...
ICN R3 release will focus on implementing the SDEWAN CNF and EWAN config Agent then designing the End-to-End demo with other components described in the SDEWAN solution.
Below diagram describes diagrams describe CRD definition and the interaction between SDEWAN CNF and EWAN config Agent.the calling sequence of SDEWAN Conf Mgr, K8s, Sdewan CNF and Sdewan Conf Agent.
Sdewan CRD definition:
Calling Sequence:
Timeline
| Module | Tasks | Owner | Due | Current Status | Description |
|---|---|---|---|---|---|
| PORs | |||||
| POC | Setup IPSec tunnel | Ruoyu | Feb.26 | WW09: setup POC environment by manual configuration (Site-2-Site, Initiator-responder, Initiator-responder with vip) - Done | |
| SDEWAN CNF | |||||
| Service API | Huifeng | Done | Start/stop/restart/reload SDWAN service, includes: mwan3, firewall/NAT, IpSec. Reference: SDEWAN CNF#SDEWANService | ||
| MWAN3 API | Huifeng | Done | Support MWAN3 rule/policy configuration. Reference: SDEWAN CNF#MWAN3 OpenWRT Reference: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 | ||
| Firewall API | Huifeng | Design: Feb.26 Implementation: Mar.12 | WW08: Initial design Done WW09: Implementation - 50% WW10: 80% WW11: done | Support firewall configuration for zone (general rule for a group of interfaces), forwarding (iptables forward), rule, redirect (DNAT/SNAT). Reference: SDEWAN CNF#Firewall OpenWRT Reference: https://openwrt.org/docs/guide-user/firewall/firewall_configuration | |
| IPSec API | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW08: Initial design Done WW09: design done (to be reviewed) WW10/11/12: 50% | Support IPSec configuration for remote site, proposal. Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecRestAPI OpenWRT Reference: https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/start (Note: OpenWRT Wiki page is out-of-date compare to 18.06 implementation which we used and the current design is based on openwrt ipsec code directly) | |
| SDEWAN CNF Controller | |||||
| SDEWAN CRD | Cheng | Done | Define a SDWAN CNF with mwan3, firewall and IPSec configuration Reference: Sdewan config Agent | ||
| MWAN3 CRD | Cheng | Design: Done Implementation: Feb. 26 | WW08: CRD design done, implementation: - Done | Define MWAN3 configuration (policy, rule) Reference: Sdewan config Agent | |
| Firewall CRD | Cheng | Design: Feb.26 Implementation: Mar.12 | WW09: CRD design - Done WW10/11: Done | Define Firewall CRD (zone, forwarding, rule, redirect (NAT)) | |
| IPSec CRD | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW08: initial design done WW09: design done (to be reviewed) WW10/11/12: implementation 80% | Define IPSec CRD (remote site, proposal) Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecCRD Scenario design: SD-EWAN Scenarios | |
| Integration | CNF controller and CNF Rest API integration | ||||
| MWAN3 | Cheng/Huifeng | Feb.26 | WW09: integration - Done | MWAN3 CRD/Restful API integration | |
| Firewall | Cheng/Huifeng | Mar.26 | WW12: start to work | Firewall CRD/Restful API integration | |
| IPSec | Ruoyu/Huifeng | Apr.1 | IPSec CRD/Restful API integration | ||
| SDEWAN demo | E2E demo for SDEWAN solution | ||||
| Demo scenario design | All | Apr.8 | Design E2E demo scenario and setup the environment | ||
| Demo scenario integration | All | Apr.15 | E2E working flow enabling | ||
| Integration with ONAP | All | TBD | Create helm chart which to be integrated in Kud test cases for ONAP | ||
| Stretch Goals | |||||
| SDWAN Hub Controller | EWAN Config Manager: call EWAN Conf Agent to configure EWAN CNF | Rama | |||
| Key | Store key in TPM | Cheng | |||
| QAT Support | Investigate how to enable QAT support for IPSec (Client library such as OpenSSL configuration, kernel module is not need in CNF) | Ruoyu |
...