SDEWAN CNF
- 1 Architecture
- 2 APIs
- 2.1 SDEWAN Service
- 2.2 SDEWAN Interface
- 2.3 MWAN3
- 2.3.1 MWAN3 Policy
- 2.3.2 MWAN3 Rule
- 2.4 Firewall
- 2.4.1 Zone
- 2.4.2 Redirect
- 2.4.3 Rule
- 2.4.4 Forwarding
SDEWAN is implemented as CNF based on OpenWRT and it will support below functionalities:
Export Restful API interface to support configuration of MWAN3, Firewall & NAT, IpSec.
Site-to-Site tunnels across edges & edges & central orchestrators and application managers
Architecture
SDEWAN CNF enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions' configuration and control.
CNF includes below modules:
MWAN3: mwan3 configuration for multiple WAN links’ management
Firewall: fw3 configuration for firewall rule, NAT rule.
IpSec: strongswan configuration to setup security tunnel between CNFs
DNS/DHCP: dnsmasq configuration for DNS and DHCP (ip4) or odhcpd configuration for DHCP (ip6)
BGP/OSPF: bird configuration for BGP/OSPF auto routing
Service: manage (e.g. start, stop, restart etc.) lifecycle of network function applications (e.g. mwan3, fw3, strongswan etc.)
Runtime States: exports system log for debugging
APIs
Common Error code:
Code | Description |
|---|---|
400 | Bad request |
401 | unauthorized -the security token is not provides or expired. |
404 | resource not found |
Error Response:
Name | In | Type | Description |
|---|---|---|---|
message | body | string | error message |
SDEWAN Service
SDEWAN service restful API provides the capability to list available SDEWAN services, get service status and execute service operation.
PUT /cgi-bin/luci/sdewan/v1/services/{service-name}/
Execute a operation for a service
Request:
Request Parameters
Request Example
Response
Normal response code: 200
Error response code: 400 (e.g. invalid action)
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/v1/services
Lists all available sdewan services supported by SDEWAN CNF
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
SDEWAN Interface
SDEWAN interface API provide network interfaces information and control to up/down a network interface
PUT /cgi-bin/luci/sdewan/v1/interfaces/{interface}/
Execute a operation for a service
Request:
Request Parameters
Request Example
Response
Normal response code: 200
Error response code: 400 (e.g. invalid action), 404 (e.g. interface not found)
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/v1/interfaces
Lists all available network interfaces of the SDEWAN CNF
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/v1/interfaces/{interface-name}
get information of a network interfaces of the SDEWAN CNF
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
MWAN3
OpenWRT MWAN3 configuration includes below sections:
Global: common configuration special used to configure routable loopback address (for OpenWRT 18.06)
Interface: define how each WAN interface is tested for up/down status
Member: represents an interface with a metric and a weight value
Policy: defines how traffic is routed through the different WAN interface(s)
Rule: describes what traffic to match and what policy to assign for that traffic.
SDEWAN CNF will be created with Global and Interface sections initialized based on CNF allocated interfaces.
SD-EWAN MWAN3 CNF API provides support to get/create/update/delete MWAN3 Rule, Policy (with Member).
MWAN3 Policy
POST /cgi-bin/luci/sdewan/mwan3/v1/policies
create a new policy
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/mwan3/v1/policies/{policy-name}
update a policy
Request:
Request Parameters:
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/policies/balanced
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/mwan3/v1/policies
Lists all defined policies
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/mwan3/v1/policies/{policy-name}
Get a policy
Request: N/A
Request Parameters
Response
Normal response codes: 200
Error response code: 404
Response Parameters
Response Example
DELETE /cgi-bin/luci/sdewan/mwan3/v1/policies/{policy-name}
delete a policy
Request:
Request Parameters
Response
Normal response codes: 200
Error response codes: 401, 404
MWAN3 Rule
POST /cgi-bin/luci/sdewan/mwan3/v1/rules
create a new rule
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/mwan3/v1/rules/{rule-name}
update a policy
Request:
Request Parameters
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/rules/default_rule
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/mwan3/v1/rules
Lists all defined rules
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/mwan3/v1/rules/{rule-name}
Get a rule
Request: N/A
Request Parameters
Response
Normal response codes: 200
Error response code: 404
Response Parameters
Response Example
DELETE /cgi-bin/luci/sdewan/mwan3/v1/rules/{rule-name}
delete a rule
Request:
Request Parameters
Response
Normal response codes: 200
Error response codes: 401, 404
Firewall
OpenWRT Firewall configuration includes below sections:
Default: declares global firewall settings which do not belong to specific zones
Include: used to enable customized firewall scripts
Zone: groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects.
Forwarding: control the traffic between zones
Redirect: defines port forwarding (NAT) rules
Rule: defines basic accept, drop, or reject rules to allow or restrict access to specific ports or hosts.
SDEWAN CNF will be created with Default sections initialized. Include section will not be implemented in this release.
SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings
Zone
POST /cgi-bin/luci/sdewan/firewall/v1/zones
create a new zone
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/firewall/v1/zones/{zone-name}
update a zone
Request:
Request Parameters:
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/zones/wan
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/firewall/v1/zones
Lists all defined zones
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/firewall/v1/zones/{zone-name}
Get a zone
Request: N/A
Request Parameters
Response
Normal response codes: 200
Error response code: 404
Response Parameters
Response Example
DELETE /cgi-bin/luci/sdewan/firewall/v1/zones/{zone-name}
delete a zone
Request:
Request Parameters
Response
Normal response codes: 200
Error response codes: 401, 404
Redirect
POST /cgi-bin/luci/sdewan/firewall/v1/redirects
create a new redirect
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/firewall/v1/redirects/{redirect-name}
update a redirect
Request:
Request Parameters:
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/redirects/dnat_lan
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/firewall/v1/redirects
Lists all defined redirects
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/firewall/v1/redirects/{redirect-name}
Get a redirect
Request: N/A
Request Parameters
Response
Normal response codes: 200
Error response code: 404
Response Parameters
Response Example
DELETE /cgi-bin/luci/sdewan/firewall/v1/redirects/{redirect-name}
delete a redirect rule
Request:
Request Parameters
Response
Normal response codes: 200
Error response codes: 401, 404
Rule
POST /cgi-bin/luci/sdewan/firewall/v1/rules
create a new rule
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/firewall/v1/rules/{rule-name}
update a rule
Request:
Request Parameters:
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/rules/reject_lan_80
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/firewall/v1/rules
Lists all defined rules
Request: N/A
Response
Normal response codes: 200
Response Parameters
Response Example
GET /cgi-bin/luci/sdewan/firewall/v1/rules/{rule-name}
Get a rule
Request: N/A
Request Parameters
Response
Normal response codes: 200
Error response code: 404
Response Parameters
Response Example
DELETE /cgi-bin/luci/sdewan/firewall/v1/rules/{rule-name}
delete a firewall rule
Request:
Request Parameters
Response
Normal response codes: 200
Error response codes: 401, 404
Forwarding
POST /cgi-bin/luci/sdewan/firewall/v1/forwardings
create a new forwarding
Request:
Request Parameters: same with PUT's request
Request Example: same with PUT's example
Response
Normal response codes: 201
Error response codes: 400, 401
PUT /cgi-bin/luci/sdewan/firewall/v1/forwardings/{forwarding-name}
update a forwarding
Request:
Request Parameters:
Request Example
PUT /cgi-bin/luci/sdewan/mwan3/v1/forwardings/lan_wan
Response
Normal response codes: 204
Error response codes: 400, 401, 404
GET /cgi-bin/luci/sdewan/firewall/v1/forwardings
Lists all defined forwardings
Request: N/A
Response
Normal response codes: 200