SDEWAN is implemented as CNF based on OpenWRT and it will support below functionalities:
SDEWAN service restful API provides the capability to list available SDEWAN services, get service status and execute service operation.
Common Error code:
Code | Description |
---|---|
400 | Bad request |
401 | unauthorized -the security token is not provides or expired. |
404 | resource not found |
Error Response:
Name | In | Type | Description |
---|---|---|---|
message | body | string | error message |
GET /cgi-bin/luci/sdewan/v1/services
Lists all available sdewan services supported by SDEWAN CNF
Request: N/A
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
services | body | array | a list of supported service |
{ "services": ["mwan3", "firewall", "ipsec"] } |
---|
PUT /cgi-bin/luci/sdewan/v1/service/{service}/
Execute a operation for a service
Request:
Request Parameters
Name | In | Type | Description |
---|---|---|---|
service | path | string | service name, valid value are "mwan3", "firewall", "ipsec" |
action | body | string | action to be executed. valid value are "start", "stop", "restart", "reload" |
Response Example
{ "action": "start" } |
---|
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
result | body | string | operation execution result |
Response Example
{ "result": "success" } |
---|
OpenWRT MWAN3 configuration includes below sections:
SDEWAN CNF will be created with Global and Interface sections initialized based on CNF allocated interfaces.
SD-EWAN MWAN3 CNF API provides support to get/create/update/delete MWAN3 Rule, Policy (with Member).
GET /cgi-bin/luci/sdewan/mwan3/v1/policies
Lists all defined policies
Request: N/A
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
policies | body | array | a list of defined policies |
{ { "name":"balanced", "members": [ { "interface": "net1", "metric" 1, "weight": 2 } { "interface": "net2", "metric" 1, "weight": 1 } ] } ] |
---|
GET /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
Get a policy
Request: N/A
Request Parameters
Name | In | Type | Description |
---|---|---|---|
policy | path | string | policy name |
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
name | body | string | policy name |
members | body | array | policy members |
interface | body | string | member interface name |
metric | body | int | (optional) default: 1, members within one policy with a lower metric have precedence over higher metric members |
weight | body | int | (optional) default: 1, members with same metric will distribute load based on this weight value |
{ "name": "balanced", "members": [ { "interface": "net1", "metric" 1, "weight": 2 } { "interface": "net2", "metric" 1, "weight": 1 } ] } |
---|
POST /cgi-bin/luci/sdewan/mwan3/v1/policy
create a new policy
Request:
Request Parameters: same with GET's response request
Response
PUT /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
update a policy
Request:
Request Parameters:
Name | In | Type | Description |
---|---|---|---|
policy | path | string | policy name |
members | body | array | policy members |
interface | body | string | member interface name |
metric | body | int | (optional) default: 1, members within one policy with a lower metric have precedence over higher metric members |
weight | body | int | (optional) default: 1, members with same metric will distribute load based on this weight value |
{ "members": [ { "interface": "net1", "metric" 1, "weight": 2 } { "interface": "net2", "metric" 1, "weight": 1 } ] } |
---|
Response
DELETE /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}
delete a policy
Request:
Request Parameters
Name | In | Type | Description |
---|---|---|---|
policy | path | string | policy name |
Response
GET /cgi-bin/luci/sdewan/mwan3/v1/rules
Lists all defined rules
Request: N/A
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
rules | body | array | a list of defined rules |
{ { "name":"default_rule", "dest_ip": "0.0.0.0/0" "policy": "balanced" } ] } |
---|
GET /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
Get a rule
Request: N/A
Request Parameters
Name | In | Type | Description |
---|---|---|---|
rule | path | string | rule name |
Response
Response Parameters
Name | In | Type | Description |
---|---|---|---|
name | body | string | rule name |
policy | body | string | policy used for the rule |
src_ip | body | string | (optional) source ip address |
src_port | body | string | (optional) source port or port range |
dest_ip | body | string | (optional) destination ip address |
dest_port | body | string | (optional) destination port or port range |
proto | body | string | (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all" |
family | body | string | (optional) address family. Valid values: "ipv4", "ipv6", "all" |
sticky | body | string | (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session |
timeout | body | int | (optional) default: 600, Stickiness timeout value in seconds |
{ "name":"default_rule", "dest_ip": "0.0.0.0/0" "policy": "balanced" } |
---|
POST /cgi-bin/luci/sdewan/mwan3/v1/rule
create a new rule
Request:
Request Parameters: same with GET's response request
Response
PUT /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
update a policy
Request:
Request Parameters
Name | In | Type | Description |
---|---|---|---|
rule | path | string | rule name |
policy | body | string | policy used for the rule |
src_ip | body | string | (optional) source ip address |
src_port | body | string | (optional) source port or port range |
dest_ip | body | string | (optional) destination ip address |
dest_port | body | string | (optional) destination port or port range |
proto | body | string | (optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all" |
family | body | string | (optional) address family. Valid values: "ipv4", "ipv6", "all" |
sticky | body | string | (optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session |
timeout | body | int | (optional) default: 600, Stickiness timeout value in seconds |
{ "dest_ip": "0.0.0.0/0" "policy": "balanced" } |
---|
Response
DELETE /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}
delete a rule
Request:
Request Parameters
Name | In | Type | Description |
---|---|---|---|
rule | path | string | rule name |
Response
OpenWRT Firewall configuration includes below sections:
SDEWAN CNF will be created with Default sections initialized.
SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings