Skip to end of metadata
Go to start of metadata


In ICN's SDWAN usages, SFC (Service Function Chain) is designed to support Corp networks to connect to external internet with security connection. The SFC includes Security VNF (e.g. firewall etc.), WAN Opt CNF and SDWAN VNF/CNF, and SDWAN module is worked as software defined router which can be used to defined the rules when connect to external internet. Below diagram shows where SDWAN module located in the whole system.

Basic Technologies


The OpenWRT Project ( is an open source project based on Linux, and it is primarily used on embedded devices to route network traffic. There are more than 3500 software packages which can be installed on OpenWRT via opkg package management system. OpenWRT provides both docker image and VM image to support virtualization solution ( In ICN, we run OpenWRT in container.

OpenWRT Mwan3 package (a replacement for multiwan package) provides the capabilities for multiple WAN management: WAN interfaces management, outbound traffic rules, traffic load balancing etc.


ovn4nfv-k8s-plugin is a CNI plugin based on ovn. It can work together with Multus CNI to add multiple interfaces for the pod. One of the interfaces is the Multus default interface, it could be flannel, calico, etc. The other interfaces are added by ovn4nfv-k8s-plugin according the the pod annotation. With ovn4nfv-k8s-plugin, we can create virtual network in run-time. Also we can connect the pod with the provider network, this is important for CNF.

Design Overview

SDEWAN is a solution to enable SDWAN functionalities include multiple WAN link support, WAN traffic management, NAT, firewall, IPSec and Traffic shaping etc. with focus to address the challenges when applying on edge computing environment like resource limitation, edge overlays, traffic sanitization, automation and cost sensitive etc. The solution includes below components:

  • SDEWAN CNF: implemented based on OpenWRT, it enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions' configuration and control.
  • SDEWAN CRD Controller: implemented as k8s CRD Controller, it manages CRDs (e.g. Firewall related CRDs, Mwan3 related CRDs and IPSec related CRDs etc.) and internally calls SDEWAN Restful API to do CNF configuration.
  • Overlay Controller: provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs through SDEWAN CRD controller located in edge location clusters and hub clusters.


Sdewan CRD Controller


ICN Weekly meeting video recordings- Weekly Akraino ICN Engineering Meeting 

  • No labels


  1. Hi,

    How can I try out this blueprint?

    1. Thanks Huifeng. I am unable to setup this due to vagrant-libvirt installation error.

      My environment consists of Ubuntu 18.04 on AWS m5zn.metal machine.

      Error Message

      Installing the 'vagrant-libvirt' plugin. This can take a few minutes...
      Bundler, the underlying system Vagrant uses to install plugins,
      reported an error. The error is shown below. These errors are usually
      caused by misconfigured plugin installations or transient network
      issues. The error from Bundler is:

      nokogiri requires Ruby version <, >= 2.5.

      Though i have nokogiri installed on this server with Ruby 2.6

      ubuntu@ip-10-0-7-120:~/icn-sdwan/platform/test/e2e-test-crd$ gem list | grep nokogiri
      nokogiri (1.11.3 x86_64-linux)

      ubuntu@ip-10-0-7-120:~/icn-sdwan/platform/test/e2e-test-crd$ ruby -v
      ruby 2.6.6p146 (2020-03-31 revision 67876) [x86_64-linux-gnu]

      Any leads?

  2. We have not met this issue before, it looks to be caused by vagrant installation.

    What't the version of vagrant you installed? and maybe you can try to install the latest version of vagrant. thanks!

    1. Thanks for the prompt response Huifeng.

      My Vagrant version is 2.2.4

  3. Devendra Rawat Do you get change to test with the latest version of vagrant? and please let us know if any support required? Thanks much!