diff options
author | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-04-18 13:36:02 +0530 |
---|---|---|
committer | Deepak S <deepak.s@linux.intel.com> | 2017-04-19 03:15:39 -0700 |
commit | a59ed4772da29826915010a7c9d34b5ebd256c42 (patch) | |
tree | 05f9a4f3c7a6ef86c1ece39771120741a9cb2a75 /VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg | |
parent | 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f (diff) |
vFW: Adding Virtual Firewall VNF
JIRA: SAMPLEVNF-4
vFW supports following features:
- Basic packet filtering (malformed packets, IP fragments)
- Connection tracking for TCP and UDP
- Access Control List for rule based policy enforcement
- SYN-flood protection via Synproxy* for TCP
- UDP, TCP and ICMP protocol pass-through
- CLI based enable/disable connection tracking, synproxy,
basic packet filtering
- Hardware and Software Load Balancing
- L2L3 stack support for ARP/ICMP handling
- Multithread support
- Multiple physical port support
Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Diffstat (limited to 'VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg')
-rw-r--r-- | VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg b/VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg new file mode 100644 index 00000000..ddf746e2 --- /dev/null +++ b/VNFs/vFW/config/VFW_HWLB_IPV6_MultiPortPair_1Thread.cfg @@ -0,0 +1,58 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 + +pktq_in = SWQ0 +pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 +; ARP route table entries (ip, mask, if_port, nh) hex values with no 0x +; Link MAC addresses in order aa:bb:cc:dd:ee:ff separated by space +nd_route_tbl = (fec0::6a05:caff:fe30:21b0,64,0,fec0::6a05:caff:fe30:21b0) +nd_route_tbl = (2012::6a05:caff:fe30:2081,64,2,2012::6a05:caff:fe30:2081) +nd_route_tbl = (fec1::6a05:caff:fe30:21b0,64,1,fec1::6a05:caff:fe30:21b0) +nd_route_tbl = (2016::6a05:caff:fe30:2081,64,3,2016::6a05:caff:fe30:2081) +; Hex values with no leading 0x, MACs in ascending port order starting @P0 +ports_mac_list = 00:cb:10:64:14:00 00:ca:10:64:14:00 00:ad:10:28:14:00 00:ac:10:28:14:00 +; +; egress (private interface) info +pktq_in_prv = RXQ0.0 RXQ1.0 +; +;for pub port <-> prv port mapping (prv, pub) +prv_to_pub_map = (0,2)(1,3) +prv_que_handler = (0,1) +[PIPELINE2] +type = VFW +core = 2 +pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0 +pktq_out = TXQ0.1 TXQ1.1 TXQ2.1 TXQ3.1 SWQ0 + + +;n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 + +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 |