Goals
In ICN's SDWAN usages, SFC (Service Function Chain) is designed to support Corp networks to connect to external internet with security connection. The SFC includes Security VNF (e.g. firewall etc.), WAN Opt CNF and SDWAN VNF/CNF, and SDWAN module is worked as software defined router which can be used to defined the rules when connect to external internet. Below diagram shows where SDWAN module located in the whole system.
Basic Technologies
OpenWRT
The OpenWRT Project (https://openwrt.org/) is an open source project based on Linux, and it is primarily used on embedded devices to route network traffic. There are more than 3500 software packages which can be installed on OpenWRT via opkg package management system. OpenWRT provides both docker image and VM image to support virtualization solution (https://openwrt.org/docs/guide-user/virtualization/start). In ICN, we run OpenWRT in container.
OpenWRT Mwan3 package (a replacement for multiwan package) provides the capabilities for multiple WAN management: WAN interfaces management, outbound traffic rules, traffic load balancing etc.
ovn4nfv-k8s-plugin
ovn4nfv-k8s-plugin is a CNI plugin based on ovn. It can work together with Multus CNI to add multiple interfaces for the pod. One of the interfaces is the Multus default interface, it could be flannel, calico, etc. The other interfaces are added by ovn4nfv-k8s-plugin according the the pod annotation. With ovn4nfv-k8s-plugin, we can create virtual network in run-time. Also we can connect the pod with the provider network, this is important for CNF.
Design Overview
SDEWAN is a solution to enable SDWAN functionalities include multiple WAN link support, WAN traffic management, NAT, firewall, IPSec and Traffic shaping etc. with focus to address the challenges when applying on edge computing environment like resource limitation, edge overlays, traffic sanitization, automation and cost sensitive etc. The solution includes below components:
- SDEWAN CNF: implemented based on OpenWRT, it enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions' configuration and control.
- SDEWAN CRD Controller: implemented as k8s CRD Controller, it manages CRDs (e.g. Firewall related CRDs, Mwan3 related CRDs and IPSec related CRDs etc.) and internally calls SDEWAN Restful API to do CNF configuration.
- Overlay Controller: provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs through SDEWAN CRD controller located in edge location clusters and hub clusters.
SDEWAN CNF
Sdewan CRD Controller
Presentation
ICN Weekly meeting video recordings- Weekly Akraino ICN Engineering Meeting
7 Comments
Devendra Rawat
Hi,
How can I try out this blueprint?
Huifeng Le
This BP includes a e2e test in https://github.com/akraino-edge-stack/icn-sdwan/tree/master/platform/test/e2e-test-crd which you may try out and the details about this test can be found at: https://github.com/akraino-edge-stack/icn-sdwan/blob/master/platform/test/README.md, thanks much!
Devendra Rawat
Thanks Huifeng. I am unable to setup this due to vagrant-libvirt installation error.
My environment consists of Ubuntu 18.04 on AWS m5zn.metal machine.
Error Message
Though i have nokogiri installed on this server with Ruby 2.6
Any leads?
Huifeng Le
We have not met this issue before, it looks to be caused by vagrant installation.
What't the version of vagrant you installed? and maybe you can try to install the latest version of vagrant. thanks!
Devendra Rawat
Thanks for the prompt response Huifeng.
My Vagrant version is 2.2.4
Srinivasa Addepalli
Any progress on this?
Huifeng Le
Devendra Rawat Do you get change to test with the latest version of vagrant? and please let us know if any support required? Thanks much!