...
- SDEWAN CNF: implemented based on OpenWRT, it enhances OpenWRT Luci web interface with SDEWAN controllers to provide Restful API for network functions' configuration and control.
- SDEWAN CRD Controller: implemented as k8s CRD Controller, it manages CRDs (e.g. Firewall related CRDs, Mwan3 related CRDs and IPSec related CRDs etc.) and internally calls SDEWAN Restful API to do CNF configuration.
- Overlay Controller: provides central control of SDEWAN overlay networks by automatically configuring the SDEWAN CNFs through SDEWAN CRD controller located in edge location clusters and hub clusters.
Timeline
...
Start/stop/restart/reload SDWAN service, includes: mwan3, firewall/NAT, IpSec.
Reference: SDEWAN CNF#SDEWANService
...
Support MWAN3 rule/policy configuration.
Reference: SDEWAN CNF#MWAN3
OpenWRT Reference: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3
...
Design: Feb.26
Implementation: Mar.12
...
WW08: Initial design Done
WW09: Implementation - 50%
WW10: 80%
WW11: done
...
Support firewall configuration for zone (general rule for a group of interfaces), forwarding (iptables forward), rule, redirect (DNAT/SNAT).
Reference: SDEWAN CNF#Firewall
OpenWRT Reference: https://openwrt.org/docs/guide-user/firewall/firewall_configuration
...
Design: Feb.26
Implementation: Mar.18
WW08: Initial design Done
WW09: design done (to be reviewed)
WW10/11/12: 90%
...
Support IPSec configuration for remote site, proposal.
Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecRestAPI
OpenWRT Reference: https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/start
(Note: OpenWRT Wiki page is out-of-date compare to 18.06 implementation which we used and the current design is based on openwrt ipsec code directly)
...
leverage kud to setup 3 clusters (Hub, edge1, edge2)
use pre-defined yaml file (with network interface information and rules definition) to create Sdewan CNF
use linux shell script to call CNF Rest API (e.g. update rule, restart service etc.)
shell script to verify ms connectivity in different edge cluster
...
R3.1
POC to verify the flow for n:m label matching between CR instances and CNF instances (e.g. a CR can apply to multiple CNF and a CNF can have multiple CR)
...
Redesigned in R3.1
Define a SDWAN CNF with mwan3, firewall and IPSec configuration
Reference: Sdewan CRD Controller
...
WW21
...
Redesigned in R3.1
Define MWAN3 configuration (policy, rule)
Reference: Sdewan CRD Controller
...
Redesigned in R3.1
Define Firewall CRD (zone, forwarding, rule, redirect (NAT))
...
Redesigned in R3.1
Define IPSec CRD (remote site, proposal)
Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecCRD
Scenario design: SD-EWAN Scenarios
...
Redesigned in R3.1
MWAN3 CRD/Restful API integration
...
Redesigned in R3.1
Firewall CRD/Restful API integration
...
Redesigned in R3.1
IPSec CRD/Restful API integration
...
SDEWAN CNF
Sdewan CRD Controller
...