diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2019-10-07 13:43:34 +0200 |
---|---|---|
committer | Miruna Paun <Miruna.Paun@enea.com> | 2019-10-11 15:12:53 +0200 |
commit | c809d907776503d4bdae0056a78ebb4d8840d559 (patch) | |
tree | 22aac1ec36f5503217b3e47f36b79e412b858753 /doc/book-enea-nfv-access-example-usecases | |
parent | a5ce1952613df9f1286c2be8cfe81b625b7b7bbf (diff) | |
download | nfv-access-documentation-c809d907776503d4bdae0056a78ebb4d8840d559.tar.gz |
ExampleUsecases: Update Example Usecases
- Update Example Usecases manual each chapter.
- Add "uCPE system requirements" for all examples, specify number
of physical NICs, RAM and cores (not vCPUs!)
- Remove all figures
- Remove all tables
- Remove In-band Management example usecase
Change-Id: Id183ba0cd1e9fca370d992273d797faadfcf9e3b
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Diffstat (limited to 'doc/book-enea-nfv-access-example-usecases')
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/book.xml | 7 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/clav_vnf_examples.xml | 127 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/enea_test_vnf_examples.xml (renamed from doc/book-enea-nfv-access-example-usecases/doc/enea_vnf_examples.xml) | 150 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml | 814 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/inband_management.xml | 237 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/introduction.xml | 10 | ||||
-rw-r--r-- | doc/book-enea-nfv-access-example-usecases/doc/vnf_chaining.xml | 186 |
7 files changed, 392 insertions, 1139 deletions
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/book.xml b/doc/book-enea-nfv-access-example-usecases/doc/book.xml index 5071e01..fb9db8d 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/book.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/book.xml | |||
@@ -18,18 +18,15 @@ | |||
18 | <xi:include href="introduction.xml" | 18 | <xi:include href="introduction.xml" |
19 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | 19 | xmlns:xi="http://www.w3.org/2001/XInclude" /> |
20 | 20 | ||
21 | <xi:include href="clav_vnf_examples.xml" | 21 | <xi:include href="enea_test_vnf_examples.xml" |
22 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | 22 | xmlns:xi="http://www.w3.org/2001/XInclude" /> |
23 | 23 | ||
24 | <xi:include href="enea_vnf_examples.xml" | 24 | <xi:include href="clav_vnf_examples.xml" |
25 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | 25 | xmlns:xi="http://www.w3.org/2001/XInclude" /> |
26 | 26 | ||
27 | <xi:include href="forti_vnf_examples.xml" | 27 | <xi:include href="forti_vnf_examples.xml" |
28 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | 28 | xmlns:xi="http://www.w3.org/2001/XInclude" /> |
29 | 29 | ||
30 | <xi:include href="inband_management.xml" | ||
31 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | ||
32 | |||
33 | <xi:include href="vnf_chaining.xml" | 30 | <xi:include href="vnf_chaining.xml" |
34 | xmlns:xi="http://www.w3.org/2001/XInclude" /> | 31 | xmlns:xi="http://www.w3.org/2001/XInclude" /> |
35 | </book> | 32 | </book> |
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/clav_vnf_examples.xml b/doc/book-enea-nfv-access-example-usecases/doc/clav_vnf_examples.xml index db4525a..806430a 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/clav_vnf_examples.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/clav_vnf_examples.xml | |||
@@ -8,29 +8,47 @@ | |||
8 | <section id="prere_clav_vnf"> | 8 | <section id="prere_clav_vnf"> |
9 | <title>Prerequisites</title> | 9 | <title>Prerequisites</title> |
10 | 10 | ||
11 | <para>The following files provided with your Enea NFV Access release are | 11 | <para>System requirements for the uCPE devices:</para> |
12 | needed for this example use case: <remark>FIXME - These filenames may need | ||
13 | to be updated</remark></para> | ||
14 | 12 | ||
15 | <itemizedlist> | 13 | <itemizedlist> |
16 | <listitem> | 14 | <listitem> |
17 | <para><literal>enea-nfv-access-vnf-qemux86-64.wic.qcow2</literal></para> | 15 | <para>1 Network Interface</para> |
18 | </listitem> | 16 | </listitem> |
19 | 17 | ||
20 | <listitem> | 18 | <listitem> |
21 | <para><literal>clavister-cos-stream-<version>-virtual-x64-generic.qcow2</literal></para> | 19 | <para>2 GB of RAM memory</para> |
22 | </listitem> | 20 | </listitem> |
21 | </itemizedlist> | ||
22 | |||
23 | <para>The following files are needed for this example use case:</para> | ||
24 | |||
25 | <itemizedlist> | ||
26 | <para>VNF images:</para> | ||
27 | |||
28 | <listitem> | ||
29 | <para>Enea Test VNF. Please contact Enea to get this image.</para> | ||
30 | </listitem> | ||
31 | |||
32 | <listitem> | ||
33 | <para>Clavister VNF. Please contact Clavister to get this | ||
34 | image.</para> | ||
35 | </listitem> | ||
36 | </itemizedlist> | ||
37 | |||
38 | <itemizedlist> | ||
39 | <para>VNF Configuration files, these files are provided with your Enea | ||
40 | NFV Access release:</para> | ||
23 | 41 | ||
24 | <listitem> | 42 | <listitem> |
25 | <para><literal>clavister-cloudinit.conf</literal></para> | 43 | <para><filename>clavister-cloudinit.conf</filename>. </para> |
26 | </listitem> | 44 | </listitem> |
27 | 45 | ||
28 | <listitem> | 46 | <listitem> |
29 | <para><literal>enea-vnf-iperf-client.conf</literal></para> | 47 | <para><filename>enea-vnf-iperf-client.conf</filename>.</para> |
30 | </listitem> | 48 | </listitem> |
31 | 49 | ||
32 | <listitem> | 50 | <listitem> |
33 | <para><literal>enea-vnf-iperf-server.conf</literal></para> | 51 | <para><filename>enea-vnf-iperf-server.conf</filename>.</para> |
34 | </listitem> | 52 | </listitem> |
35 | </itemizedlist> | 53 | </itemizedlist> |
36 | </section> | 54 | </section> |
@@ -39,22 +57,9 @@ | |||
39 | <title>Clavister VNF using an Open vSwitch Bridge</title> | 57 | <title>Clavister VNF using an Open vSwitch Bridge</title> |
40 | 58 | ||
41 | <para>In this use-case, uCPE device 1 runs the Clavister VNF, while uCPE | 59 | <para>In this use-case, uCPE device 1 runs the Clavister VNF, while uCPE |
42 | device 2 runs two Enea NFV Access VNFs with iPerf client and server | 60 | device 2 runs two Enea Test VNFs with iPerf client and server |
43 | applications. The uCPE devices are connected using OVS-DPDK bridges. | 61 | applications. The uCPE devices are connected using OVS-DPDK |
44 | </para> | 62 | bridges.</para> |
45 | |||
46 | <remark>FIXME: New image needed</remark> | ||
47 | |||
48 | <figure condition="hidden"> | ||
49 | <title>Clavister VNF using Open vSwitch Bridge Overview</title> | ||
50 | |||
51 | <mediaobject> | ||
52 | <imageobject> | ||
53 | <imagedata align="center" fileref="images/clavister_vnf_diagram.png" | ||
54 | scale="50" /> | ||
55 | </imageobject> | ||
56 | </mediaobject> | ||
57 | </figure> | ||
58 | 63 | ||
59 | <section id="clav_vnf_setup_1"> | 64 | <section id="clav_vnf_setup_1"> |
60 | <title>Use-case Setup</title> | 65 | <title>Use-case Setup</title> |
@@ -63,8 +68,9 @@ | |||
63 | 68 | ||
64 | <orderedlist> | 69 | <orderedlist> |
65 | <listitem> | 70 | <listitem> |
66 | <para>Select uCPE device 1, access <literal>Configuration</literal>, add the network | 71 | <para>Select uCPE device 1, access <literal>Configuration</literal>, |
67 | interface that will be used and configure it for DPDK.</para> | 72 | add the network interface that will be used and configure it for |
73 | DPDK.</para> | ||
68 | </listitem> | 74 | </listitem> |
69 | 75 | ||
70 | <listitem> | 76 | <listitem> |
@@ -81,8 +87,8 @@ | |||
81 | 87 | ||
82 | <orderedlist> | 88 | <orderedlist> |
83 | <listitem> | 89 | <listitem> |
84 | <para>Onboard the Clavister VNF by filling the required fields with the following | 90 | <para>Onboard the Clavister VNF by filling the required fields with |
85 | values:</para> | 91 | the following values:</para> |
86 | 92 | ||
87 | <itemizedlist spacing="compact"> | 93 | <itemizedlist spacing="compact"> |
88 | <listitem> | 94 | <listitem> |
@@ -120,11 +126,11 @@ | |||
120 | </listitem> | 126 | </listitem> |
121 | 127 | ||
122 | <listitem> | 128 | <listitem> |
123 | <para>Onboard the Enea VNF by filling the required fields with the following values: | 129 | <para>Onboard the Enea Test VNF by filling the required fields with |
124 | <itemizedlist spacing="compact"> | 130 | the following values: <itemizedlist spacing="compact"> |
125 | <listitem> | 131 | <listitem> |
126 | <para><emphasis role="bold">VM Image File</emphasis>: Provide | 132 | <para><emphasis role="bold">VM Image File</emphasis>: Provide |
127 | the path to the Enea NFV Access VNF qcow2 image</para> | 133 | the path to the Enea Test VNF qcow2 image</para> |
128 | </listitem> | 134 | </listitem> |
129 | 135 | ||
130 | <listitem> | 136 | <listitem> |
@@ -187,16 +193,16 @@ | |||
187 | </listitem> | 193 | </listitem> |
188 | 194 | ||
189 | <listitem> | 195 | <listitem> |
190 | <para><emphasis role="bold">Interfaces</emphasis>: Set the interface type | 196 | <para><emphasis role="bold">Interfaces</emphasis>: Set the |
191 | to <literal>DPDK</literal> and select the OVS bridge created | 197 | interface type to <literal>DPDK</literal> and select the OVS |
192 | above, for both interfaces.</para> | 198 | bridge created above, for both interfaces.</para> |
193 | </listitem> | 199 | </listitem> |
194 | </itemizedlist> | 200 | </itemizedlist> |
195 | </listitem> | 201 | </listitem> |
196 | 202 | ||
197 | <listitem> | 203 | <listitem> |
198 | <para>Instantiate the Enea iPerf server VNF on uCPE device 2 by filling | 204 | <para>Instantiate the Enea iPerf server VNF on uCPE device 2 by |
199 | the required fields with the values below:</para> | 205 | filling the required fields with the values below:</para> |
200 | 206 | ||
201 | <itemizedlist spacing="compact"> | 207 | <itemizedlist spacing="compact"> |
202 | <listitem> | 208 | <listitem> |
@@ -206,7 +212,7 @@ | |||
206 | 212 | ||
207 | <listitem> | 213 | <listitem> |
208 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea | 214 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea |
209 | NFV Access VNF</para> | 215 | Test VNF</para> |
210 | </listitem> | 216 | </listitem> |
211 | 217 | ||
212 | <listitem> | 218 | <listitem> |
@@ -221,15 +227,16 @@ | |||
221 | </listitem> | 227 | </listitem> |
222 | 228 | ||
223 | <listitem> | 229 | <listitem> |
224 | <para><emphasis role="bold">Interfaces</emphasis>: Set the interface type to | 230 | <para><emphasis role="bold">Interfaces</emphasis>: Set the |
225 | <literal>DPDK</literal> and select the OVS bridge created above.</para> | 231 | interface type to <literal>DPDK</literal> and select the OVS |
232 | bridge created above.</para> | ||
226 | </listitem> | 233 | </listitem> |
227 | </itemizedlist> | 234 | </itemizedlist> |
228 | </listitem> | 235 | </listitem> |
229 | 236 | ||
230 | <listitem> | 237 | <listitem> |
231 | <para>Instantiate the Enea iPerf client VNF on uCPE device 2 by | 238 | <para>Instantiate the Enea iPerf client VNF on uCPE device 2 by |
