SDEWAN is implemented as CNF based on OpenWRT and it will support below functionalities:
- Export Restful API interface to support configuration of MWAN3, Firewall & NAT, IpSec.
- Site-to-Site tunnels across edges & edges & central orchestrators and application managers
SDEWAN Service
SDEWAN service restful API provides the capability to list available SDEWAN services, get service status and execute service operation.
Common Error code:
Code | Description |
---|---|
400 | Bad request |
401 | unauthorized -the security token is not provides or expired. |
404 | resource not found |
Error Response:
Name | In | Type | Description |
---|---|---|---|
message | body | string | error message |
GET /cgi-bin/luci/sdewan/v1/services
Lists all available sdewan services supported by SDEWAN CNF
Request: N/A
Response
- Normal response codes: 200
Response Parameters
Name In Type Description services body array a list of supported service - Response Example
{
"services": ["mwan3", "firewall", "ipsec"]
}
PUT /cgi-bin/luci/sdewan/v1/service/{service}/
Execute a operation for a service
Request:
Request Parameters
Name In Type Description service path string service name, valid value are "mwan3", "firewall", "ipsec" action body string action to be executed. valid value are "start", "stop", "restart", "reload" Response Example
{
"action": "start"
}
Response
- Normal response code: 200
- Error response code: 400 (e.g. invalid action)
Response Parameters
Name In Type Description result body string operation execution result Response Example
{
"result": "success"
}
MWAN3
OpenWRT MWAN3 configuration includes below sections:
- Global: common configuration special used to configure routable loopback address (for OpenWRT 18.06)
- Interface: define how each WAN interface is tested for up/down status
- Member: represents an interface with a metric and a weight value
- Policy: defines how traffic is routed through the different WAN interface(s)
- Rule: describes what traffic to match and what policy to assign for that traffic.
SDEWAN CNF will be created with Global and Interface sections initialized based on CNF allocated interfaces.
SD-EWAN MWAN3 CNF API provides support to get/create/update/delete MWAN3 Rule, Policy (with Member).
MWAN3 Policy
GET /cgi-bin/luci/sdewan/mwan3/v1/policies
Lists all defined policies
Request: N/A
Response
- Normal response codes: 200
Response Parameters
Name In Type Description policies body array a list of defined policies - Response Example
{
"policies": [{
"name":"balanced",
"members": [
{
"interface": "net1",
"metric" 1,
"weight": 2
}
{
"interface": "net2",
"metric" 1,
"weight": 1
}
]
}
]
}
GET /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
Get a policy
Request: N/A
Request Parameters
Name In Type Description policy path string policy name
Response
- Normal response codes: 200
- Error response code: 404
Response Parameters
Name In Type Description name body string policy name members body array policy members interface body string member interface name metric body int (optional) default: 1, members within one policy with a lower metric have precedence over higher metric members weight body int (optional) default: 1, members with same metric will distribute load based on this weight value - Response Example
{
"name": "balanced",
"members": [
{
"interface": "net1",
"metric" 1,
"weight": 2
}
{
"interface": "net2",
"metric" 1,
"weight": 1
}
]
}
POST /cgi-bin/luci/sdewan/mwan3/v1/policy
create a new policy
Request:
Request Parameters: same with GET's response request
- Request Example: same with GET's response example
Response
- Normal response codes: 201
- Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
update a policy
Request:
Request Parameters:
Name In Type Description policy path string policy name members body array policy members interface body string member interface name metric body int (optional) default: 1, members within one policy with a lower metric have precedence over higher metric members weight body int (optional) default: 1, members with same metric will distribute load based on this weight value - Request Example
{
"members": [
{
"interface": "net1",
"metric" 1,
"weight": 2
}
{
"interface": "net2",
"metric" 1,
"weight": 1
}
]
}
Response
- Normal response codes: 204
- Error response codes: 400, 401, 404
DELETE /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
delete a policy
Request:
Request Parameters
Name In Type Description policy path string policy name
Response
- Normal response codes: 200
- Error response codes: 401, 404
MWAN3 Rule
GET /cgi-bin/luci/sdewan/mwan3/v1/rules
Lists all defined rules
Request: N/A
Response
- Normal response codes: 200
Response Parameters
Name In Type Description rules body array a list of defined rules - Response Example
{
"rules": [{
"name":"default_rule",
"dest_ip": "0.0.0.0/0"
"policy": "balanced"
}
]
}
GET /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
Get a rule
Request: N/A
Request Parameters
Name In Type Description rule path string rule name
Response
- Normal response codes: 200
- Error response code: 404
Response Parameters
Name In Type Description name body string rule name policy body string policy used for the rule src_ip body string (optional) source ip address src_port body string (optional) source port or port range dest_ip body string (optional) destination ip address dest_port body string (optional) destination port or port range proto body string (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all" family body string (optional) address family. Valid values: "ipv4", "ipv6", "all" sticky body string (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session timeout body int (optional) default: 600, Stickiness timeout value in seconds - Response Example
{
"name":"default_rule",
"dest_ip": "0.0.0.0/0"
"policy": "balanced"
}
POST /cgi-bin/luci/sdewan/mwan3/v1/rule
create a new rule
Request:
Request Parameters: same with GET's response request
- Request Example: same with GET's response example
Response
- Normal response codes: 201
- Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
update a policy
Request:
Request Parameters
Name In Type Description rule path string rule name policy body string policy used for the rule src_ip body string (optional) source ip address src_port body string (optional) source port or port range dest_ip body string (optional) destination ip address dest_port body string (optional) destination port or port range proto body string (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all" family body string (optional) address family. Valid values: "ipv4", "ipv6", "all" sticky body string (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session timeout body int (optional) default: 600, Stickiness timeout value in seconds - Request Example
{
"dest_ip": "0.0.0.0/0"
"policy": "balanced"
}
Response
- Normal response codes: 204
- Error response codes: 400, 401, 404
DELETE /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
delete a rule
Request:
Request Parameters
Name In Type Description rule path string rule name
Response
- Normal response codes: 200
- Error response codes: 401, 404
Firewall
OpenWRT Firewall configuration includes below sections:
- Default: declares global firewall settings which do not belong to specific zones
- Include: used to enable customized firewall scripts
- Zone: groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects.
- Forwarding: control the traffic between zones
- Redirect: defines port forwarding (NAT) rules
- Rule: defines basic accept, drop, or reject rules to allow or restrict access to specific ports or hosts.
SDEWAN CNF will be created with Default sections initialized.
SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings