...
Below diagram describes the interaction between SDEWAN CNF and EWAN config Agent.
Timeline
| Module | Tasks | Owner | Due | Current Status | Description |
|---|---|---|---|---|---|
| PORs | |||||
| POC | Setup IPSec tunnel | Ruoyu | Feb.26 | WW09: setup POC environment by manual configuration (Site-2-Site, Initiator-responder, Initiator-responder with vip) - Done | |
| SDEWAN CNF | |||||
| Service API | Huifeng | Done | Start/stop/restart/reload SDWAN service, includes: mwan3, firewall/NAT, IpSec. Reference: SDEWAN CNF#SDEWANService | ||
| MWAN3 API | Huifeng | Done | Support MWAN3 rule/policy configuration. Reference: SDEWAN CNF#MWAN3 | ||
| Firewall API | Huifeng | Design: Feb.26 Implementation: Mar.12 | WW08: Initial design Done WW09: Implementation - 50% WW10: Implementation | Support firewall configuration for zone (general rule for a group of interfaces), forwarding (iptables forward), rule, redirect (DNAT/SNAT). Reference: SDEWAN CNF#Firewall | |
| IPSec API | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW08: Initial design Done WW09: design |
done (to be reviewed) WW10: Implementation | Support IPSec configuration for remote site, proposal. Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecRestAPI | ||||
| SDEWAN CNF Controller | |||||
| SDEWAN CRD | Cheng | Done | Define a SDWAN CNF with mwan3, firewall and IPSec configuration Reference: Sdewan config Agent | ||
| MWAN3 CRD | Cheng | Design: Done Implementation: Feb. 26 | WW08: CRD design done, implementation: |
- Done | Define MWAN3 configuration (policy, rule) Reference: Sdewan config Agent | |||
| Firewall CRD | Cheng | Design: Feb.26 Implementation: Mar.12 | WW09: CRD |
design - Done WW10: Implementation | Define Firewall CRD (zone, forwarding, rule, redirect (NAT)) | |||
| IPSec CRD | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW08: initial design done WW09: design |
done (to be reviewed) WW10: Implementation | Define IPSec CRD (remote site, proposal) Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecCRD | ||||
| Integration | CNF controller and CNF Rest API integration | ||||
| MWAN3 | Cheng/Huifeng | Feb.26 | WW09: integration - Done | MWAN3 CRD/Restful API integration | |
| Firewall | Cheng/Huifeng | Mar.26 | Firewall CRD/Restful API integration | ||
| IPSec | Ruoyu/Huifeng | Apr.1 | IPSec CRD/Restful API integration | ||
| SDEWAN demo | E2E demo for SDEWAN solution | ||||
| Demo scenario design | All | Apr.8 | Design E2E demo scenario and setup the environment | ||
| Demo scenario integration | All | Apr.15 | E2E working flow enabling | ||
| Stretch Goals | |||||
| SDWAN Hub Controller | EWAN Config Manager: call EWAN Conf Agent to configure EWAN CNF | Rama | |||
| Key | Store key in TPM | Cheng | |||
| QAT Support | Investigate how to enable QAT support for IPSec (Client library such as OpenSSL configuration, kernel module is not need in CNF) | Ruoyu |
SDEWAN CNF
Sdewan config Agent
...