232 | filling the required fields with the values below:</para> | 239 | filling the required fields with the values below:</para> |
233 | 240 | ||
234 | <itemizedlist spacing="compact"> | 241 | <itemizedlist spacing="compact"> |
235 | <listitem> | 242 | <listitem> |
@@ -239,7 +246,7 @@ | |||
239 | 246 | ||
240 | <listitem> | 247 | <listitem> |
241 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea | 248 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea |
242 | NFV Access VNF</para> | 249 | Test VNF</para> |
243 | </listitem> | 250 | </listitem> |
244 | 251 | ||
245 | <listitem> | 252 | <listitem> |
@@ -254,8 +261,9 @@ | |||
254 | </listitem> | 261 | </listitem> |
255 | 262 | ||
256 | <listitem> | 263 | <listitem> |
257 | <para><emphasis role="bold">Interfaces</emphasis>: Set the interface | 264 | <para><emphasis role="bold">Interfaces</emphasis>: Set the |
258 | type to <literal>DPDK</literal> and select the OVS bridge created above.</para> | 265 | interface type to <literal>DPDK</literal> and select the OVS |
266 | bridge created above.</para> | ||
259 | </listitem> | 267 | </listitem> |
260 | </itemizedlist> | 268 | </itemizedlist> |
261 | </listitem> | 269 | </listitem> |
@@ -282,22 +290,9 @@ root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting> | |||
282 | <section id="clav_example_sriov"> | 290 | <section id="clav_example_sriov"> |
283 | <title>Clavister VNF using SR-IOV</title> | 291 | <title>Clavister VNF using SR-IOV</title> |
284 | 292 | ||
285 | <para>The following use-case is essentially the same as the one detailed above, | 293 | <para>The following use-case is essentially the same as the one detailed |
286 | in this scenario however, the uCPE devices are connected using SR-IOV, | 294 | above, in this scenario however, the uCPE devices are connected using |
287 | with two virtual functions.</para> | 295 | SR-IOV, with two virtual functions.</para> |
288 | |||
289 | <remark>FIXME: New image needed</remark> | ||
290 | |||
291 | <figure condition="hidden"> | ||
292 | <title>Clavister VNF using SR-IOV Overview</title> | ||
293 | |||
294 | <mediaobject> | ||
295 | <imageobject> | ||
296 | <imagedata align="center" fileref="images/clav_VNF_demo_SR-IOV.png" | ||
297 | scale="60" /> | ||
298 | </imageobject> | ||
299 | </mediaobject> | ||
300 | </figure> | ||
301 | 296 | ||
302 | <section id="clav_vnf_setup_2"> | 297 | <section id="clav_vnf_setup_2"> |
303 | <title>Use-case Setup</title> | 298 | <title>Use-case Setup</title> |
@@ -306,9 +301,10 @@ root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting> | |||
306 | 301 | ||
307 | <orderedlist> | 302 | <orderedlist> |
308 | <listitem> | 303 | <listitem> |
309 | <para>Select uCPE device 1, access <literal>Configuration</literal>, | 304 | <para>Select uCPE device 1, access <literal>Configuration</literal>, |
310 | add the network interface that will be used and configure it for SR-IOV. | 305 | add the network interface that will be used and configure it for |
311 | For <literal>sriov-mode</literal> select "adapter-pool" and "sriov-num-vfs:2".</para> | 306 | SR-IOV. For <literal>sriov-mode</literal> select "adapter-pool" and |
307 | "sriov-num-vfs:2".</para> | ||
312 | </listitem> | 308 | </listitem> |
313 | 309 | ||
314 | <listitem> | 310 | <listitem> |
@@ -323,13 +319,14 @@ root@qemux86-64:~# iperf3 -c 192.168.10.10</programlisting> | |||
323 | <para><emphasis role="bold">Instantiating the VNFs:</emphasis></para> | 319 | <para><emphasis role="bold">Instantiating the VNFs:</emphasis></para> |
324 | 320 | ||
325 | <para>Use the same instantiation parameters as above, but select | 321 | <para>Use the same instantiation parameters as above, but select |
326 | interface type <literal>SrIovAdapterPool</literal> instead.</para> | 322 | interface type <literal>SrIovAdapterPool</literal> instead.</para> |
327 | </section> | 323 | </section> |
328 | 324 | ||
329 | <section id="test_clav_uc_2"> | 325 | <section id="test_clav_uc_2"> |
330 | <title>Testing the Use-case</title> | 326 | <title>Testing the Use-case</title> |
331 | 327 | ||
332 | <para>Use the same test instructions as detailed in the use-case above.</para> | 328 | <para>Use the same test instructions as detailed in the use-case |
329 | above.</para> | ||
333 | </section> | 330 | </section> |
334 | </section> | 331 | </section> |
335 | </chapter> | 332 | </chapter> |
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/enea_vnf_examples.xml b/doc/book-enea-nfv-access-example-usecases/doc/enea_test_vnf_examples.xml index 9809cb3..985e299 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/enea_vnf_examples.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/enea_test_vnf_examples.xml | |||
@@ -1,25 +1,49 @@ | |||
1 | <?xml version="1.0" encoding="ISO-8859-1"?> | 1 | <?xml version="1.0" encoding="ISO-8859-1"?> |
2 | <chapter id="enea_vnf_examples"> | 2 | <chapter id="enea_vnf_examples"> |
3 | <title>Enea NFV Access VNF Example Use-cases</title> | 3 | <title>Enea Test VNF Example Use-cases</title> |
4 | |||
5 | <para>The Enea Test VNF is a simple Enea Linux based VM, which can be used | ||
6 | for various testing purposes, by using basic DPDK applications (e.g. | ||
7 | testpmd) as well as non-DPDK tools (e.g. iPerf3). For more information about | ||
8 | the Testpmd application please see the <ulink | ||
9 | url="https://doc.dpdk.org/guides/testpmd_app_ug">Testpmd Application User | ||
10 | Guide</ulink>.</para> | ||
4 | 11 | ||
5 | <section id="prere_enea_vnf"> | 12 | <section id="prere_enea_vnf"> |
6 | <title>Prerequisites</title> | 13 | <title>Prerequisites</title> |
7 | 14 | ||
8 | <para>The following files are needed for this example use-case:</para> | 15 | <para>System requirements for the uCPE devices:</para> |
16 | |||
17 | <itemizedlist> | ||
18 | <listitem> | ||
19 | <para>1 Network Interface</para> | ||
20 | </listitem> | ||
21 | |||
22 | <listitem> | ||
23 | <para>2 GB of RAM memory</para> | ||
24 | </listitem> | ||
25 | </itemizedlist> | ||
9 | 26 | ||
10 | <remark>FIXME: These filenames may need to be updated</remark> | 27 | <para>The following files are needed for this example use case:</para> |
11 | 28 | ||
12 | <itemizedlist> | 29 | <itemizedlist> |
30 | <para>VNF image:</para> | ||
31 | |||
13 | <listitem> | 32 | <listitem> |
14 | <para><literal>enea-nfv-access-vnf-qemux86-64.wic.qcow2</literal></para> | 33 | <para>Enea Test VNF, please contact Enea to get this image.</para> |
15 | </listitem> | 34 | </listitem> |
35 | </itemizedlist> | ||
36 | |||
37 | <itemizedlist> | ||
38 | <para>VNF Configuration files, these files are provided with your Enea | ||
39 | NFV Access release:</para> | ||
16 | 40 | ||
17 | <listitem> | 41 | <listitem> |
18 | <para><literal>enea-vnf-testpmd-fwd.conf</literal></para> | 42 | <para><filename>enea-vnf-testpmd-fwd.conf</filename>.</para> |
19 | </listitem> | 43 | </listitem> |
20 | 44 | ||
21 | <listitem> | 45 | <listitem> |
22 | <para><literal>enea-vnf-testpmd-term.conf</literal></para> | 46 | <para><filename>enea-vnf-testpmd-term.conf</filename>.</para> |
23 | </listitem> | 47 | </listitem> |
24 | </itemizedlist> | 48 | </itemizedlist> |
25 | </section> | 49 | </section> |
@@ -28,22 +52,9 @@ | |||
28 | <title>TestPMD VNF</title> | 52 | <title>TestPMD VNF</title> |
29 | 53 | ||
30 | <para>In this use-case, uCPE device 1 runs the pktgen DPDK application to | 54 | <para>In this use-case, uCPE device 1 runs the pktgen DPDK application to |
31 | generate traffic and uCPE device 2 runs two Enea NFV Access VNFs. One VNF | 55 | generate traffic and uCPE device 2 runs two Enea Test VNFs. One VNF runs |
32 | runs the TestPMD DPDK application forwarding traffic, and the other runs | 56 | the TestPMD DPDK application forwarding traffic, and the other runs the |
33 | the TestPMD in order to terminate traffic.</para> | 57 | TestPMD in order to terminate traffic.</para> |
34 | |||
35 | <remark>FIXME: New image needed</remark> | ||
36 | |||
37 | <figure condition="hidden"> | ||
38 | <title>Enea TestPMD VNF Overview</title> | ||
39 | |||
40 | <mediaobject> | ||
41 | <imageobject> | ||
42 | <imagedata align="center" | ||
43 | fileref="images/enea_vnf_demo_overview.png" scale="80" /> | ||
44 | </imageobject> | ||
45 | </mediaobject> | ||
46 | </figure> | ||
47 | 58 | ||
48 | <section id="enea_vnf_setup"> | 59 | <section id="enea_vnf_setup"> |
49 | <title>Use-case Setup</title> | 60 | <title>Use-case Setup</title> |
@@ -72,13 +83,13 @@ | |||
72 | 83 | ||
73 | <para><emphasis role="bold">Onboarding the VNF:</emphasis></para> | 84 | <para><emphasis role="bold">Onboarding the VNF:</emphasis></para> |
74 | 85 | ||
75 | <para>Onboard the Enea NFV Access VNF by filling the required fields | 86 | <para>Onboard the Enea Test VNF by filling the required fields with the |
76 | with the following values:</para> | 87 | following values:</para> |
77 | 88 | ||
78 | <itemizedlist spacing="compact"> | 89 | <itemizedlist spacing="compact"> |
79 | <listitem> | 90 | <listitem> |
80 | <para><emphasis role="bold">VM Image File</emphasis>: Provide the | 91 | <para><emphasis role="bold">VM Image File</emphasis>: Provide the |
81 | path to the Enea NFV Access VNF qcow2 image.</para> | 92 | path to the Enea Test VNF qcow2 image.</para> |
82 | </listitem> | 93 | </listitem> |
83 | 94 | ||
84 | <listitem> | 95 | <listitem> |
@@ -123,8 +134,8 @@ | |||
123 | </listitem> | 134 | </listitem> |
124 | 135 | ||
125 | <listitem> | 136 | <listitem> |
126 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea NFV | 137 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea |
127 | Access VNF.</para> | 138 | Test VNF.</para> |
128 | </listitem> | 139 | </listitem> |
129 | 140 | ||
130 | <listitem> | 141 | <listitem> |
@@ -157,8 +168,8 @@ | |||
157 | </listitem> | 168 | </listitem> |
158 | 169 | ||
159 | <listitem> | 170 | <listitem> |
160 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea NFV | 171 | <para><emphasis role="bold">VNF Type</emphasis>: Select Enea |
161 | Access VNF.</para> | 172 | Test VNF.</para> |
162 | </listitem> | 173 | </listitem> |
163 | 174 | ||
164 | <listitem> | 175 | <listitem> |
@@ -173,7 +184,7 @@ | |||
173 | </listitem> | 184 | </listitem> |
174 | 185 | ||
175 | <listitem> | 186 | <listitem> |
176 | <para><emphasis role="bold">Interfaces</emphasis>: Set the | 187 | <para><emphasis role="bold">Interfaces</emphasis>: Set the |
177 | interface type to <literal>DPDK</literal> and select the OVS | 188 | interface type to <literal>DPDK</literal> and select the OVS |
178 | bridge created above.</para> | 189 | bridge created above.</para> |
179 | </listitem> | 190 | </listitem> |
@@ -201,43 +212,37 @@ | |||
201 | <title>Testing the Use-case</title> | 212 | <title>Testing the Use-case</title> |
202 | 213 | ||
203 | <orderedlist> | 214 | <orderedlist> |
204 | <listitem> | 215 | <listitem> |
205 | <para>SSH to uCPE device 1 (Username: root) and start the pktgen | 216 | <para>SSH to uCPE device 1 (Username: root) and start the pktgen |
206 | application:</para> | 217 | application:</para> |
207 | 218 | ||
208 | <programlisting>cd /usr/share/apps/pktgen/ | 219 | <programlisting>cd /usr/share/apps/pktgen/ |
209 | ./pktgen -c 0x7 -n 4 --proc-type auto --socket-mem 256 -w 0000:01:00.0 -- \ | 220 | ./pktgen -c 0x7 -n 4 --proc-type auto --socket-mem 256 -w 0000:01:00.0 -- \ |
210 | -P -m "[1:2].0" | 221 | -P -m "[1:2].0" |
211 | 222 | ||
212 | Pktgen:/> start 0</programlisting> | 223 | Pktgen:/> start 0</programlisting> |
213 | 224 | ||
214 | <note> | 225 | <note> |
215 | <para>Replace 0000:01:00.0 with the actual PCI address of the network | 226 | <para>Replace 0000:01:00.0 with the actual PCI address of the |
216 | interface used on uCPE device 1.</para> | 227 | network interface used on uCPE device 1.</para> |
217 | </note></listitem> | 228 | </note> |
229 | </listitem> | ||
218 | 230 | ||
219 | <listitem><para>SSH to uCPE device 2 and connect to the TestPMD forwarding VNF | 231 | <listitem> |
220 | console:</para> | 232 | <para>SSH to uCPE device 2 and connect to the TestPMD forwarding VNF |
233 | console:</para> | ||
221 | 234 | ||
222 | <programlisting>virsh list | 235 | <programlisting>virsh list |
223 | virsh console <id of testpmd fwd></programlisting></listitem> | 236 | virsh console <id of testpmd fwd></programlisting> |
237 | </listitem> | ||
224 | 238 | ||
225 | <listitem><para>Check the TestPMD traffic forwarding statistics:</para> | 239 | <listitem> |
240 | <para>Check the TestPMD traffic forwarding statistics:</para> | ||
226 | 241 | ||
227 | <programlisting># qemux86-64 login: root | 242 | <programlisting># qemux86-64 login: root |
228 | tail -f /var/log/testpmd-out</programlisting> | 243 | tail -f /var/log/testpmd-out</programlisting> |
229 | 244 | </listitem> | |
230 | <figure> | 245 | </orderedlist> |
231 | <title>Traffic Statistics</title> | ||
232 | |||
233 | <mediaobject> | ||
234 | <imageobject> | ||
235 | <imagedata align="center" | ||
236 | fileref="images/connection_information.png" scale="70" /> | ||
237 | </imageobject> | ||
238 | </mediaobject> | ||
239 | </figure></listitem> | ||
240 | </orderedlist> | ||
241 | </section> | 246 | </section> |
242 | 247 | ||
243 | <section condition="hidden" id="vnf_pci"> | 248 | <section condition="hidden" id="vnf_pci"> |
@@ -247,17 +252,6 @@ tail -f /var/log/testpmd-out</programlisting> | |||
247 | device 2 will run the TestPMD VNF. Both will be using PCI | 252 | device 2 will run the TestPMD VNF. Both will be using PCI |
248 | passthrough:</para> | 253 | passthrough:</para> |
249 | 254 | ||
250 | <figure> | ||
251 | <title>TestPMD VNF using PCI passthrough Overview</title> | ||
252 | |||
253 | <mediaobject> | ||
254 | <imageobject> | ||
255 | <imagedata align="center" fileref="images/testPMD_VNF_PCI.png" | ||
256 | scale="65" /> | ||
257 | </imageobject> | ||
258 | </mediaobject> | ||
259 | </figure> | ||
260 | |||
261 | <orderedlist> | 255 | <orderedlist> |
262 | <listitem> | 256 | <listitem> |
263 | <para>Make sure that neither uCPE device 1 nor uCPE device 2 have | 257 | <para>Make sure that neither uCPE device 1 nor uCPE device 2 have |
@@ -273,17 +267,6 @@ tail -f /var/log/testpmd-out</programlisting> | |||
273 | 267 | ||
274 | <para>From the drop-down list, select the PCI interface | 268 | <para>From the drop-down list, select the PCI interface |
275 | corresponding to the NIC which is connected to uCPE device 2:</para> | 269 | corresponding to the NIC which is connected to uCPE device 2:</para> |
276 | |||
277 | <figure> | ||
278 | <title>Selecting the Pktgen VNF Interface</title> | ||
279 | |||
280 | <mediaobject> | ||
281 | <imageobject> | ||
282 | <imagedata align="center" | ||
283 | fileref="images/pciPass_interface.png" scale="70" /> | ||
284 | </imageobject> | ||
285 | </mediaobject> | ||
286 | </figure> | ||
287 | </listitem> | 270 | </listitem> |
288 | 271 | ||
289 | <listitem> | 272 | <listitem> |
@@ -291,17 +274,6 @@ tail -f /var/log/testpmd-out</programlisting> | |||
291 | "PciPassthrough" as the Interface type. From the drop-down list, | 274 | "PciPassthrough" as the Interface type. From the drop-down list, |
292 | select the PCI interface corresponding to the NIC which is connected | 275 | select the PCI interface corresponding to the NIC which is connected |
293 | to uCPE device 1:</para> | 276 | to uCPE device 1:</para> |
294 | |||
295 | <figure> | ||
296 | <title>Selecting the TestPmdForwarder VNF Interface</title> | ||
297 | |||
298 | <mediaobject> | ||
299 | <imageobject> | ||
300 | <imagedata align="center" | ||
301 | fileref="images/testpmd_fwdvnf_int.png" scale="70" /> | ||
302 | </imageobject> | ||
303 | </mediaobject> | ||
304 | </figure> | ||
305 | </listitem> | 277 | </listitem> |
306 | 278 | ||
307 | <listitem> | 279 | <listitem> |
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml b/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml index 4a9a8a5..fcb8c87 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/forti_vnf_examples.xml | |||
@@ -14,39 +14,38 @@ | |||
14 | 14 | ||
15 | <itemizedlist> | 15 | <itemizedlist> |
16 | <listitem> | 16 | <listitem> |
17 | <para>3 x Network Interfaces</para> | 17 | <para>4 x Network Interfaces</para> |
18 | </listitem> | 18 | </listitem> |
19 | 19 | ||
20 | <listitem> | 20 | <listitem> |
21 | <para>1 x vCPU</para> | 21 | <para>4 cores</para> |
22 | </listitem> | 22 | </listitem> |
23 | 23 | ||
24 | <listitem> | 24 | <listitem> |
25 | <para>1 GB of RAM memory</para> | 25 | <para>4 GB of RAM memory</para> |
26 | </listitem> | 26 | </listitem> |
27 | </itemizedlist> | 27 | </itemizedlist> |
28 | 28 | ||
29 | <para>The following files are needed for this example use case:</para> | 29 | <para>The following files are needed for this example use case:</para> |
30 | 30 | ||
31 | <itemizedlist> | 31 | <itemizedlist> |
32 | <listitem> | 32 | <para>VNF image:</para> |
33 | <para>FortiGate VNF image. This file is provided by the local Fortinet | ||
34 | sales representatives in your region.</para> | ||
35 | </listitem> | ||
36 | 33 | ||
37 | <listitem> | 34 | <listitem> |
38 | <para>FortiGate VNF license file. This file is provided by the local | 35 | <para>FortiGate VNF. Please contact Fortinet to get a VNF image and its license file.</para> |
39 | Fortinet sales representatives in your region.</para> | ||
40 | </listitem> | 36 | </listitem> |
37 | </itemizedlist> | ||
38 | |||
39 | <itemizedlist> | ||
40 | <para>VNF Configuration files, provided with your Enea | ||
41 | NFV Access release:</para> | ||
41 | 42 | ||
42 | <listitem> | 43 | <listitem> |
43 | <para>FortiGate specific documentation. This is provided by the local | 44 | <para><filename>fortigate-basic-fw.conf</filename>.</para> |
44 | Fortinet sales representatives in your region.</para> | ||
45 | </listitem> | 45 | </listitem> |
46 | 46 | ||
47 | <listitem> | 47 | <listitem> |
48 | <para>FortiGate configuration example files. These files are provided | 48 | <para><filename>fortigate-sdwan<x>.conf</filename>.</para> |
49 | with your Enea NFV Access release.</para> | ||
50 | </listitem> | 49 | </listitem> |
51 | </itemizedlist> | 50 | </itemizedlist> |
52 | </section> | 51 | </section> |
@@ -54,202 +53,22 @@ | |||
54 | <section id="fortigate_firewall_uc_1"> | 53 | <section id="fortigate_firewall_uc_1"> |
55 | <title>FortiGate VNF as a Firewall</title> | 54 | <title>FortiGate VNF as a Firewall</title> |
56 | 55 | ||
57 | <para>Enea provides an example of a simple base firewall configuration for | 56 | <para>Enea provides an example of a simple basic firewall configuration |
58 | the FortiGate VNF.</para> | 57 | for the FortiGate VNF. FortiGate In-Band Management is a |
59 | |||
60 | <table> | ||
61 | <title>FortiGate VNF Example Configuration</title> | ||
62 | |||
63 | <tgroup cols="2"> | ||
64 | <colspec align="center" colwidth="1*" /> | ||
65 | |||
66 | <colspec align="center" colwidth="4*" /> | ||
67 | |||
68 | <thead> | ||
69 | <row> | ||
70 | <entry align="center">Component</entry> | ||
71 | |||
72 | <entry align="center">Setting/Description</entry> | ||
73 | </row> | ||
74 | </thead> | ||
75 | |||
76 | <tbody> | ||
77 | <row> | ||
78 | <entry align="left">Firewall</entry> | ||
79 | |||
80 | <entry align="left">"All pass" mode</entry> | ||
81 | </row> | ||
82 | |||
83 | <row> | ||
84 | <entry align="left">WAN (Virtual Port1)</entry> | ||
85 | |||
86 | <entry align="left"><para>DHCP Client, dynamically assigned IP | ||
87 | address.</para><para>FortiGate In-Band | ||
88 | Management<superscript>1</superscript>.</para></entry> | ||
89 | </row> | ||
90 | |||
91 | <row> | ||
92 | <entry align="left">WAN (Virtual Port2)</entry> | ||
93 | |||
94 | <entry align="left"><para>IP address: | ||
95 | 172.168.16.1</para><para>DHCP server (IP range 172.168.16.1 - | ||
96 | 172.168.16.255).</para></entry> | ||
97 | </row> | ||
98 | |||
99 | <row> | ||
100 | <entry align="left">WAN (Virtual Port3)</entry> | ||
101 | |||
102 | <entry align="left">Ignored</entry> | ||
103 | </row> | ||
104 | </tbody> | ||
105 | </tgroup> | ||
106 | </table> | ||
107 | |||
108 | <para><superscript>1</superscript>FortiGate In-Band Management is a | ||
109 | feature used for running FortiGate Management traffic over WAN.</para> | 58 | feature used for running FortiGate Management traffic over WAN.</para> |
110 | 59 | ||
111 | <para>Instructions on how to alter the default configuration are provided in section | 60 | <para>Instructions on how to alter the default configuration are provided |
112 | <olink targetdoc="book_enea_nfv_access_example_usecases" | 61 | in section <olink targetdoc="book_enea_nfv_access_example_usecases" |
113 | targetptr="fortigate_webmg">FortiGate VNF Web Management in <xi:include | 62 | targetptr="fortigate_webmg">FortiGate VNF Web Management in the |
114 | href="../../s_docbuild/olinkdb/pardoc-names.xml" | 63 | <xi:include href="../../s_docbuild/olinkdb/pardoc-names.xml" |
115 | xmlns:xi="http://www.w3.org/2001/XInclude" | 64 | xmlns:xi="http://www.w3.org/2001/XInclude" |
116 | xpointer="element(book_enea_nfv_access_example_usecases/1)" /></olink>.</para> | 65 | xpointer="element(book_enea_nfv_access_example_usecases/1)" /></olink> |
117 | 66 | Manual.</para> | |
118 | <section id="lab_setup_fortfirewall"> | ||
119 | <title>Lab Setup</title> | ||
120 | |||
121 | <para>Before starting the configuration of the FortiGate Firewall, a lab | ||
122 | setup concerning hardware and software components has to be created. The | ||
123 | following table illustrates the requirements for this setup.</para> | ||
124 | |||
125 | <table> | ||
126 | <title>Lab Setup Prerequisites</title> | ||
127 | |||
128 | <tgroup cols="2"> | ||
129 | <colspec align="center" /> | ||
130 | |||
131 | <thead> | ||
132 | <row> | ||
133 | <entry align="center">Component</entry> | ||
134 | |||
135 | <entry align="center">Description/Requirements</entry> | ||
136 | </row> | ||
137 | </thead> | ||
138 | |||
139 | <tbody> | ||
140 | <row> | ||
141 | <entry align="left">Lab Network</entry> | ||
142 | |||
143 | <entrytbl cols="1"> | ||
144 | <tbody> | ||
145 | <row> | ||
146 | <entry>DHCP enabled Lab Network.</entry> | ||
