SDEWAN is implemented as CNF based on OpenWRT and it will support below functionalities:

• Export Restful API interface to support configuration of MWAN3, Firewall & NAT, IpSec.
• Site-to-Site tunnels across edges & edges & central orchestrators and application managers

SDEWAN Service

SDEWAN service restful API provides the capability to list available SDEWAN services, get service status and execute service operation.

Common Error code:

Error Response:

GET /cgi-bin/luci/sdewan/v1/services

Lists all available sdewan services supported by SDEWAN CNF

Request: N/A

Response

• Normal response codes: 200

• Response Parameters

  Name	In	Type	Description
  services	body	array	a list of supported service

  
  

• Response Example

  
  

  {     "services": ["mwan3", "firewall", "ipsec"] }

  
  

PUT /cgi-bin/luci/sdewan/v1/service/{service}/

Execute a operation for a service

Request: 

• Request Parameters

  Name	In	Type	Description
  service	path	string	service name, valid value are "mwan3", "firewall", "ipsec"
  action	body	string	action to be executed. valid value are "start", "stop", "restart", "reload"

  
  

• Response Example

  {     "action": "start" }

  
  

Response

• Normal response code: 200
• Error response code: 400 (e.g. invalid action)

• Response Parameters

  Name	In	Type	Description
  result	body	string	operation execution result

  
  

• Response Example

  {     "result": "success" }

  
  

MWAN3

OpenWRT MWAN3 configuration includes below sections:

• Global: common configuration special used to configure routable loopback address (for OpenWRT 18.06)
• Interface: define how each WAN interface is tested for up/down status
• Member: represents an interface with a metric and a weight value
• Policy: defines how traffic is routed through the different WAN interface(s)
• Rule: describes what traffic to match and what policy to assign for that traffic.

SDEWAN CNF will be created with Global and Interface sections initialized based on CNF allocated interfaces.

SD-EWAN MWAN3 CNF API provides support to get/create/update/delete MWAN3 Rule, Policy (with Member).

MWAN3 Policy

GET /cgi-bin/luci/sdewan/mwan3/v1/policies

Lists all defined policies

Request: N/A

Response

• Normal response codes: 200

• Response Parameters

  Name	In	Type	Description
  policies	body	array	a list of defined policies

  
  

• Response Example

  
  

  {     "policies": [         {             "name":"balanced",             "members": [                 {                       "interface": "net1",                       "metric" 1,                       "weight": 2                 }                 {                       "interface": "net2",                       "metric" 1,                       "weight": 1                 }              ]         }     ] }

  
  

GET /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}

Get a policy

Request: N/A

• Request Parameters

  Name	In	Type	Description
  policy	path	string	policy name

  
  

Response

• Normal response codes: 200
• Error response code: 404

• Response Parameters

  Name	In	Type	Description
  name	body	string	policy name
  members	body	array	policy members
  interface	body	string	member interface name
  metric	body	int	(optional) default: 1, members within one policy with a lower metric have precedence over higher metric members
  weight	body	int	(optional) default: 1, members with same metric will distribute load based on this weight value

  
  

• Response Example

  
  

  {       "name": "balanced",        "members": [            {                "interface": "net1",                "metric" 1,                "weight": 2             }             {                 "interface": "net2",                 "metric" 1,                  "weight": 1             }        ] }

  
  

POST /cgi-bin/luci/sdewan/mwan3/v1/policy

create a new policy

Request:

• Request Parameters: same with GET's response request

• Request Example: same with GET's response example

  
  

Response

• Normal response codes: 201
• Error response codes: 400, 401

PUT /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}

update a policy

Request:

• Request Parameters:

  Name	In	Type	Description
  policy	path	string	policy name
  members	body	array	policy members
  interface	body	string	member interface name
  metric	body	int	(optional) default: 1, members within one policy with a lower metric have precedence over higher metric members
  weight	body	int	(optional) default: 1, members with same metric will distribute load based on this weight value

  
  

• Request Example

  
  

