The following is an example of how to setup and configure a service chain on top of the Enea Edge Runtime, using the following commercial VNFs: 128T router and FortiGate.

The 128T router and the Fortinet firewall in a service chain require the following prequisites for this example use case: 1 in band management port for device management. 1 in band management port for the 128T router. 1 in band management port for Fortinet. 1 WAN interface for Fortinet. 1 LAN facing interface for Fortinet. 1 WAN facing interface for the 128T router. 1 service chain (SFC Bridged interface) to sit between the Firewall and vRouter. The following files are needed for this example use-case: FortiGate VNF image. Please contact Fortinet to get a VNF image and its license file. 128T router VNF image. Please contact 128 Technology to get a VNF image and its license file. Cloud-init iso image. To procure the VNF image files and their licenses, please contact each respective VNF provider.

Configuring Network Interfaces on uCPE devices: Add the trgt uCPE device into the Enea Edge Management application: Devices -> Manage -> Add, and fill in the required fields with the following data: Field Value Type Enea universal CPE Release 2.2.2 Name trgt IP/DNS Address <unspecified> Description Target 1 SSH Port 830 SSH User Name root Password null Device ID Also configured during installation of the device (E.g.: Target-15). OK Green status indicates connection with uCPE device was established. In order to add the device on the map: Right-Click on Map -> Place Device -> trgt. Configure the infrastructure for the 128T and Fortigate VNFs in the service chain by creating four OVS bridges and a host interface. Add the Host Interface by selecting the trgt device, then Configuration -> External Interfaces -> Configuration -> Add, and fill in the required fields with the following data: Field Value Source enp4s0f1. The only interface available for LAN connection. networking-type dpdk dpdk-type vfio-pci Create <interface enp4s0f1 ready to be used in a LAN bridge.> Add the OVS bridges by selecting the trgt device then: Configuration -> OpenVSwitch -> Bridges -> Add. Fill in the required fields for each bridge with the following data from each table: Field Value id <autogenerated - do not change> Name ibm_br ovs-bridge-type inbandMgmt Create Field Value id <autogenerated - do not change> Name vnf_mgmt_br ovs-bridge-type vnfMgmt vnf-mgmt-address 10.0.0.1 Create Field Value id <autogenerated - do not change> Name lan_br ovs-bridge-type dataPlane sub-type communication + Name: enp4s0f1 OK Create Field Value id <autogenerated - do not change> Name sfc_br ovs-bridge-type dataPlane sub-type integration Create Onboarding the VNFs: Onboard the 128T VNF VM Image through VNF -> Descriptors -> On-board, and fill in the required fields with the following values: Field Value VM image file centos_128t_with_ci.qcow2 Image format QCOW2 VNF Type Name 128T Description 128T Router Version 1.0 Memory in MB 8192. More memory can be allocated if required (<28672). Num. of CPUs 2. More CPUs can be reserved if required (<15). Interfaces -> + Name: mgmt Interfaces -> + Name: wan Interfaces -> + Name: lan Cloud Init -> Cloud-Init Datasource ISO Cloud Init -> Cloud-Init Disk Type cdrom Properties -> + Name: vnfMgmtIpAddress. Value: 10.0.0.2 Properties -> + Name: internalMgmtPort. Value: 443 Properties -> + Name: externalMgmtPort. Value: 60001 Onboard <Wait for message: VNF package onboarded successfully> Close HTTPS access (443) can be changed to another type of access. Please consult official 128T documentation and make sure the 128T VNF is configured to accept another type of connection before changing the port number. externalMgmtPort(60001) represents the external port on which the user can access the VNF management interface from the web browser via HTTPS. The user can select another port if needed. There are no other changes required or components affected by this change. vnfMgmtIpAddress (10.0.0.2) represents the IP address of the management interface of the 128T VNF. Changing this value