147 | </row> | ||
148 | |||
149 | <row> | ||
150 | <entry>Internet Connectivity.</entry> | ||
151 | </row> | ||
152 | </tbody> | ||
153 | </entrytbl> | ||
154 | </row> | ||
155 | |||
156 | <row> | ||
157 | <entry align="left">Setup of an Intel Whitebox uCPE | ||
158 | device</entry> | ||
159 | |||
160 | <entrytbl cols="1"> | ||
161 | <tbody> | ||
162 | <row> | ||
163 | <entry>Minimum 4 Physical Network Devices.</entry> | ||
164 | </row> | ||
165 | |||
166 | <row> | ||
167 | <entry>4 GB RAM and 4 cores (C3000 or Xeon D).</entry> | ||
168 | </row> | ||
169 | |||
170 | <row> | ||
171 | <entry>Enea NFV Access Installed.</entry> | ||
172 | </row> | ||
173 | |||
174 | <row> | ||
175 | <entry>WAN Connected to the Lab Network.</entry> | ||
176 | </row> | ||
177 | |||
178 | <row> | ||
179 | <entry>LAN1 Connected to the Test Machine.</entry> | ||
180 | </row> | ||
181 | |||
182 | <row> | ||
183 | <entry>LAN2 Unconnected.</entry> | ||
184 | </row> | ||
185 | |||
186 | <row> | ||
187 | <entry>ETH0 connected to the Lab Network (for Enea uCPE | ||
188 | Manager communications).</entry> | ||
189 | </row> | ||
190 | </tbody> | ||
191 | </entrytbl> | ||
192 | </row> | ||
193 | |||
194 | <row> | ||
195 | <entry align="left">Setup of a Lab Machine</entry> | ||
196 | |||
197 | <entrytbl cols="1"> | ||
198 | <tbody> | ||
199 | <row> | ||
200 | <entry>Connected to the Lab Network.</entry> | ||
201 | </row> | ||
202 | |||
203 | <row> | ||
204 | <entry>Running either Windows or CentOS.</entry> | ||
205 | </row> | ||
206 | |||
207 | <row> | ||
208 | <entry>The Enea uCPE Manager installed.</entry> | ||
209 | </row> | ||
210 | </tbody> | ||
211 | </entrytbl> | ||
212 | </row> | ||
213 | |||
214 | <row> | ||
215 | <entry align="left">Setup of a Test Machine</entry> | ||
216 | |||
217 | <entrytbl cols="1"> | ||
218 | <tbody> | ||
219 | <row> | ||
220 | <entry>Connected to Whitebox LAN.</entry> | ||
221 | </row> | ||
222 | |||
223 | <row> | ||
224 | <entry>Internet Connectivity via LAN.</entry> | ||
225 | </row> | ||
226 | |||
227 | <row> | ||
228 | <entry>Configured as the DHCP client on LAN.</entry> | ||
229 | </row> | ||
230 | </tbody> | ||
231 | </entrytbl> | ||
232 | </row> | ||
233 | </tbody> | ||
234 | </tgroup> | ||
235 | </table> | ||
236 | |||
237 | <figure> | ||
238 | <title>Lab Setup Overview</title> | ||
239 | |||
240 | <mediaobject> | ||
241 | <imageobject> | ||
242 | <imagedata align="center" fileref="images/intel_whitebox.png" | ||
243 | contentwidth="600" /> | ||
244 | </imageobject> | ||
245 | </mediaobject> | ||
246 | </figure> | ||
247 | </section> | ||
248 | 67 | ||
249 | <section id="exam_setup_fortifirewall"> | 68 | <section id="exam_setup_fortifirewall"> |
250 | <title>Use-case Setup</title> | 69 | <title>Use-case Setup</title> |
251 | 70 | ||
252 | <para><emphasis role="bold">Network Configuration:</emphasis></para> | 71 | <para><emphasis role="bold">Network Configuration</emphasis>:</para> |
253 | 72 | ||
254 | <para>Since the firewall uses three External Network Interfaces, three | 73 | <para>Since the firewall uses three External Network Interfaces, three |
255 | bridges need to be configured. Each bridge provides the ability to | 74 | bridges need to be configured. Each bridge provides the ability to |
@@ -273,30 +92,40 @@ | |||
273 | connection points for the FortiGate VNF, by replacing the OVS-DPDK | 92 | connection points for the FortiGate VNF, by replacing the OVS-DPDK |
274 | bridges with SR-IOV connection points.</para> | 93 | bridges with SR-IOV connection points.</para> |
275 | 94 | ||
276 | <para>Please note that while previously three physical interfaces were | 95 | <para>Please note that while previously three physical interfaces were |
277 | presumed necessary for VNF connection, in the case of a firewall setup | 96 | presumed necessary for VNF connection, in the case of a firewall setup |
278 | only two physical interfaces are required for the data path | 97 | only two physical interfaces are required for the data path (one for WAN |
279 | (one for WAN and one for LAN).</para> | 98 | and one for LAN).</para> |
280 | 99 | ||
281 | <para>Only two interfaces will be configured as DPDK, with two bridges | 100 | <para>Only two interfaces will be configured as DPDK, with two bridges |
282 | created, one for each type of connection.</para> | 101 | created, one for each type of connection.</para> |
283 | 102 | ||
284 | <note><para>At VNF instantiation instead of assigning distinct bridges for | 103 | <note> |
285 | each LAN interface, only one will be used for both LAN1 and LAN2, | 104 | <para>At VNF instantiation instead of assigning distinct bridges for |
286 | with no changes in WAN interface configuration.</para></note> | 105 | each LAN interface, only one will be used for both LAN1 and LAN2, with |
287 | 106 | no changes in WAN interface configuration.</para> | |
288 | <para>See the picture below for the final setup:</para> | 107 | </note> |
289 | 108 | ||
290 | <figure> | 109 | <para><emphasis role="bold">Setup of the uCPE device:</emphasis></para> |
291 | <title>Two-Interface Configuration</title> | 110 | |
292 | 111 | <itemizedlist> | |
293 | <mediaobject> | 112 | <listitem> |
294 | <imageobject> | 113 | <para>WAN connected to the Lab Network.</para> |
295 | <imagedata align="center" fileref="images/two_inst_firewall.png" | 114 | </listitem> |
296 | contentwidth="600" /> | 115 | |
297 | </imageobject> | 116 | <listitem> |
298 | </mediaobject> | 117 | <para>LAN1 connected to the Test Machine.</para> |
299 | </figure> | 118 | </listitem> |
119 | |||
120 | <listitem> | ||
121 | <para>LAN2 unconnected.</para> | ||
122 | </listitem> | ||
123 | |||
124 | <listitem> | ||
125 | <para>ETH0 connected to the Lab Network (for Enea uCPE Manager | ||
126 | communications).</para> | ||
127 | </listitem> | ||
128 | </itemizedlist> | ||
300 | 129 | ||
301 | <para><emphasis role="bold">Onboarding the VNF:</emphasis></para> | 130 | <para><emphasis role="bold">Onboarding the VNF:</emphasis></para> |
302 | 131 | ||
@@ -347,84 +176,54 @@ | |||
347 | <para>Instantiate the FortiGate VNF by filling the required fields with | 176 | <para>Instantiate the FortiGate VNF by filling the required fields with |
348 | the following values:</para> | 177 | the following values:</para> |
349 | 178 | ||
350 | <table> | 179 | <itemizedlist spacing="compact"> |
351 | <title>Instantiation Requirements</title> | 180 | <listitem> |
352 | 181 | <para><emphasis role="bold">Name</emphasis>: Name of the VM which | |
353 | <tgroup cols="2"> | 182 | will be created on the uCPE device.</para> |
354 | <colspec align="center" colwidth="1*" /> | 183 | </listitem> |
355 | |||
356 | <colspec align="center" colwidth="4*" /> | ||
357 | |||
358 | <thead> | ||
359 | <row> | ||
360 | <entry align="center">Field</entry> | ||
361 | |||
362 | <entry align="center">Description</entry> | ||
363 | </row> | ||
364 | </thead> | ||
365 | |||
366 | <tbody> | ||
367 | <row> | ||
368 | <entry align="left">Name</entry> | ||
369 | |||
370 | <entry align="left">Name of the VM which will be created on the | ||
371 | uCPE device.</entry> | ||
372 | </row> | ||
373 | |||
374 | <row> | ||
375 | <entry align="left">VNF Type</entry> | ||
376 | |||
377 | <entry align="left">Name of the onboarded VNF.</entry> | ||
378 | </row> | ||
379 | |||
380 | <row> | ||
381 | <entry align="left">uCPE Device</entry> | ||
382 | |||
383 | <entry align="left">Select the uCPE device where the VNF will be | ||
384 | instantiated.</entry> | ||
385 | </row> | ||
386 | |||
387 | <row> | ||
388 | <entry align="left">License file</entry> | ||
389 | |||
390 | <entry align="left">The FortiGate license file provided by | ||
391 | Fortinet.</entry> | ||
392 | </row> | ||
393 | |||
394 | <row> | ||
395 | <entry align="left">Configuration file</entry> | ||
396 | 184 | ||
397 | <entry align="left">The Firewall example configuration file provided | 185 | <listitem> |
398 | by Enea | 186 | <para><emphasis role="bold">VNF Type</emphasis>: Name of the |
399 | (<filename>fortigate-basic-fw.conf</filename>).</entry> | 187 | onboarded VNF.</para> |
400 | </row> | 188 | </listitem> |
401 | 189 | ||
402 | <row> | 190 | <listitem> |
403 | <entry align="left">Port1 - WAN</entry> | 191 | <para><emphasis role="bold">uCPE Device</emphasis>: Select the uCPE |
192 | device where the VNF will be instantiated.</para> | ||
193 | </listitem> | ||
404 | 194 | ||
405 | <entry align="left">Set the <literal>External Interface</literal> type to | 195 | <listitem> |
406 | <literal>DPDK</literal> and connect it to the <literal>wanmgrbr</literal> ovs | 196 | <para><emphasis role="bold">License file</emphasis>: The FortiGate |
407 | bridge.</entry> | 197 | license file provided by Fortinet.</para> |
408 | </row> | 198 | </listitem> |
409 | 199 | ||
410 | <row> | 200 | <listitem> |
411 | <entry align="left">Port2 - LAN1</entry> | 201 | <para><emphasis role="bold">Configuration file</emphasis>: The |
202 | Firewall example configuration file provided by Enea | ||
203 | (<filename>fortigate-basic-fw.conf</filename>).</para> | ||
204 | </listitem> | ||
412 | 205 | ||
413 | <entry align="left">Set the <literal>Incoming Interface</literal> type to | 206 | <listitem> |
414 | <literal>DPDK</literal> and connect it to the <literal>lan1</literal> ovs | 207 | <para><emphasis role="bold">Port1 - WAN</emphasis>: Set the |
415 | bridge.</entry> | 208 | <literal>External Interface</literal> type to |
416 | </row> | 209 | <literal>DPDK</literal> and connect it to the |
210 | <literal>wanmgrbr</literal> ovs bridge.</para> | ||
211 | </listitem> | ||
417 | 212 | ||
418 | <row> | 213 | <listitem> |
419 | <entry align="left">Port3 - LAN2</entry> | 214 | <para><emphasis role="bold">Port2 - LAN1</emphasis>: Set the |
215 | <literal>Incoming Interface</literal> type to | ||
216 | <literal>DPDK</literal> and connect it to the | ||
217 | <literal>lan1</literal> ovs bridge.</para> | ||
218 | </listitem> | ||
420 | 219 | ||
421 | <entry align="left">Set the <literal>Outgoing Interface</literal> type to | 220 | <listitem> |
422 | <literal>DPDK</literal> and connect it to the <literal>lan2</literal> ovs | 221 | <para><emphasis role="bold">Port3 - LAN2</emphasis>: Set the |
423 | bridge.</entry> | 222 | <literal>Outgoing Interface</literal> type to |
424 | </row> | 223 | <literal>DPDK</literal> and connect it to the |
425 | </tbody> | 224 | <literal>lan2</literal> ovs bridge.</para> |
426 | </tgroup> | 225 | </listitem> |
427 | </table> | 226 | </itemizedlist> |
428 | </section> | 227 | </section> |
429 | 228 | ||
430 | <section id="testing_fortigate_uc_1"> | 229 | <section id="testing_fortigate_uc_1"> |
@@ -455,268 +254,19 @@ | |||
455 | </section> | 254 | </section> |
456 | 255 | ||
457 | <section id="fortigate_sdwan_vpn"> | 256 | <section id="fortigate_sdwan_vpn"> |
458 | <title>FortiGate VNF as an SD-WAN VPN</title> | 257 | <title>FortiGate VNF as an SD-WAN or a VPN</title> |
459 | 258 | ||
460 | <para>SD-WAN decouples the network from the management plane, detaching | 259 | <para>SD-WAN decouples the network from the management plane, detaching |
