...
| Module | Tasks | Owner | Due | Current Status | Description | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PORs | ||||||||||||||||||||||
| POC | Setup IPSec tunnel | Ruoyu | Feb.26 | WW09: setup POC environment by manual configuration (Site-2-Site, Initiator-responder, Initiator-responder with vip) - Done | ||||||||||||||||||
| SDEWAN CNF | ||||||||||||||||||||||
| Service API | Huifeng | Done | Start/stop/restart/reload SDWAN service, includes: mwan3, firewall/NAT, IpSec. Reference: SDEWAN CNF#SDEWANService | |||||||||||||||||||
| MWAN3 API | Huifeng | Done | Support MWAN3 rule/policy configuration. Reference: SDEWAN CNF#MWAN3 OpenWRT Reference: https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3 | |||||||||||||||||||
| Firewall API | Huifeng | Design: Feb.26 Implementation: Mar.12 | WW08: Initial design Done WW09: Implementation - 50% WW10: 80% WW11: done | Support firewall configuration for zone (general rule for a group of interfaces), forwarding (iptables forward), rule, redirect (DNAT/SNAT). Reference: SDEWAN CNF#Firewall OpenWRT Reference: https://openwrt.org/docs/guide-user/firewall/firewall_configuration | ||||||||||||||||||
| IPSec API | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW08: Initial design Done WW09: design done (to be reviewed) WW10/11/12: 90% | Support IPSec configuration for remote site, proposal. Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecRestAPI OpenWRT Reference: https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/start (Note: OpenWRT Wiki page is out-of-date compare to 18.06 implementation which we used and the current design is based on openwrt ipsec code directly) | ||||||||||||||||||
| SDEWAN CNF Controller E2E scenario | E2E demo for SDEWAN solution | |||||||||||||||||||||
| manual steps | All | WW13 -14 | manual steps (create CNF, openwrt configuration for Ipsec/NAT rule, manual connectivity test for ms) to verify E2E test scenarios | |||||||||||||||||||
| auto test scripts to enable demo in ICN | All | WW15-16 | leverage kud to setup 3 clusters (Hub, edge1, edge2) use pre-defined yaml file (with network interface information and rules definition) to create Sdewan CNF use linux shell script to call CNF Rest API (e.g. update rule, restart service etc.) shell script to verify ms connectivity in different edge cluster | |||||||||||||||||||
| SDEWAN CNF Controller | ||||||||||||||||||||||
| POC to verify CR & CNF matching by label | WW17 | R3.1 POC to verify the flow for n:m label matching between CR instances and CNF instances (e.g. a CR can apply to multiple CNF and a CNF can have multiple CR) | ||||||||||||||||||||
| CRD re-design | WW18-19 | R3.1 | ||||||||||||||||||||
| SDEWAN CRD | Cheng | WW20 | Redesigned in R3.1 Define a SDWAN CNF with mwan3, firewall and IPSec configuration Reference: Sdewan config Agent | SDEWAN CRD | Cheng | Done | Define a SDWAN CNF with mwan3, firewall and IPSec configuration Reference: Sdewan config Agent | |||||||||||||||
| MWAN3 CRD | Cheng | Design: Done Implementation: Feb. 26 | WW21 | Redesigned in R3.1 WW08: CRD design done, implementation: - Done Define MWAN3 configuration (policy, rule) Reference: Sdewan config Agent | ||||||||||||||||||
| Firewall CRD | Cheng | Design: Feb.26 Implementation: Mar.12 | CRD | Cheng | WW22-WW23 | Redesigned in R3.1 WW09: CRD design - Done WW10/11: Done Define Firewall CRD (zone, forwarding, rule, redirect (NAT)) | ||||||||||||||||
| IPSec CRD | Ruoyu | Design: Feb.26 Implementation: Mar.18 | WW24-WW25 | Redesigned in R3.1 WW08: initial design done WW09: design done (to be reviewed) WW10/11/12: implementation 80% Define IPSec CRD (remote site, proposal) Reference: https://wiki.akraino.org/display/AK/IPSec+Design#IPSecDesign-IPSecCRD Scenario design: SD-EWAN Scenarios | ||||||||||||||||||
| Integration | CNF controller and CNF Rest API integration | MWAN3 | Cheng/Huifeng | Feb.26 | WW09: integration - Done | MWAN3 CRD/Restful API integration | Firewall | Cheng/Huifeng | Mar.26 | WW12: 30% WW13: continue | Firewall CRD/Restful API integration | IPSec | Ruoyu/Huifeng | Apr.1 | WW13: start to do integration | IPSec CRD/Restful API integration | CNF controller and CNF Rest API integration | |||||
| MWAN3 | Cheng/Huifeng | WW26 | Redesigned in R3.1 MWAN3 CRD/Restful API integration | |||||||||||||||||||
| Firewall | Cheng/Huifeng | WW27 | Redesigned in R3.1 Firewall CRD/Restful API integration | |||||||||||||||||||
| IPSec | Ruoyu/Huifeng | WW28 | Redesigned in R3.1 IPSec CRD/Restful API integration | SDEWAN demo | E2E demo for SDEWAN solution | Demo scenario design | All | Apr.8 | Design E2E demo scenario and setup the environment | Demo scenario integration | All | Apr.15 | E2E working flow enabling | Integration with ONAP | All | TBD | Create helm chart which to be integrated in Kud test cases for ONAP | |||||
| Stretch Goals | ||||||||||||||||||||||
| SDWAN Hub Controller | EWAN Config Manager: call EWAN Conf Agent to configure EWAN CNF | Rama | ||||||||||||||||||||
| Key | Store key in TPM | Cheng | ||||||||||||||||||||
| QAT Support | Investigate how to enable QAT support for IPSec (Client library such as OpenSSL configuration, kernel module is not need in CNF) | Ruoyu |
...