| Table of Contents | ||
|---|---|---|
|
...
Hostname | CPU Model | Memory | BMC Firmware | Storage | 1GbE: NIC#, VLAN, (Connected Extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) | 40GbE: NIC# |
|---|---|---|---|---|---|---|---|
pod11-node5 (jump) | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
pod11-node2 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | |
pod11-node3 | Intel 2xE5-2699 | 64GB | 1.46.9995 | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) | IF4: SRIOV |
Virtual deployment
Hostname | CPU Model | Memory | Storage | 1GbE: NIC#, VLAN, (Connected extreme 480 switch) | 10GbE: NIC# VLAN, Network (Connected with IZ1 switch) |
|---|---|---|---|---|---|
pod14-node2 | Intel 2xE5-2699 | 64GB | 3TB (Sata) | IF0: VLAN 110 (DMZ) | IF2: VLAN 112 (Private) |
Test Framework
All components are tested with end-to-end testing
...
- Use KUD to setup 3 clusters (sdewan-hub, edge-a, edge-b)
- Run the SDEWAN CRD Controller in each clusters.
- Create SDEWAN CNF instance and dummy pod (using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge-b
- Create IPSec CR to configure sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses through SDEWAN CRD Controller.
- Create IPSec CR to configure edge-a and edge-b IPSec configuration to get the IP addresses through SDEWAN CRD Controller.
- Establish edge-a tunnel to sdewan-hub, edge-b tunnel to sdewan-hub, and hub XFRM policies will automatically route traffic between edge-a and edge-b
- Create SNAT CR to establish SNAT rule in edge-a and DNAT CR to establish DNAT rule in edge-b which will enable TCP connection from edge-a to edge-b's httpbin service.
- Verify curl command is successful from edge-a dummy pod (using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.
BluVal Testing
Status as of March 14th 2022:
...
Layer
...
Result
...
Comments
...
os/vuls
...
PASS with exceptions
...
Exceptions:
- CVE-2021-33574
- CVE-2019-19814
- CVE-2021-35942
...
os/lynis
...
PASS with exceptions
...
Exceptions:
- BOOT-5122
- USB-2000
- SSH-7408: Checking MaxSessions, Checking Port
- KRNL-6000: kernel.modules_disabled, net.ipv4.conf.all.forwarding
...
k8s/kube-hunter
...
PASS
...
With aquasec/kube-hunter:0.6.5
...
Release 6 Blueprint Scanning Status
Akraino CVE Vulnerability Exception Request
Akraino BluVal Exception Request
...
Release 6 Blueprint Scanning Status
Akraino CVE Vulnerability Exception Request
Akraino BluVal Exception Request
CD logs
ICN Master Bare Metal Deployment Verifier
ICN Master Virtual Deployment Verifier
ICN SDEWAN Master End2End Testing
...