requires an update to the 128T configuration to match the new IP address. Onboard the Fortigate VNF VM Image through VNF -> Descriptors -> On-board, and fill in the required fields with the following values: Field Value VM image file fortios.qcow2. Please make sure to contact Fortinet for an official FortiGate KVM image. Image format QCOW2 VNF Type Name Fortigate Description Fortigate VNF Version 1.0 Memory in MB 1024. More memory can be allocated if required (<28672). Num. of CPUs 1. More CPUs can be reserved if required (<15). Interfaces -> + Name: mgmt Interfaces -> + Name: wan Interfaces -> + Name: lan Cloud Init -> Cloud-Init Datasource ConfigDrive Cloud Init -> Cloud-Init Disk Type cdrom Cloud Init -> + Path: license Properties -> + Name: vnfMgmtIpAddress. Value: 10.0.0.3 Properties -> + Name: internalMgmtPort. Value: 443 Properties -> + Name: externalMgmtPort. Value: 60002 Onboard <Wait for message: VNF package onboarded successfully> Close HTTPS access (443) can be changed to another type of access. Please consult official Fortigate documentation and make sure the Fortigate VNF is configured to accept another type of connection before changing the port number. externalMgmtPort (60002) represents the external port on which the user can access the VNF management interface from the web browser via HTTPS. The user can select another port if needed. There are no other changes required or components affected by this change. vnfMgmtIpAddress (10.0.0.3) represents the IP address of the management interface of the Fortigate VNF. Changing this value requires an update to the Fortigate configuration to match with new IP address. Instantiating the VNFs: Instantiate the 128T VNF by selecting the trgt device, then VNF -> Instances -> Add. Fill in the required fields with the following values: Field Value Name 128T_trgt_1 VNF Type 128T VNFD Version 1.0 Flavour Canonical uCPE Device trgt Cloud Init File centos_128t_internet_ci.iso. Domain Update Script Interfaces ID IF Name mgmt (dpdk) Bridge: vnf_mgmt_br wan (dpdk) Bridge: ibm_br lan (dpdk) Bridge: sfc_br Create To procure the VNF image files and their licenses, please contact each respective VNF provider. Instantiate the Fortigate VNF by selecting the trgt device, then VNF -> Instances -> Add. Fill in the required fields with the following values: Field Value Name fg_trgt_1 VNF Type Fortigate VNFD Version 1.0 Flavour Canonical uCPE Device trgt Cloud Init File fg_cust_basic_fw.conf License File The FortiGate license file provided by Fortinet. Domain Update Script Interfaces ID IF Name mgmt (dpdk) Bridge: vnf_mgmt_br wan (dpdk) Bridge: sfc_br lan (dpdk) Bridge: lan_br Create

In order to access the web interfaces of the 128T VNF, open a browser on a machine connected on the same network with the WAN port of the target and connect to: https://<publicIP>:60001 using the username: admin and the password: 128Tadmin. In order to access the web interfaces of the Fortigate VNF, open a browser on a machine connected on the same network with the WAN port of the target and connect to: https://<publicIP>:60002 using the username: admin, and leaving the password blank. Make sure the WAN interface of the trgt device has access to the internet. The Fortigate VNF requires internet access to validate the license. In order to validate the data path connect a test machine to the LAN physical port and check for a dynamic IP (the Fortigate LAN interface is configured with a DHCP server):> dhclient eth1 > ping 8.8.8.8For data path validation, a new cloud-init image may need to be generated for the 128T VNF to match your network configuration.

In order to remove the setup created in previously, all components need to be deleted in reverse order: Select the trgt uCPE device -> VNF -> Instances. Select the 128T and Fortigate VNFs -> Delete. Select the trgt uCPE device -> Configuration -> OpenVSwitch -> Bridges. Select all bridges -> Delete. Select the trgt uCPE device -> Configuration -> External Interfaces -> Configuration. Select all interfaces -> Delete. VNF -> Descriptors. Select all bundles -> Offboard.