9 files changed, 302 insertions, 1 deletions

diff --git a/doc/book-enea-nfv-access-getting-started/doc/demo_usecases.xml b/doc/book-enea-nfv-access-getting-started/doc/demo_usecases.xml
index 31894dd..cdcb931 100644
--- a/doc/book-enea-nfv-access-getting-started/doc/demo_usecases.xml
+++ b/doc/book-enea-nfv-access-getting-started/doc/demo_usecases.xml
@@ -1898,4 +1898,305 @@ Run: tail -f /opt/testpmd-out</programlisting>
       </note>
     </section>
   </section>
-</chapter>
+
+  <section id="inband_management">
+    <title>In-band Management</title>
+
+    <para>In the case of an NFV Access device installed on a network with
+    limited access, In-band management can be a solution to manage the device
+    and to pass data traffic (through only one physical interface). This demo
+    use-case will show how to enable the In-band management on the NFV Access
+    device and to access a VNF on the same physical interface.</para>
+
+    <figure>
+      <title>NFV Access In-band management solution setup</title>
+
+      <mediaobject>
+        <imageobject>
+          <imagedata align="center" fileref="images/uc_ibm_solution.png"
+                     scale="50" />
+        </imageobject>
+      </mediaobject>
+    </figure>
+
+    <para>Setup uses the following network configuration:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>1 x Network Interface for WAN and management.</para>
+      </listitem>
+
+      <listitem>
+        <para>1 x Network Interface for LAN.</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>For prerequisites and further details, please see <xref
+    linkend="inband_management" /> and <xref
+    linkend="vnf_fortigate" />.</para>
+
+    <section id="mg_activation">
+      <title>In-band management activation for FortiGate VNF
+      Instantiation</title>
+
+      <para>In-band management activation is done by creating a special bridge
+      which manages all traffic from the WAN interface. The active physical
+      port of the device (used by the device manager to communicate with the
+      uCPE Manager) will be connected to the In-band management bridge. Once
+      the In-band management bridge is activated, communication to the uCPE
+      Manager will be reactivated, passing through the bridge.</para>
+
+      <note>
+        <para>No other physical port for In-band management can be
+        used.</para>
+      </note>
+
+      <orderedlist>
+        <listitem>
+          <para>Create an In-band management WAN Bridge:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Select the <literal>Device</literal> menu.</para>
+            </listitem>
+
+            <listitem>
+              <para>In the Configuration tab select
+              <literal>OpenVSwitch.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>Select <literal>Bridges</literal> and click
+              <literal>Add</literal>.</para>
+            </listitem>
+
+            <listitem>
+              <para>Use <literal>dpdkWAN</literal> as the
+              <literal>ovs-bridge-type</literal>.</para>
+            </listitem>
+          </itemizedlist>
+
+          <figure>
+            <title>Create In-band management WAN bridge</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center" fileref="images/uc_ibm_br.png"
+                           scale="75" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+        </listitem>
+
+        <listitem>
+          <para>Bind the physical port which will be used for LAN access to
+          <literal>dpdk</literal>:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Select the <literal>Device</literal> menu.</para>
+            </listitem>
+
+            <listitem>
+              <para>In the Configuration tab select
+              <literal>OpenVSwitch</literal>.</para>
+            </listitem>
+
+            <listitem>
+              <para>Select the <literal>Host Interfaces</literal> menu and
+              click <literal>Add</literal>.</para>
+            </listitem>
+
+            <listitem>
+              <para>Use <literal>dpdk</literal> as the
+              <literal>ovs-bridge-type</literal>.</para>
+            </listitem>
+          </itemizedlist>
+
+          <figure>
+            <title>Bind LAN physical port to dpdk</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center"
+                           fileref="images/uc_ibm_dpdk_int_bind.png"
+                           scale="75" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+        </listitem>
+
+        <listitem>
+          <para>Create a LAN Bridge:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Select the <literal>Device.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>In the Configuration menu select
+              <literal>OpenVSwitch.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>Open the <literal>Bridges</literal> menu and click
+              <literal>Add.</literal></para>
+            </listitem>
+          </itemizedlist>
+
+          <figure>
+            <title>Create LAN bridge</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center" fileref="images/uc_ibm_lanbr.png"
+                           scale="75" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+
+          <para>At this step the following bridges should exist:</para>
+
+          <figure>
+            <title>Bridges</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center" fileref="images/uc_ibm_br2.png"
+                           scale="65" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+
+          <note>
+            <para>The WAN port of the very first VNF instantiated on the
+            device must be connected to the <literal>ibm-wan-br
+            bridge</literal>. All other VNFs must be connected in chain with