461 | traffic management and monitoring functions from hardware. Most forms of | 260 | traffic management and monitoring functions from hardware. Most forms of |
462 | SD-WAN technology create a virtual overlay that is transport-agnostic, | 261 | SD-WAN technology create a virtual overlay that is transport-agnostic, |
463 | i.e. it abstracts underlying private or public WAN connections.</para> | 262 | i.e. it abstracts underlying private or public WAN connections.</para> |
464 | 263 | ||
465 | <para>For deployment, the user plugs in WAN links into the device, | 264 | <para>For deployment, the user plugs in WAN links into the device, which |
466 | which automatically configures itself with the network.</para> | 265 | automatically configures itself with the network.</para> |
467 | 266 | ||
468 | <para>Example SD-WAN configurations for the FortiGate VNF are provided by | 267 | <para>Example SD-WAN configurations for the FortiGate VNF are provided by |
469 | Enea.</para> | 268 | Enea.</para> |
470 | 269 | ||
471 | <section id="prereq_forti_sdwan_vpn"> | ||
472 | <title>Prerequisites</title> | ||
473 | |||
474 | <para>The following table illustrates the use-case prerequisites for the | ||
475 | setup:</para> | ||
476 | |||
477 | <table> | ||
478 | <title>Prerequisites</title> | ||
479 | |||
480 | <tgroup cols="2"> | ||
481 | <colspec align="center" /> | ||
482 | |||
483 | <thead> | ||
484 | <row> | ||
485 | <entry align="center">Component</entry> | ||
486 | |||
487 | <entry align="center">Description</entry> | ||
488 | </row> | ||
489 | </thead> | ||
490 | |||
491 | <tbody> | ||
492 | <row> | ||
493 | <entry align="left">Lab Network</entry> | ||
494 | |||
495 | <entrytbl cols="1"> | ||
496 | <tbody> | ||
497 | <row> | ||
498 | <entry>DHCP enabled Lab Network.</entry> | ||
499 | </row> | ||
500 | |||
501 | <row> | ||
502 | <entry>Internet Connectivity.</entry> | ||
503 | </row> | ||
504 | </tbody> | ||
505 | </entrytbl> | ||
506 | </row> | ||
507 | |||
508 | <row> | ||
509 | <entry align="left">Two Intel Whitebox uCPE devices</entry> | ||
510 | |||
511 | <entrytbl cols="1"> | ||
512 | <tbody> | ||
513 | <row> | ||
514 | <entry>Minimum 4 Physical Network Devices.</entry> | ||
515 | </row> | ||
516 | |||
517 | <row> | ||
518 | <entry>4 GB RAM and 4 cores (C3000 or Xeon D).</entry> | ||
519 | </row> | ||
520 | |||
521 | <row> | ||
522 | <entry>Enea NFV Access Installed.</entry> | ||
523 | </row> | ||
524 | |||
525 | <row> | ||
526 | <entry>VNFMgr connected to the Lab Network for VNF management | ||
527 | access.</entry> | ||
528 | </row> | ||
529 | |||
530 | <row> | ||
531 | <entry>WAN interfaces directly connected through the Ethernet | ||
532 | cable.</entry> | ||
533 | </row> | ||
534 | |||
535 | <row> | ||
536 | <entry>LAN connected to the Test Machine.</entry> | ||
537 | </row> | ||
538 | |||
539 | <row> | ||
540 | <entry>ETH0 connected to the Lab Network (for Enea uCPE | ||
541 | Manager communications).</entry> | ||
542 | </row> | ||
543 | </tbody> | ||
544 | </entrytbl> | ||
545 | </row> | ||
546 | |||
547 | <row> | ||
548 | <entry align="left">One Lab Machine</entry> | ||
549 | |||
550 | <entrytbl cols="1"> | ||
551 | <tbody> | ||
552 | <row> | ||
553 | <entry>Connected to the Lab Network.</entry> | ||
554 | </row> | ||
555 | |||
556 | <row> | ||
557 | <entry>Running either Windows or CentOS.</entry> | ||
558 | </row> | ||
559 | |||
560 | <row> | ||
561 | <entry>The Enea uCPE Manager installed.</entry> | ||
562 | </row> | ||
563 | </tbody> | ||
564 | </entrytbl> | ||
565 | </row> | ||
566 | |||
567 | <row> | ||
568 | <entry align="left">Two Test Machines</entry> | ||
569 | |||
570 | <entrytbl cols="1"> | ||
571 | <tbody> | ||
572 | <row> | ||
573 | <entry>Connected to Whitebox LANs.</entry> | ||
574 | </row> | ||
575 | |||
576 | <row> | ||
577 | <entry>Internet Connectivity via LAN.</entry> | ||
578 | </row> | ||
579 | |||
580 | <row> | ||
581 | <entry>Configured as the DHCP client on LAN.</entry> | ||
582 | </row> | ||
583 | </tbody> | ||
584 | </entrytbl> | ||
585 | </row> | ||
586 | </tbody> | ||
587 | </tgroup> | ||
588 | </table> | ||
589 | </section> | ||
590 | |||
591 | <section id="forti_labsetup_uc2"> | ||
592 | <title>Lab Setup</title> | ||
593 | |||
594 | <para>The following will detail an SD-WAN setup for a branch to branch | ||
595 | connection using the FortiGate VNF. FortiGate provides native SD-WAN | ||
596 | along with integrated advanced threat protection.</para> | ||
597 | |||
598 | <table> | ||
599 | <title>FortiGate VNF Example Configuration - SD-WAN uCPE device | ||
600 | 1</title> | ||
601 | |||
602 | <tgroup cols="2"> | ||
603 | <colspec align="center" /> | ||
604 | |||
605 | <thead> | ||
606 | <row> | ||
607 | <entry align="center">Component</entry> | ||
608 | |||
609 | <entry align="center">Description</entry> | ||
610 | </row> | ||
611 | </thead> | ||
612 | |||
613 | <tbody> | ||
614 | <row> | ||
615 | <entry align="left">SD-WAN</entry> | ||
616 | |||
617 | <entry>VPN connection between two branches (uCPE device 1 and | ||
618 | uCPE device 2).</entry> | ||
619 | </row> | ||
620 | |||
621 | <row> | ||
622 | <entry align="left">VNFMgr (Virtual Port1)</entry> | ||
623 | |||
624 | <entry>DHCP Client, dynamically assigned IP address.</entry> | ||
625 | </row> | ||
626 | |||
627 | <row> | ||
628 | <entry align="left">WAN (Virtual Port2)</entry> | ||
629 | |||
630 | <entry>IP address: 10.0.0.1</entry> | ||
631 | </row> | ||
632 | |||
633 | <row> | ||
634 | <entry align="left">LAN (Virtual Port3)</entry> | ||
635 | |||
636 | <entrytbl cols="1"> | ||
637 | <tbody> | ||
638 | <row> | ||
639 | <entry>IP address: 172.16.1.1</entry> | ||
640 | </row> | ||
641 | |||
642 | <row> | ||
643 | <entry>DHCP server (IP range 172.16.1.2 - | ||
644 | 172.16.1.254)</entry> | ||
645 | </row> | ||
646 | </tbody> | ||
647 | </entrytbl> | ||
648 | </row> | ||
649 | </tbody> | ||
650 | </tgroup> | ||
651 | </table> | ||
652 | |||
653 | <table> | ||
654 | <title>FortiGate VNF Example Configuration - SD-WAN uCPE device | ||
655 | 2</title> | ||
656 | |||
657 | <tgroup cols="2"> | ||
658 | <colspec align="center" /> | ||
659 | |||
660 | <thead> | ||
661 | <row> | ||
662 | <entry align="center">Component</entry> | ||
663 | |||
664 | <entry align="center">Description</entry> | ||
665 | </row> | ||
666 | </thead> | ||
667 | |||
668 | <tbody> | ||
669 | <row> | ||
670 | <entry align="left">SD-WAN</entry> | ||
671 | |||
672 | <entry>VPN connection between two branches (uCPE device 2 and | ||
673 | uCPE device 1).</entry> | ||
674 | </row> | ||
675 | |||
676 | <row> | ||
677 | <entry align="left">VNFMgr (Virtual Port1)</entry> | ||
678 | |||
679 | <entry>DHCP Client, dynamically assigned IP address.</entry> | ||
680 | </row> | ||
681 | |||
682 | <row> | ||
683 | <entry align="left">WAN (Virtual Port2)</entry> | ||
684 | |||
685 | <entry>IP address: 10.0.0.2</entry> | ||
686 | </row> | ||
687 | |||
688 | <row> | ||
689 | <entry align="left">LAN (Virtual Port3)</entry> | ||
690 | |||
691 | <entrytbl cols="1"> | ||
692 | <tbody> | ||
693 | <row> | ||
694 | <entry>IP address: 172.16.2.1</entry> | ||
695 | </row> | ||
696 | |||
697 | <row> | ||
698 | <entry>DHCP server (IP range 172.16.2.2 - | ||
699 | 172.16.2.254)</entry> | ||
700 | </row> | ||
701 | </tbody> | ||
702 | </entrytbl> | ||
703 | </row> | ||
704 | </tbody> | ||
705 | </tgroup> | ||
706 | </table> | ||
707 | |||
708 | <figure> | ||
709 | <title>SD-WAN: VPN Configuration</title> | ||
710 | |||
711 | <mediaobject> | ||
712 | <imageobject> | ||
713 | <imagedata align="center" | ||
714 | fileref="images/sdwan_vpn_overview_1.png" contentwidth="600" /> | ||
715 | </imageobject> | ||
716 | </mediaobject> | ||
717 | </figure> | ||
718 | </section> | ||
719 | |||
720 | <section id="forti_examsetup_uc2"> | 270 | <section id="forti_examsetup_uc2"> |
721 | <title>Use-case Setup</title> | 271 | <title>Use-case Setup</title> |
722 | 272 | ||
@@ -725,8 +275,8 @@ | |||
725 | <para>Since the SD-WAN VNF uses three External Network Interfaces, three | 275 | <para>Since the SD-WAN VNF uses three External Network Interfaces, three |
726 | bridges need to be configured. Each bridge provides the ability to | 276 | bridges need to be configured. Each bridge provides the ability to |
727 | connect a physical network interface to the VM's virtual network | 277 | connect a physical network interface to the VM's virtual network |
728 | interface.</para> | 278 | interface.</para> |
729 | 279 | ||
730 | <para>Each VNF instance will have a virtual interface for VNF | 280 | <para>Each VNF instance will have a virtual interface for VNF |
731 | management, for the WAN network and for LAN communication.</para> | 281 | management, for the WAN network and for LAN communication.</para> |
732 | 282 | ||
@@ -746,105 +296,96 @@ | |||
746 | </listitem> | 296 | </listitem> |
747 | </orderedlist> | 297 | </orderedlist> |
748 | 298 | ||
749 | <para><emphasis role="bold">Onboarding the FortiGate VNF</emphasis></para> | 299 | <para><emphasis role="bold">Setup of an Intel Whitebox uCPE |
750 | 300 | device</emphasis>:</para> | |
751 | <para>See the onboarding parameters detailed in the previous use-case above.</para> | ||
752 | |||
753 | <para><emphasis role="bold">Instantiating the FortiGate VNF</emphasis></para> | ||
754 | |||
755 | <para>Instantiate the FortiGate VNF by filling the required fields with | ||
756 | the following values:</para> | ||
757 | |||
758 | <table> | ||
759 | <title>Instantiation Requirements</title> | ||
760 | |||
761 | <tgroup cols="2"> | ||
762 | <colspec align="center" colwidth="1*" /> | ||
763 | |||
764 | <colspec align="center" colwidth="4*" /> | ||
765 | |||
766 | <thead> | ||
767 | <row> | ||
768 | <entry align="center">Field</entry> | ||
769 | |||
770 | <entry align="center">Description</entry> | ||
771 | </row> | ||
772 | </thead> | ||
773 | |||
774 | <tbody> | ||
775 | <row> | ||
776 | <entry align="left">Name</entry> | ||
777 | |||
778 | <entry align="left">Name of the VM which will be created on the | ||
779 | uCPE device.</entry> | ||
780 | </row> | ||
781 | 301 | ||
782 | <row> | 302 | <itemizedlist> |
783 | <entry align="left">VNF Type</entry> | 303 | <listitem> |
304 | <para><literal>VNFMgr</literal>. Connected to the Lab Network for | ||
305 | VNF management access.</para> | ||
306 | </listitem> | ||
784 | 307 | ||
785 | <entry align="left">Name of the onboarded VNF.</entry> | 308 | <listitem> |
786 | </row> | 309 | <para><literal>WAN interfaces</literal>. Directly connected through |
310 | the Ethernet cable.</para> | ||
311 | </listitem> | ||
787 | 312 | ||
788 | <row> | 313 | <listitem> |
789 | <entry align="left">uCPE Device</entry> | 314 | <para><literal>LAN</literal>. Connected to the Test Machine.</para> |
315 | </listitem> | ||
790 | 316 | ||
791 | <entry align="left">Select the uCPE device where the VNF will be | 317 | <listitem> |
792 | instantiated.</entry> | 318 | <para><literal>ETH0</literal>. Connected to the Lab Network (for |
793 | </row> | 319 | Enea uCPE Manager communications).</para> |
320 | </listitem> | ||
321 | </itemizedlist> | ||
794 | 322 | ||
795 | <row> | 323 | <para><emphasis role="bold">Onboarding the FortiGate |
796 | <entry align="left">License file</entry> | 324 | VNF</emphasis>:</para> |
797 | 325 | ||
798 | <entry align="left">The FortiGate license file provided by | 326 | <para>See the onboarding parameters detailed in the previous use-case |
799 | Fortinet.</entry> | 327 | above.</para> |
800 | </row> | ||
801 | 328 | ||
802 | <row> | 329 | <para><emphasis role="bold">Instantiating the FortiGate |
803 | <entry align="left">Configuration files</entry> | 330 | VNF</emphasis>:</para> |
804 | 331 | ||
805 | <entry align="left">The SD-WAN example configuration files provided | 332 | <para>Instantiate the FortiGate VNF by filling the required fields with |
806 | by Enea: | 333 | the following values:</para> |
807 | <literal>fortigate-sdwan1.conf</literal> | ||
808 | <literal>fortigate-sdwan2.conf</literal></entry> | ||
809 | </row> | ||
810 | 334 | ||
811 | <row> | 335 | <itemizedlist spacing="compact"> |
812 | <entry align="left">Port1 - VNFMgr</entry> | 336 | <listitem> |
337 | <para><emphasis role="bold">Name</emphasis>: Name of the VM which | ||
338 | will be created on the uCPE device.</para> | ||
339 | </listitem> | ||
813 | 340 | ||
814 | <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the | 341 | <listitem> |
815 | <literal>vnfmgrbr</literal> bridge.</entry> | 342 | <para><emphasis role="bold">VNF Type</emphasis>: Name of the |
816 | </row> | 343 | onboarded VNF.</para> |
344 | </listitem> | ||
817 | 345 | ||
818 | <row> | 346 | <listitem> |
819 | <entry align="left">Port2 - WAN</entry> | 347 | <para><emphasis role="bold">uCPE Device</emphasis>: Select the uCPE |
348 | device where the VNF will be instantiated.</para> | ||
349 | </listitem> | ||
820 | 350 | ||
821 | <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the | 351 | <listitem> |
822 | <literal>wanbr</literal> bridge.</entry> | 352 | <para><emphasis role="bold">License file</emphasis>: The FortiGate |
823 | </row> | 353 | license file provided by Fortinet.</para> |
354 | </listitem> | ||
824 | 355 | ||
825 | <row> | 356 | <listitem> |
826 | <entry align="left">Port3 - LAN</entry> | 357 | <para><emphasis role="bold">Configuration file</emphasis>: The |
358 | SD-WAN example configuration files provided by Enea: | ||
359 | <literal>fortigate-sdwan1.conf</literal> and | ||
360 | <literal>fortigate-sdwan2.conf</literal>.</para> | ||
361 | </listitem> | ||
827 | 362 | ||
828 | <entry align="left">Set the type to <literal>DPDK</literal> and connect it to the | 363 | <listitem> |
829 | <literal>lanbr</literal> bridge.</entry> | 364 | <para><emphasis role="bold">Port1 - VNF Mgr</emphasis>: Set the type |
830 | </row> | 365 | to <literal>DPDK</literal> and connect it to the |
831 | </tbody> | 366 | <literal>vnfmgrbr</literal> bridge.</para> |
832 | </tgroup> | 367 | </listitem> |
833 | </table> | ||
834 | 368 | ||
835 | <orderedlist> | ||
836 | <listitem> | 369 | <listitem> |
837 | <para>Instantiate the FortiGate VNF on uCPE device 1 using the | 370 | <para><emphasis role="bold">Port2 - WAN</emphasis>: Set the type to |
838 | <literal>sdwan1</literal> example configuration file.</para> | 371 | <literal>DPDK</literal> and connect it to the |
372 | <literal>wanbr</literal> bridge.</para> | ||
839 | </listitem> | 373 | </listitem> |
840 | 374 | ||
841 | <listitem> | 375 | <listitem> |
842 | <para>To complete the branch-to-branch setup, configure <literal>uCPE device | 376 | <para><emphasis role="bold">Port3 - LAN</emphasis>: Set the type to |
843 | 2</literal> in the same way as <literal>uCPE device 1</literal>. Make sure to | 377 | <literal>DPDK</literal> and connect it to the |
844 | use the <literal>sdwan2</literal> configuration file for the second VNF | 378 | <literal>lanbr</literal> bridge.</para> |
845 | instantiation.</para> | ||
846 | </listitem> | 379 | </listitem> |
847 | </orderedlist> | 380 | </itemizedlist> |
381 | |||
382 | <para>Instantiate the FortiGate VNF on uCPE device 1 using the | ||
383 | <literal>sdwan1</literal> example configuration file.</para> | ||
384 | |||
385 | <para>To complete the branch-to-branch setup, configure <literal>uCPE | ||
386 | device 2</literal> in the same way as <literal>uCPE device 1</literal>. | ||
387 | Make sure to use the <literal>sdwan2</literal> configuration file for | ||
388 | the second VNF instantiation.</para> | ||
848 | </section> | 389 | </section> |
849 | 390 | ||
850 | <section id="forti_test_uc2"> | 391 | <section id="forti_test_uc2"> |
@@ -914,16 +455,16 @@ virsh console <id of FortiGate VNF></programlisting> | |||
914 | </listitem> | 455 | </listitem> |
915 | 456 | ||
916 | <listitem> | 457 | <listitem> |
917 | <para>Browse through the configuration and perform changes | 458 | <para>Browse through the configuration and perform changes according |
918 | according to your setup:</para> | 459 | to your setup:</para> |
919 | 460 | ||
920 | <figure> | 461 | <figure> |
921 | <title>The FortiGate VNF Web Management Interface</title> | 462 | <title>The FortiGate VNF Web Management Interface</title> |
922 | 463 | ||
923 | <mediaobject> | 464 | <mediaobject> |
924 | <imageobject> | 465 | <imageobject> |
925 | <imagedata align="center" | 466 | <imagedata align="center" contentwidth="600" |
926 | fileref="images/fortinet_interface.png" contentwidth="600" /> | 467 | fileref="images/fortinet_interface.png" /> |
927 | </imageobject> | 468 | </imageobject> |
928 | </mediaobject> | 469 | </mediaobject> |
929 | </figure> | 470 | </figure> |
@@ -954,11 +495,6 @@ virsh console <id of FortiGate VNF></programlisting> | |||
954 | at the next FortiGate VNF instantiation.</para> | 495 | at the next FortiGate VNF instantiation.</para> |
955 | </listitem> | 496 | </listitem> |
956 | </orderedlist> | 497 | </orderedlist> |
957 | |||
958 | <note> | ||
959 | <para>Editing the default configuration is only recommended for | ||
960 | FortiGate configuration experts.</para> | ||
961 | </note> | ||
962 | </listitem> | 498 | </listitem> |
963 | </orderedlist> | 499 | </orderedlist> |
964 | </section> | 500 | </section> |
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/inband_management.xml b/doc/book-enea-nfv-access-example-usecases/doc/inband_management.xml deleted file mode 100644 index a27075c..0000000 --- a/doc/book-enea-nfv-access-example-usecases/doc/inband_management.xml +++ /dev/null | |||
@@ -1,237 +0,0 @@ | |||
1 | <?xml version="1.0" encoding="ISO-8859-1"?> | ||
2 | <chapter id="inband_management"> | ||
3 | <title>In-band Management Example Use-case</title> | ||
4 | |||
5 | <para>In the case of an NFV Access device installed on a network with | ||
6 | limited access, In-band management can be a solution to manage the device | ||
7 | and to pass data traffic (through only one physical interface). This example | ||
8 | use-case will show how to enable In-band management on the NFV Access | ||
9 | device and to access a VNF on the same physical interface.</para> | ||
10 | |||
11 | <section id="inband_mg_uc_preq"> | ||
12 | <title>Prerequisites</title> | ||
13 | |||
14 | <para>System requirements for the uCPE device:</para> | ||
15 | |||
16 | <itemizedlist> | ||
17 | <listitem> | ||
18 | <para>1 x Network Interface for WAN and management.</para> | ||
19 | </listitem> | ||
20 | |||
21 | <listitem> | ||
22 | <para>1 x Network Interface for LAN.</para> | ||
23 | </listitem> | ||
24 | </itemizedlist> | ||
25 | |||
26 | <note> | ||
27 | <para>No other physical port for In-band management can be used. | ||
28 | <remark>FIXME: What does this mean?</remark></para> | ||
29 | </note> | ||
30 | |||
31 | <para>The following files are needed for this example use case:</para> | ||
32 | |||
33 | <itemizedlist> | ||
34 | <listitem> | ||
35 | <para>FortiGate VNF image. This file is provided by the local Fortinet | ||
36 | sales representatives in your region.</para> | ||
37 | </listitem> | ||
38 | |||
39 | <listitem> | ||
40 | <para>FortiGate VNF license file. This file is provided by the local | ||
41 | Fortinet sales representatives in your region.</para> | ||
42 | </listitem> | ||
43 | |||
44 | <listitem> | ||
45 | <para>FortiGate specific documentation. This is provided by the local | ||
46 | Fortinet sales representatives in your region.</para> | ||
47 | </listitem> | ||
48 | |||
49 | <listitem> | ||
50 | <para>FortiGate configuration example files. These files are provided | ||
51 | with your Enea NFV Access release.</para> | ||
52 | </listitem> | ||
53 | </itemizedlist> | ||
54 | </section> | ||
55 | |||
56 | <section id="inband_mg_fortivnf_uc"> | ||
57 | <title>In-band Management Activation</title> | ||
58 | |||
59 | <para>In-band management activation is done by creating a special bridge | ||
60 | which manages all traffic from the WAN interface. The active physical port | ||
61 | of the device (used by the device manager to communicate with the uCPE | ||
62 | Manager) will be connected to the In-band management bridge.</para> | ||
63 | |||
64 | <para>Once the In-band management bridge is activated, communication to | ||
65 | the uCPE Manager will be reactivated, passing through the bridge.</para> | ||
66 | |||
67 | <para>For further details, please see <olink targetdoc="book_enea_nfv_access_getting_started" | ||
68 | targetptr="in_band_managemen">in_band_managemen in <xi:include | ||
69 | href="../../s_docbuild/olinkdb/pardoc-names.xml" | ||
70 | xmlns:xi="http://www.w3.org/2001/XInclude" | ||
71 | xpointer="element(book_enea_nfv_access_getting_started/1)" /></olink>.</para> | ||
72 | |||
73 | <figure> | ||
74 | <title>NFV Access In-band management solution setup</title> | ||
75 | |||
76 | <mediaobject> | ||
77 | <imageobject> | ||
78 | <imagedata align="center" fileref="images/uc_ibm_solution_test.png" | ||
79 | contentwidth="600" /> | ||
80 | </imageobject> | ||
81 | </mediaobject> | ||
82 | </figure> | ||
83 | |||
84 | <section id="inband_examuc_setup"> | ||
85 | <title>Use-case Setup</title> | ||
86 | |||
87 | <para><emphasis role="bold">Network Configuration:</emphasis></para> | ||
88 | |||
89 | <orderedlist> | ||
90 | <listitem> | ||
91 | <para>Create an In-band management WAN Bridge (set | ||
92 | <literal>dpdkWan</literal> as the bridge type).</para> | ||
93 | </listitem> | ||
94 | |||
95 | <listitem> | ||
96 | <para>Bind the physical network interface that will be used for LAN | ||
97 | access to the <literal>DPDK</literal>.</para> | ||
98 | </listitem> | ||
99 | |||
100 | <listitem> | ||
101 | <para>Create a LAN Bridge and attach the DPDK LAN interface.</para> | ||
102 | </listitem> | ||
103 | </orderedlist> | ||
104 | |||
105 | <note> | ||
106 | <para>The WAN port of the very first VNF instantiated on the device | ||
107 | must be connected to the <literal>WAN</literal> bridge. All other VNFs | ||
108 | must be connected in chain with the first VNF.</para> | ||
109 | </note> | ||
110 | |||
