Versions Compared

Old Version 44

changes.mady.by.user Huifeng Le (Deactivated)

Saved on

compared with

New Version 45

changes.mady.by.user Huifeng Le (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SDEWAN CNF: implemented based on OpenWRT, it enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions' configuration and control.
  • SDEWAN CRD Controller: implemented as k8s CRD Controller, it manages CRDs (e.g. Firewall related CRDs, Mwan3 related CRDs and IPSec related CRDs etc.) and internally calls SDEWAN Restful API to do CNF configuration.
  • Overlay Controller: provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs through SDEWAN CRD controller located in edge location clusters and hub clusters.

Timeline

...

Start/stop/restart/reload SDWAN service, includes: mwan3, firewall/NAT, IpSec.

Reference: SDEWAN CNF#SDEWANService

...

Support MWAN3 rule/policy configuration.

Reference: SDEWAN CNF#MWAN3 

OpenWRT Reference: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3

...

Design: Feb.26

Implementation: Mar.12 

...

WW08: Initial design Done

WW09: Implementation - 50%

WW10: 80%

WW11: done

...

Support firewall configuration for zone (general rule for a group of interfaces), forwarding (iptables forward), rule, redirect (DNAT/SNAT).

Reference: SDEWAN CNF#Firewall  

OpenWRT Reference: https://openwrt.org/docs/guide-user/firewall/firewall_configuration

...

Design: Feb.26

Implementation: Mar.18 

WW08: Initial design Done

WW09: design done (to be reviewed)

WW10/11/12: 90%

...

Support IPSec configuration for remote site, proposal.

Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecRestAPI

OpenWRT Reference: https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/start

(Note: OpenWRT Wiki page is out-of-date compare to 18.06 implementation which we used and the current design is based on openwrt ipsec code directly)

...

• leverage kud to setup 3 clusters (Hub, edge1, edge2)

• use pre-defined yaml file (with network interface information and rules definition) to create Sdewan CNF

• use linux shell script to call CNF Rest API (e.g. update rule, restart service etc.)

• shell script to verify ms connectivity in different edge cluster

...

R3.1

POC to verify the flow for n:m label matching between CR instances and CNF instances (e.g. a CR can apply to multiple CNF and a CNF can have multiple CR)

...

Redesigned in R3.1

Define a SDWAN CNF with mwan3, firewall and IPSec configuration

Reference: Sdewan CRD Controller 

...

WW21

...

Redesigned in R3.1

Define MWAN3 configuration (policy, rule)

Reference:  Sdewan CRD Controller

...

Redesigned in R3.1

Define Firewall CRD (zone, forwarding, rule, redirect (NAT)) 

...

Redesigned in R3.1

Define IPSec CRD (remote site, proposal)

Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecCRD 

Scenario design: SD-EWAN Scenarios

...

Redesigned in R3.1

MWAN3 CRD/Restful API integration 

...

Redesigned in R3.1

Firewall CRD/Restful API integration 

...

Redesigned in R3.1

IPSec CRD/Restful API integration 

...

SDEWAN CNF

Sdewan CRD Controller

...