diff options
author | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-04-18 13:36:02 +0530 |
---|---|---|
committer | Deepak S <deepak.s@linux.intel.com> | 2017-04-19 03:15:39 -0700 |
commit | a59ed4772da29826915010a7c9d34b5ebd256c42 (patch) | |
tree | 05f9a4f3c7a6ef86c1ece39771120741a9cb2a75 /VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc | |
parent | 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f (diff) |
vFW: Adding Virtual Firewall VNF
JIRA: SAMPLEVNF-4
vFW supports following features:
- Basic packet filtering (malformed packets, IP fragments)
- Connection tracking for TCP and UDP
- Access Control List for rule based policy enforcement
- SYN-flood protection via Synproxy* for TCP
- UDP, TCP and ICMP protocol pass-through
- CLI based enable/disable connection tracking, synproxy,
basic packet filtering
- Hardware and Software Load Balancing
- L2L3 stack support for ARP/ICMP handling
- Multithread support
- Multiple physical port support
Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Diffstat (limited to 'VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc')
-rw-r--r-- | VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc b/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc new file mode 100644 index 00000000..06702077 --- /dev/null +++ b/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_script.tc @@ -0,0 +1,86 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +link 0 down +link 0 config 203.16.100.10 8 +link 0 up +link 1 down +link 1 config 202.16.100.10 8 +link 1 up +link 2 down +link 2 config 173.16.40.10 8 +link 2 up +link 3 down +link 3 config 172.16.40.10 8 +link 3 up +;p 1 arpadd 0 203.16.100.20 00:00:00:00:00:01 +;p 1 arpadd 2 173.16.40.20 00:00:00:00:00:04 +;p 1 arpadd 1 202.16.100.20 00:00:00:00:00:02 +;p 1 arpadd 3 172.16.40.20 00:00:00:00:00:03 +p action add 0 accept +p action add 0 fwd 2 +p action add 0 count + +p action add 1 accept +p action add 1 fwd 0 +p action add 1 count + +p action add 2 accept +p action add 2 fwd 3 +p action add 2 count + +p action add 3 accept +p action add 3 fwd 1 +p action add 3 count + +p action add 4 drop +p action add 4 count + +p action add 5 drop +p action add 5 count + +p action add 0 conntrack +p action add 1 conntrack +p action add 2 conntrack +p action add 3 conntrack + +p action add 4 conntrack +p action add 5 conntrack + +p vfw add 1 203.16.100.20 8 173.16.40.20 8 0 65535 67 69 0 0 4 +p vfw add 1 202.16.100.20 8 172.16.40.20 8 0 65535 67 69 0 0 5 + +p vfw add 2 203.16.100.20 8 173.16.40.20 8 0 65535 0 65535 0 0 0 +p vfw add 2 173.16.40.20 8 203.16.100.20 8 0 65535 0 65535 0 0 1 +p vfw add 2 202.16.100.20 8 172.16.40.20 8 0 65535 0 65535 0 0 2 +p vfw add 2 172.16.40.20 8 202.16.100.20 8 0 65535 0 65535 0 0 3 + +p vfw applyruleset +set fwd rxonly +set_sym_hash_ena_per_port 0 enable +set_hash_global_config 0 simple_xor ipv4-udp enable +set_sym_hash_ena_per_port 1 enable +set_hash_global_config 1 simple_xor ipv4-udp enable + +set_hash_input_set 0 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add +set_hash_input_set 1 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add + +set_sym_hash_ena_per_port 2 enable +set_hash_global_config 2 simple_xor ipv4-udp enable +set_sym_hash_ena_per_port 3 enable +set_hash_global_config 3 simple_xor ipv4-udp enable + +set_hash_input_set 2 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add +set_hash_input_set 3 ipv4-udp src-ipv4 dst-ipv4 udp-src-port udp-dst-port add + |