111 | <para><emphasis role="bold">Onboarding the VNF:</emphasis></para> | ||
112 | |||
113 | <para>See onboarding parameters in <xref linkend="fortigate_firewall_uc_1" />.</para> | ||
114 | |||
115 | <para><emphasis role="bold">Instantiating the VNF:</emphasis></para> | ||
116 | |||
117 | <para>Instantiate the FortiGate VNF by filling the required fields with | ||
118 | the following values:</para> | ||
119 | |||
120 | <table> | ||
121 | <title>Instantiation Requirements</title> | ||
122 | |||
123 | <tgroup cols="2"> | ||
124 | <colspec align="center" colwidth="1*" /> | ||
125 | |||
126 | <colspec align="center" colwidth="4*" /> | ||
127 | |||
128 | <thead> | ||
129 | <row> | ||
130 | <entry align="center">Field</entry> | ||
131 | |||
132 | <entry align="center">Description</entry> | ||
133 | </row> | ||
134 | </thead> | ||
135 | |||
136 | <tbody> | ||
137 | <row> | ||
138 | <entry align="left">Name</entry> | ||
139 | |||
140 | <entry align="left">Name of the VM which will be created on the | ||
141 | uCPE device.</entry> | ||
142 | </row> | ||
143 | |||
144 | <row> | ||
145 | <entry align="left">VNF Type</entry> | ||
146 | |||
147 | <entry align="left">Name of the onboarded VNF.</entry> | ||
148 | </row> | ||
149 | |||
150 | <row> | ||
151 | <entry align="left">uCPE Device</entry> | ||
152 | |||
153 | <entry align="left">Select the uCPE device where the VNF will be | ||
154 | instantiated.</entry> | ||
155 | </row> | ||
156 | |||
157 | <row> | ||
158 | <entry align="left">License file</entry> | ||
159 | |||
160 | <entry align="left">The FortiGate license file provided by | ||
161 | Fortinet.</entry> | ||
162 | </row> | ||
163 | |||
164 | <row> | ||
165 | <entry align="left">Configuration file</entry> | ||
166 | |||
167 | <entry align="left">The Firewall example configuration file provided | ||
168 | by Enea | ||
169 | (<filename>fortigate-basic-fw.conf</filename>).</entry> | ||
170 | </row> | ||
171 | |||
172 | <row> | ||
173 | <entry align="left">Port1 - WAN</entry> | ||
174 | |||
175 | <entry align="left">Set the <literal>External Interface</literal> type to | ||
176 | <literal>DPDK</literal> and connect it to the <literal>ibm-wan-br</literal> ovs | ||
177 | bridge.</entry> | ||
178 | </row> | ||
179 | |||
180 | <row> | ||
181 | <entry align="left">Port2 - LAN1</entry> | ||
182 | |||
183 | <entry align="left">Set the <literal>Incoming Interface</literal> type to | ||
184 | <literal>DPDK</literal> and connect it to the <literal>lan-br</literal> ovs | ||
185 | bridge.</entry> | ||
186 | </row> | ||
187 | |||
188 | <row> | ||
189 | <entry align="left">Port3 - LAN2</entry> | ||
190 | |||
191 | <entry align="left">Set the <literal>Outgoing Interface</literal> type to | ||
192 | <literal>DPDK</literal> and connect it to the <literal>lan-br</literal> ovs | ||
193 | bridge.</entry> | ||
194 | </row> | ||
195 | </tbody> | ||
196 | </tgroup> | ||
197 | </table> | ||
198 | </section> | ||
199 | |||
200 | <section id="test_fortvnf_inband"> | ||
201 | <title>Testing the Use-case</title> | ||
202 | |||
203 | <para>Once the VNF is instantiated, the setup is complete and ready for | ||
204 | testing. Connect the test machine to the LAN port. It will receive an IP | ||
205 | address from the FortiGate VNF and be able to access the | ||
206 | internet.</para> | ||
207 | |||
208 | <para>At this stage, three types of traffic are passing through the WAN | ||
209 | port on the same IP address:</para> | ||
210 | |||
211 | <itemizedlist> | ||
212 | <listitem> | ||
213 | <para>Device management traffic from the uCPE Manager.</para> | ||
214 | </listitem> | ||
215 | |||
216 | <listitem> | ||
217 | <para>FortiGate management interface traffic from a web | ||
218 | browser.</para> | ||
219 | </listitem> | ||
220 | |||
221 | <listitem> | ||
222 | <para>Data traffic from the LAN to the internet.</para> | ||
223 | </listitem> | ||
224 | </itemizedlist> | ||
225 | |||
226 | <para>If you have access from the uCPE Manager to the device as shown | ||
227 | above, this demonstrates that device management traffic passes through | ||
228 | the In-band management WAN bridge successfully.</para> | ||
229 | |||
230 | <para>To access the management interface of the VNF, connect from a web | ||
231 | browser to the public IP address of the device e.g. | ||
232 | <literal>https://<IP></literal>. From a Test machine connected on | ||
233 | the LAN port, try a test ping to the internet e.g. "ping | ||
234 | 8.8.8.8".</para> | ||
235 | </section> | ||
236 | </section> | ||
237 | </chapter> | ||
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/introduction.xml b/doc/book-enea-nfv-access-example-usecases/doc/introduction.xml index 74c11f3..456ab50 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/introduction.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/introduction.xml | |||
@@ -4,10 +4,10 @@ | |||
4 | 4 | ||
5 | <para>This document describes several example use-cases concerning uCPE | 5 | <para>This document describes several example use-cases concerning uCPE |
6 | configuration, onboarding and instantiation of certain VNFs, VNF chaining, | 6 | configuration, onboarding and instantiation of certain VNFs, VNF chaining, |
7 | and In-band management.</para> | 7 | etc.</para> |
8 | 8 | ||
9 | <note> | 9 | <note> |
10 | <para>Before running any example make sure the uCPE device(s) have been | 10 | <para>Before running any example use case make sure the uCPE device(s) have been |
11 | added to the uCPE Manager and placed on the map.</para> | 11 | added to the uCPE Manager and placed on the map.</para> |
12 | 12 | ||
13 | <para>For detailed information on how to add a device to the uCPE Manager, | 13 | <para>For detailed information on how to add a device to the uCPE Manager, |
@@ -18,4 +18,8 @@ | |||
18 | xpointer="element(book_enea_nfv_access_getting_started/1)" /> | 18 | xpointer="element(book_enea_nfv_access_getting_started/1)" /> |
19 | Manual.</para> | 19 | Manual.</para> |
20 | </note> | 20 | </note> |
21 | </chapter> \ No newline at end of file | 21 | |
22 | <para>Examples presented in this document use 3rd-party VNFs, which | ||
23 | are not provided by Enea. To procure and use these VNF image files and license files, | ||
24 | where applicable, please contact the VNF provider.</para> | ||
25 | </chapter> | ||
diff --git a/doc/book-enea-nfv-access-example-usecases/doc/vnf_chaining.xml b/doc/book-enea-nfv-access-example-usecases/doc/vnf_chaining.xml index 27b83aa..f58e252 100644 --- a/doc/book-enea-nfv-access-example-usecases/doc/vnf_chaining.xml +++ b/doc/book-enea-nfv-access-example-usecases/doc/vnf_chaining.xml | |||
@@ -14,33 +14,49 @@ | |||
14 | <section id="preq_chaining"> | 14 | <section id="preq_chaining"> |
15 | <title>Prerequisites</title> | 15 | <title>Prerequisites</title> |
16 | 16 | ||
17 | <para>System requirements for the uCPE device:</para> | ||
18 | |||
19 | <itemizedlist> | ||
20 | <listitem> | ||
21 | <para>3 x Network Interfaces</para> | ||
22 | </listitem> | ||
23 | |||
24 | <listitem> | ||
25 | <para>4 GB of RAM memory</para> | ||
26 | </listitem> | ||
27 | </itemizedlist> | ||
28 | |||
17 | <para>The following files are needed for this example use case:</para> | 29 | <para>The following files are needed for this example use case:</para> |
18 | 30 | ||
19 | <itemizedlist> | 31 | <itemizedlist> |
32 | <para>VNF images:</para> | ||
33 | |||
20 | <listitem> | 34 | <listitem> |
21 | <para><filename>vSRX-Site<x>.iso</filename>. The Juniper vSRX | 35 | <para>Fortigate VNF.</para> |
22 | VNF image, as the Cloud-Init files. This VNF image is not provided by | ||
23 | Enea. Please contact Juniper to get this image.</para> | ||
24 | </listitem> | 36 | </listitem> |
25 | 37 | ||
26 | <listitem> | 38 | <listitem> |
27 | <para>Fortigate VNF image. This image is provided by Enea.</para> | 39 | <para>Juniper vSRX VNF.</para> |
28 | </listitem> | 40 | </listitem> |
41 | </itemizedlist> | ||
42 | |||
43 | <para>For VNF images and their license files, please contact the | ||
44 | VNF provider.</para> | ||
45 | |||
46 | <itemizedlist> | ||
47 | <para>VNF Configuration files, provided with your Enea | ||
48 | NFV Access Release:</para> | ||
29 | 49 | ||
30 | <listitem> | 50 | <listitem> |
31 | <para><filename>vSRX-domain-update-script</filename>. This file is | 51 | <para><filename>vSRX-domain-update-script</filename>.</para> |
32 | provided by Enea.</para> | ||
33 | </listitem> | 52 | </listitem> |
34 | 53 | ||
35 | <listitem> | 54 | <listitem> |
36 | <para><filename>FortiFW-Site<x>.conf</filename> as the | 55 | <para><filename>vSRX-Site<x>.conf</filename>.</para> |
37 | Cloud-Init file(s). This file is provided by Enea.</para> | ||
38 | </listitem> | 56 | </listitem> |
39 | 57 | ||
40 | <listitem> | 58 | <listitem> |
41 | <para>License file(s) as the Cloud-Init content in the Cloud-Init tab. | 59 | <para><filename>FortiFW-Site<x>.conf</filename>.</para> |
42 | For license files for the VNFs, please contact the VNF | ||
43 | provider.</para> | ||
44 | </listitem> | 60 | </listitem> |
45 | </itemizedlist> | 61 | </itemizedlist> |
46 | </section> | 62 | </section> |
@@ -58,27 +74,10 @@ | |||
58 | <para>Optionally, one additional device (PC/laptop) can be connected on | 74 | <para>Optionally, one additional device (PC/laptop) can be connected on |
59 | the LAN port of each branch to run LAN-to-LAN connectivity tests.</para> | 75 | the LAN port of each branch to run LAN-to-LAN connectivity tests.</para> |
60 | 76 | ||
61 | <figure> | ||
62 | <title>VNF Chaining with FortiGate Setup</title> | ||
63 | |||
64 | <mediaobject> | ||
65 | <imageobject> | ||
66 | <imagedata align="center" fileref="images/example_setup.png" | ||
67 | scale="88" /> | ||
68 | </imageobject> | ||
69 | </mediaobject> | ||
70 | </figure> | ||
71 | |||
72 | <note> | ||
73 | <para>For simplicity, the image above does not present the | ||
74 | management-plane, which will be described in the Setup steps.</para> | ||
75 | </note> | ||
76 | |||
77 | <section id="exam_setup_chain"> | 77 | <section id="exam_setup_chain"> |
78 | <title>Use-case Setup</title> | 78 | <title>Use-case Setup</title> |
79 | 79 | ||
80 | <para><emphasis role="bold">Configuring Network Interfaces on uCPE | 80 | <para><emphasis role="bold">Network Configuration</emphasis>:</para> |
81 | devices:</emphasis></para> | ||
82 | 81 | ||
83 | <para>Both branches in the example have similar setups, therefore | 82 | <para>Both branches in the example have similar setups, therefore |
84 | necessary step details are presented for only one branch. The second | 83 | necessary step details are presented for only one branch. The second |
@@ -135,16 +134,17 @@ | |||
135 | </listitem> | 134 | </listitem> |
136 | </orderedlist> | 135 | </orderedlist> |
137 | 136 | ||
138 | <para><emphasis role="bold">Onboarding the VNFs:</emphasis></para> | 137 | <para><emphasis role="bold">Onboarding the VNFs</emphasis>:</para> |
139 | 138 | ||
140 | <orderedlist> | 139 | <orderedlist> |
141 | <listitem> | 140 | <listitem> |
142 | <para>Onboard Juniper vSRX using the VNF Onboarding Wizard:</para> | 141 | <para>Onboard Juniper vSRX using the VNF by filling the required |
142 | fields with the following values:</para> | ||
143 | 143 | ||
144 | <itemizedlist> | 144 | <itemizedlist> |
145 | <listitem> | 145 | <listitem> |
146 | <para>The Flavor selected must have at least 2 vCPUs and 4 GB | 146 | <para>The Flavor selected must have at least 2 CPUs and 4 GB RAM |
147 | RAM since vSRX is quite resource consuming.</para> | 147 | since vSRX is quite resource consuming.</para> |
148 | 148 | ||
149 | <para>Tested-inhouse with 4 vCPUs/ 6 GB RAM.</para> | 149 | <para>Tested-inhouse with 4 vCPUs/ 6 GB RAM.</para> |
150 | </listitem> | 150 | </listitem> |
@@ -166,8 +166,8 @@ | |||
166 | 166 | ||
167 | <itemizedlist> | 167 | <itemizedlist> |
168 | <listitem> | 168 | <listitem> |
169 | <para>The Flavor selected can be quite light in resources, e.g. | 169 | <para>The Flavor selected can be quite light in resource |
170 | 1 vCPU and 2 GB RAM.</para> | 170 | consumption, e.g. 1 CPU and 2 GB RAM.</para> |
171 | </listitem> | 171 | </listitem> |
172 | 172 | ||
173 | <listitem> | 173 | <listitem> |
@@ -203,6 +203,11 @@ | |||
203 | <listitem> | 203 | <listitem> |
204 | <para>Use <filename>vSRX-Site1.iso</filename> as the Cloud-Init | 204 | <para>Use <filename>vSRX-Site1.iso</filename> as the Cloud-Init |
205 | file.</para> | 205 | file.</para> |
206 | |||
207 | <note> | ||
208 | <para>Please follow the Juniper's documentation to create | ||
209 | <filename>vSRX-Site1.iso</filename> file.</para> | ||
210 | </note> | ||
206 | </listitem> | 211 | </listitem> |
207 | 212 | ||
208 | <listitem> | 213 | <listitem> |
@@ -300,17 +305,16 @@ | |||
300 | established and LAN to LAN visibility can be verified by connecting one | 305 | established and LAN to LAN visibility can be verified by connecting one |
301 | device on each uCPE LAN port.</para> | 306 | device on each uCPE LAN port.</para> |
302 | </section> | 307 | </section> |
303 | </section> | ||
304 | 308 | ||
305 | <section id="test_setup"> | 309 | <section id="test_setup"> |
306 | <title>Testing the Use-case</title> | 310 | <title>Testing the Use-case</title> |
307 | 311 | ||
308 | <para>Before testing LAN to LAN connectivity, preliminary tests of service | 312 | <para>Before testing LAN to LAN connectivity, preliminary tests of |
309 | can be run to ensure everything was set up properly. For instance, by | 313 | service can be run to ensure everything was set up properly. For |
310 | connecting to vSRX CLI (any site), one can test IKE security | 314 | instance, by connecting to vSRX CLI (any site), one can test IKE |
311 | associations:</para> | 315 | security associations:</para> |
312 | 316 | ||
313 | <programlisting>root@Atom-C3000:~ # cli | 317 | <programlisting>root@Atom-C3000:~ # cli |
314 | root@Atom-C3000> show security ike security-associations | 318 | root@Atom-C3000> show security ike security-associations |
315 | Index State Initiator cookie Responder cookie Mode Remote Address | 319 | Index State Initiator cookie Responder cookie Mode Remote Address |
316 | 1588673 UP 2f2047b144ebfce4 0000000000000000 Aggressive 10.1.1.2 | 320 | 1588673 UP 2f2047b144ebfce4 0000000000000000 Aggressive 10.1.1.2 |
@@ -318,91 +322,71 @@ Index State Initiator cookie Responder cookie Mode Remote Address | |||
318 | root@Atom-C3000> show security ike security-associations index 1588673 detail | 322 | root@Atom-C3000> show security ike security-associations index 1588673 detail |
319 | ...</programlisting> | 323 | ...</programlisting> |
320 | 324 | ||
321 | <para>Also, from the vSRX CLI, a user can check that the VPN tunnel was | 325 | <para>Also, from the vSRX CLI, a user can check that the VPN tunnel was |
322 | established and get statistics of the packets passing the tunnel:</para> | 326 | established and get statistics of the packets passing the tunnel:</para> |
323 | 327 | ||
324 | <programlisting>root@Atom-C3000> show security ipsec security-associations | 328 | <programlisting>root@Atom-C3000> show security ipsec security-associations |
325 | ... | 329 | ... |
326 | root@Atom-C3000> show security ipsec statistics index <xxxxx> | 330 | root@Atom-C3000> show security ipsec statistics index <xxxxx> |
327 | ...</programlisting> | 331 | ...</programlisting> |
328 | 332 | ||
329 | <para>From the Fortigate Firewall CLI on Site 1, one can check | 333 | <para>From the Fortigate Firewall CLI on Site 1, one can check |
330 | connectivity to the remote Fortigate FW (from Site 2):</para> | 334 | connectivity to the remote Fortigate FW (from Site 2):</para> |
331 | 335 | ||
332 | <programlisting>FGVM080000136187 # execute ping 192.168.168.2 | 336 | <programlisting>FGVM080000136187 # execute ping 192.168.168.2 |
333 | PING 192.168.168.2 (192.168.168.2): 56 data bytes | 337 | PING 192.168.168.2 (192.168.168.2): 56 data bytes |
334 | 64 bytes from 192.168.168.2: icmp_seq=0 ttl=255 time=0.0 ms | 338 | 64 bytes from 192.168.168.2: icmp_seq=0 ttl=255 time=0.0 ms |
335 | 64 bytes from 192.168.168.2: icmp_seq=1 ttl=255 time=0.0 ms | 339 | 64 bytes from 192.168.168.2: icmp_seq=1 ttl=255 time=0.0 ms |
336 | 64 bytes from 192.168.168.2: icmp_seq=2 ttl=255 time=0.0 ms | 340 | 64 bytes from 192.168.168.2: icmp_seq=2 ttl=255 time=0.0 ms |
337 | ...</programlisting> | 341 | ...</programlisting> |
338 | 342 | ||
339 | <para>Since VNF management ports were configured to get IPs through DHCP, | 343 | <para>Since VNF management ports were configured to get IPs through |
340 | the user can use a Web-based management UI to check and modify the | 344 | DHCP, the user can use a Web-based management UI to check and modify the |
341 | configuration settings of both vSRX and Fortigate.</para> | 345 | configuration settings of both vSRX and Fortigate.</para> |
342 | 346 | ||
343 | <para>For example, in the case of vSRX, from the VNF CLI you can list the | 347 | <para>For example, in the case of vSRX, from the VNF CLI you can list |
344 | virtual interfaces as below:</para> | 348 | the virtual interfaces as below:</para> |
345 | 349 | ||
346 | <programlisting>root@Atom-C3000> show interfaces terse | 350 | <programlisting>root@Atom-C3000> show interfaces terse |
347 | ... | 351 | ... |
348 | fxp0.0 up up inet 172.24.15.92/22 | 352 | fxp0.0 up up inet 172.24.15.92/22 |
349 | gre up up | 353 | gre up up |
350 | ipip up up | 354 | ipip up up |
351 | ...</programlisting> | 355 | ...</programlisting> |
352 | 356 | ||
353 | <para>When using provided configurations, the VNF management port for | 357 | <para>When using provided configurations, the VNF management port for |
354 | Juniper vSRX is always <literal>fxp0.0</literal>.</para> | 358 | Juniper vSRX is always <literal>fxp0.0</literal>.</para> |
355 | 359 | ||
356 | <para>In the case of Fortigate, from the VNF CLI you can list the virtual | 360 | <para>In the case of Fortigate, from the VNF CLI you can list the |
357 | interfaces as such:</para> | 361 | virtual interfaces as such:</para> |
358 | 362 | ||
359 | <programlisting>FGVM080000136187 # get system interface | 363 | <programlisting>FGVM080000136187 # get system interface |
360 | == [ port1 ] | 364 | == [ port1 ] |
361 | name: port1 mode: dhcp ip: 172.24.15.94 255.255.252.0 status: up netbios-forward: | 365 | name: port1 mode: dhcp ip: 172.24.15.94 255.255.252.0 status: up netbios-forward: |
362 | disable type: physical netflow-sampler: disable sflow-sampler: disable... | 366 | disable type: physical netflow-sampler: disable sflow-sampler: disable... |
363 | ...</programlisting> | 367 | ...</programlisting> |
364 | 368 | ||
365 | <para>When using provided configurations, the VNF management port for | 369 | <para>When using provided configurations, the VNF management port for |
366 | Fortigate is always <literal>port1</literal>.</para> | 370 | Fortigate is always <literal>port1</literal>.</para> |
367 | 371 | ||
368 | <para>If functionality is as intended, LAN-to-LAN connectivity can be | 372 | <para>If functionality is as intended, LAN-to-LAN connectivity can be |
369 | checked (through the VPN tunnel) by using two devices (PC/laptop) | 373 | checked (through the VPN tunnel) by using two devices (PC/laptop) |
370 | connected to the LAN ports of each uCPE. Optionally, these devices can be | 374 | connected to the LAN ports of each uCPE. Optionally, these devices can |
371 | simulated by using Enea's sample VNF running on both uCPEs and connected | 375 | be simulated by using Enea's sample VNF running on both uCPEs and |
372 | to the <literal>lan_br</literal> on each side. Please note that | 376 | connected to the <literal>lan_br</literal> on each side. Please note |
373 | instructions for onboarding and instantiating this VNF is not in the scope | 377 | that instructions for onboarding and instantiating this VNF is not in |
374 | of this document.</para> | 378 | the scope of this document.</para> |
375 | 379 | ||
376 | <para>Since Fortigate VNF, which is acting as router and firewall, is | 380 | <para>Since Fortigate VNF, which is acting as router and firewall, is |
377 | configured to be the DHCP server for the LAN network, the device interface | 381 | configured to be the DHCP server for the LAN network, the device |
378 | connected to the uCPE LAN port has to be configured to get dinamically | 382 | interface connected to the uCPE LAN port has to be configured to get |
379 | assigned IPs. These IPs are in the 172.0.0.0/24 network for Site1 and the | 383 | dinamically assigned IPs. These IPs are in the 172.0.0.0/24 network for |
380 | 172.10.10.0/24 network for Site2. Therefore, site-to-site connectivity can | 384 | Site1 and the 172.10.10.0/24 network for Site2. Therefore, site-to-site |
381 | be checked (from Site1) as such:</para> | 385 | connectivity can be checked (from Site1) as such:</para> |
382 | 386 | ||
383 | <programlisting>root@atom-c3000:~# ping 172.10.10.2 | 387 | <programlisting>root@atom-c3000:~# ping 172.10.10.2 |
384 | PING 172.10.10.1 (172.10.10.2): 56 data bytes | 388 | PING 172.10.10.1 (172.10.10.2): 56 data bytes |
385 | ...</programlisting> | 389 | ...</programlisting> |
390 | </section> | ||
386 | </section> | 391 | </section> |
387 | 392 | </chapter> | |
388 | <section id="limitations"> | ||
389 | <title>Limitations</title> | ||
390 | |||
391 | <para>Below is a list of known limitations:</para> | ||
392 | |||
393 | <itemizedlist> | ||
394 | <listitem> | ||
395 | <para>The vSRX VNF has no trust-to-untrust and untrust-to-trust | ||
396 | policies (only trust-to-vpn and vpn-to-trust were configured). | ||
397 | Therefore, uCPEs were not configured for a "direct Internet access" | ||
398 | use-case.</para> | ||
399 | </listitem> | ||
400 | |||
401 | <listitem> | ||
402 | <para>The Fortigate VNF has no "real" firewall policies set, i.e. all | ||
403 | traffic from LAN is allowed to pass through the WAN interface and | ||
404 | vice-versa.</para> | ||
405 | </listitem> | ||
406 | </itemizedlist> | ||
407 | </section> | ||
408 | </chapter> \ No newline at end of file | ||