+            the first VNF.</para>
+          </note>
+        </listitem>
+
+        <listitem>
+          <para>Onboard the first VNF and instantiate it on the device:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Select the <literal>Device.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>Select the <literal>VNF</literal> menu.</para>
+            </listitem>
+
+            <listitem>
+              <para>In the <literal>Descriptors</literal> menu, choose the
+              <literal>VNF Package</literal> option.</para>
+            </listitem>
+
+            <listitem>
+              <para>Browse and select the Fortigate bundle you require, before
+              pressing the <literal>Send</literal> button.</para>
+            </listitem>
+          </itemizedlist>
+
+          <figure>
+            <title>Onboard Fortigate VNF</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center"
+                           fileref="images/uc_ibm_fortigate_onboard.png"
+                           scale="50" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+        </listitem>
+
+        <listitem>
+          <para>Add the VNF instance:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>Select the <literal>Device.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>Select the <literal>VNF</literal> menu.</para>
+            </listitem>
+
+            <listitem>
+              <para>Choose the <literal>Instances</literal> option, select the
+              VNF configuration you desire and press
+              <literal>Add.</literal></para>
+            </listitem>
+
+            <listitem>
+              <para>Browse and select the Fortigate bundle you require, before
+              pressing the <literal>Send</literal> button.</para>
+            </listitem>
+          </itemizedlist>
+
+          <figure>
+            <title>Instantiate Fortigate VNF</title>
+
+            <mediaobject>
+              <imageobject>
+                <imagedata align="center"
+                           fileref="images/uc_ibm_fg_instantiation.png"
+                           scale="65" />
+              </imageobject>
+            </mediaobject>
+          </figure>
+        </listitem>
+      </orderedlist>
+
+      <para>Once the VNF is instantiated, the setup is complete and ready for
+      testing. Connect the test machine to the LAN port. It will receive an IP
+      address from the Fortigate VNF and be able to access the
+      internet.</para>
+    </section>
+
+    <section id="test_fortvnf_inband">
+      <title>Testing the Fortigate VNF In-band management activation</title>
+
+      <figure>
+        <title>Test setup</title>
+
+        <mediaobject>
+          <imageobject>
+            <imagedata align="center"
+                       fileref="images/uc_ibm_solution_test.png" scale="50" />
+          </imageobject>
+        </mediaobject>
+      </figure>
+
+      <para>At this stage, three types of traffic are passing through the WAN
+      port on the same IP address: </para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Device management traffic from uCPE Manager.</para>
+        </listitem>
+
+        <listitem>
+          <para>Fortigate management interface traffic from a web
+          browser.</para>
+        </listitem>
+
+        <listitem>
+          <para>Data traffic from the LAN to the internet.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>Having access from the uCPE Manager to the device as shown above,
+      demonstrates that device management traffic passes through the in-band
+      management WAN bridge successfully.</para>
+
+      <para>To access the management interface of the VNF, connect from a web
+      browser to the public IP address of the device e.g.
+      <literal>https://&lt;IP&gt;</literal>. From a Test machine connected on
+      LAN port, try a test ping to the internet e.g. "ping 8.8.8.8".</para>
+    </section>
+  </section>
+</chapter>
\ No newline at end of file
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br.png
new file mode 100755
index 0000000..f28678b
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br2.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br2.png
new file mode 100755
index 0000000..72f8178
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_br2.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_dpdk_int_bind.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_dpdk_int_bind.png
new file mode 100755
index 0000000..ea1fef7
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_dpdk_int_bind.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fg_instantiation.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fg_instantiation.png
new file mode 100755
index 0000000..9b4d020
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fg_instantiation.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fortigate_onboard.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fortigate_onboard.png
new file mode 100755
index 0000000..6fa40bd
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_fortigate_onboard.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_lanbr.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_lanbr.png
new file mode 100755
index 0000000..18e074e
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_lanbr.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution.png
new file mode 100755
index 0000000..10ed27d
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution.png
diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution_test.png b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution_test.png
new file mode 100755
index 0000000..7006068
--- /dev/null
+++ b/doc/book-enea-nfv-access-getting-started/doc/images/uc_ibm_solution_test.png