  {        "members": [            {                "interface": "net1",                "metric" 1,                "weight": 2             }             {                 "interface": "net2",                 "metric" 1,                  "weight": 1             }        ] }

  
  

Response

• Normal response codes: 204
• Error response codes: 400, 401, 404

DELETE /cgi-bin/luci/sdewan/mwan3/v1/policy/{policy}

delete a policy

Request:

• Request Parameters

  Name	In	Type	Description
  policy	path	string	policy name

  
  

Response

• Normal response codes: 200
• Error response codes: 401, 404

MWAN3 Rule

GET /cgi-bin/luci/sdewan/mwan3/v1/rules

Lists all defined rules

Request: N/A

Response

• Normal response codes: 200

• Response Parameters

  Name	In	Type	Description
  rules	body	array	a list of defined rules

  
  

• Response Example

  
  

  {     "rules": [         {             "name":"default_rule",             "dest_ip": "0.0.0.0/0"             "policy": "balanced"         }      ] }

  
  

GET /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}

Get a rule

Request: N/A

• Request Parameters

  Name	In	Type	Description
  rule	path	string	rule name

  
  

Response

• Normal response codes: 200
• Error response code: 404

• Response Parameters

  Name	In	Type	Description
  name	body	string	rule name
  policy	body	string	policy used for the rule
  src_ip	body	string	(optional) source ip address
  src_port	body	string	(optional) source port or port range
  dest_ip	body	string	(optional) destination ip address
  dest_port	body	string	(optional) destination port or port range
  proto	body	string	(optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all"
  family	body	string	(optional) address family. Valid values: "ipv4", "ipv6", "all"
  sticky	body	string	(optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session
  timeout	body	int	(optional) default: 600,  Stickiness timeout value in seconds

  
  

• Response Example

  
  

  {     "name":"default_rule",     "dest_ip": "0.0.0.0/0"      "policy": "balanced" }

  
  

POST /cgi-bin/luci/sdewan/mwan3/v1/rule

create a new rule

Request:

• Request Parameters: same with GET's response request

• Request Example: same with GET's response example

  
  

Response

• Normal response codes: 201
• Error response codes: 400, 401

PUT /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}

update a policy

Request:

• Request Parameters

  Name	In	Type	Description
  rule	path	string	rule name
  policy	body	string	policy used for the rule
  src_ip	body	string	(optional) source ip address
  src_port	body	string	(optional) source port or port range
  dest_ip	body	string	(optional) destination ip address
  dest_port	body	string	(optional) destination port or port range
  proto	body	string	(optional) protocol for the rule. Valid values: "tcp", "udp", "icmp", "all"
  family	body	string	(optional) address family. Valid values: "ipv4", "ipv6", "all"
  sticky	body	string	(optional) default: 0, allow traffic from the same source ip address within the timeout limit to use same wan interface as prior session
  timeout	body	int	(optional) default: 600,  Stickiness timeout value in seconds

  
  

• Request Example

  
  

  {     "dest_ip": "0.0.0.0/0"      "policy": "balanced" }

  
  

Response

• Normal response codes: 204
• Error response codes: 400, 401, 404

DELETE /cgi-bin/luci/sdewan/mwan3/v1/rule/{rule}

delete a rule

Request:

• Request Parameters

  Name	In	Type	Description
  rule	path	string	rule name

  
  

Response

• Normal response codes: 200
• Error response codes: 401, 404

Firewall

OpenWRT Firewall configuration includes below sections:

• Default: declares global firewall settings which do not belong to specific zones
• Include: used to enable customized firewall scripts
• Zone: groups one or more interfaces and serves as a source or destination for forwardings, rules and redirects.
• Forwarding: control the traffic between zones
• Redirect: defines port forwarding (NAT) rules
• Rule: defines basic accept, drop, or reject rules to allow or restrict access to specific ports or hosts.

SDEWAN CNF will be created with Default sections initialized.

SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings

Zone

Redirect

Rule

Forwarding