para>The first target should be prepared for a VPN connection with
-          a peer target.</para>
         </listitem>
+      </orderedlist>
 
-        <listitem>
-          <para>In order to have the full setup working, the second target
-          needs to be configured in a similar way starting from the
-          interfaces' setup described above <remark>does this refer to the
-          previous procedure or something else, please clarify</remark>, up to
-          the VNF instantiation, using the <filename>sdwan_vpn2</filename>
-          configuration file.</para>
-
-          <para>Please see the <remark>insert the section, procedure or
-          chapter for reference if that helps</remark> for more details</para>
-        </listitem>
+      <para>Fortigate VNF instantiation requires the following
+      settings:</para>
 
-        <listitem>
-          <para>Once the full setup is in place, you can connect a device to
-          the LAN interface on each target.</para>
+      <table>
+        <title>Fortigate VNF Instantiation Requirements</title>
 
-          <para>Each device should automatically receive an IP address
-          (172.16.1.X from the first target and 172.16.2.X from second
-          target):</para>
+        <tgroup cols="2">
+          <colspec align="left" colwidth="2*" />
 
-          <figure>
-            <title>VPN Configuration</title>
+          <colspec align="left" colwidth="4*" />
 
-            <mediaobject>
-              <imageobject>
-                <imagedata align="center" contentwidth="600"
-                           fileref="images/setup_overview.svg" />
-              </imageobject>
-            </mediaobject>
-          </figure>
+          <thead>
+            <row>
+              <entry align="center">Component</entry>
 
-          <para><literal>Device1</literal> should be able to ping
-          <literal>Device2</literal> in this setup over the WAN
-          connection.</para>
-        </listitem>
-      </orderedlist>
+              <entry align="center">Description</entry>
+            </row>
+          </thead>
+
+          <tbody>
+            <row>
+              <entry>Name</entry>
+
+              <entry>The name of the VM which will be created on target
+              device.</entry>
+            </row>
+
+            <row>
+              <entry>VNF Type</entry>
+
+              <entry>The name of the on-boarded VNF bundle.</entry>
+            </row>
+
+            <row>
+              <entry>VIM</entry>
+
+              <entry>Name and IP address of the device where the VNF has to be
+              instantiated.</entry>
+            </row>
+
+            <row>
+              <entry>License file</entry>
+
+              <entry>FortiGate license file provided by Fortinet.</entry>
+            </row>
+
+            <row>
+              <entry>Configuration file</entry>
+
+              <entry>SD-WAN example configuration files provided by Enea: -
+              FGVM080000136187_20180215_0708_sdwan1.conf -
+              FGVM080000136188_20180215_0708_sdwan2.conf</entry>
+            </row>
+
+            <row>
+              <entry>Port1 - VNFMgr</entry>
+
+              <entry>Set as dpdk type and connect it to vnfmgrbr
+              bridge.</entry>
+            </row>
+
+            <row>
+              <entry>Port2 - WAN</entry>
+
+              <entry>Set as dpdk type and connect it to wanbr bridge.</entry>
+            </row>
+
+            <row>
+              <entry>Port3 - LAN</entry>
+
+              <entry>Set as dpdk type and connect it to lanbr bridge.</entry>
+            </row>
+          </tbody>
+        </tgroup>
+      </table>
+
+      <para>To complete the branch-to-branch setup, configure the peer target
+      in the same way as <literal>target_1</literal>. Make sure to use the
+      <filename>FGVM080000136188_20180215_0708_sdwan2.conf</filename>
+      configuration file for the second VNF instantiation.</para>
+
+      <para><emphasis role="bold">Testing the FortiGate SD-WAN
+      VPN</emphasis></para>
+
+      <para>Once the full SD-WAN setup is in place a VPN connection needs to
+      established between the two devices. The Test Machines can be connected
+      to the LAN interface on each target.</para>
+
+      <para>The connected Test Machine can be a laptop or a target that has
+      one interface configured to get dynamic IP from a DHCP server. The
+      <command>dhclient &lt;interface&gt;</command> command can be used to
+      request an IP address.</para>
+
+      <note>
+        <para>The received IP must be in the 172.16.1.2 - 172.16.1.255 range
+        for Test Machine-1 and in the 172.16.2.2 - 172.16.2.255 range for Test
+        Machine-2.</para>
+      </note>
+
+      <figure>
+        <title>Overview: Testing Machines Setup</title>
+
+        <mediaobject>
+          <imageobject>
+            <imagedata align="center" fileref="images/test_machines.png"
+                       scale="40" />
+          </imageobject>
+        </mediaobject>
+      </figure>
+
+      <para>Test Machine-1 should be able to ping Test Machine-2 in this setup
+      over the WAN connection.</para>
+
+      <para>In the figure above and this example, the FortiGate VNF management
+      interface is accessible through a dedicated Mgmt interface. The Mgmt IP
+      address can be used from a web browser on the Lab Machine to access the
+      Fortigate VNF Management Web UI.</para>
+
+      <note>
+        <para>In this SD-WAN VPN setup example, bridges were used as
+        connection points for Fortigate VNF. It is possible to replace
+        OVS-DPDK bridges with SR-IOV connection points.</para>
+      </note>
     </section>
   </section>
 </chapter>
\ No newline at end of file
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/adding_instance.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/adding_instance.png
new file mode 100755
index 0000000..e07bd9e
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/adding_instance.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/bind_phys_interface.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/bind_phys_interface.png
index 2fb10fc..73b6ea7 100755
--- a/doc/book-enea-nfv-access-ucpe-solution/doc/images/bind_phys_interface.png
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/bind_phys_interface.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/binding_results.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/binding_results.png
new file mode 100755
index 0000000..892bab7
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/binding_results.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/created_bridges.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/created_bridges.png
new file mode 100755
index 0000000..a44b26e
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/created_bridges.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/onboarding_new_vnf.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/onboarding_new_vnf.png
new file mode 100755
index 0000000..72b59bc
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/onboarding_new_vnf.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/ovs_bridge_four.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/ovs_bridge_four.png
new file mode 100755
index 0000000..1ebcf26
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/ovs_bridge_four.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan1_eg_config.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan1_eg_config.png
new file mode 100755
index 0000000..9ff6284
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan1_eg_config.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan_vpn_overview_1.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan_vpn_overview_1.png
new file mode 100755
index 0000000..684a6af
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/sdwan_vpn_overview_1.png
diff --git a/doc/book-enea-nfv-access-ucpe-solution/doc/images/test_machines.png b/doc/book-enea-nfv-access-ucpe-solution/doc/images/test_machines.png
new file mode 100755
index 0000000..6ec93fc
--- /dev/null
+++ b/doc/book-enea-nfv-access-ucpe-solution/doc/images/test_machines.png