diff options
author | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-04-18 13:36:02 +0530 |
---|---|---|
committer | Deepak S <deepak.s@linux.intel.com> | 2017-04-19 03:15:39 -0700 |
commit | a59ed4772da29826915010a7c9d34b5ebd256c42 (patch) | |
tree | 05f9a4f3c7a6ef86c1ece39771120741a9cb2a75 /VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg | |
parent | 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f (diff) |
vFW: Adding Virtual Firewall VNF
JIRA: SAMPLEVNF-4
vFW supports following features:
- Basic packet filtering (malformed packets, IP fragments)
- Connection tracking for TCP and UDP
- Access Control List for rule based policy enforcement
- SYN-flood protection via Synproxy* for TCP
- UDP, TCP and ICMP protocol pass-through
- CLI based enable/disable connection tracking, synproxy,
basic packet filtering
- Hardware and Software Load Balancing
- L2L3 stack support for ARP/ICMP handling
- Multithread support
- Multiple physical port support
Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Diffstat (limited to 'VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg')
-rw-r--r-- | VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg b/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg new file mode 100644 index 00000000..aefb37aa --- /dev/null +++ b/VNFs/vFW/config/VFW_SWLB_IPV6_MultiPortPair_1Thread.cfg @@ -0,0 +1,122 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 + +pktq_in = SWQ2 SWQ9 +pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 +; ARP route table entries (ip, mask, if_port, nh) hex values with no 0x +nd_route_tbl = (fec0::6a05:caff:fe30:21b0,64,0,fec0::6a05:caff:fe30:21b0) +nd_route_tbl = (2012::6a05:caff:fe30:2081,64,1,2012::6a05:caff:fe30:2081) +nd_route_tbl = (fec1::6a05:caff:fe30:21b0,64,2,fec1::6a05:caff:fe30:21b0) +nd_route_tbl = (2016::6a05:caff:fe30:2081,64,3,2016::6a05:caff:fe30:2081) +; Link MAC addresses in order aa:bb:cc:dd:ee:ff separated by space +; +; Hex values with no leading 0x, MACs in ascending port order starting @P0 +ports_mac_list = 00:cb:10:64:14:00 00:ca:10:64:14:00 00:ad:10:28:14:00 00:ac:10:28:14:00 +; +; egress (private interface) info +pktq_in_prv = RXQ0.0 RXQ2.0 +; +;for pub port <-> prv port mapping (prv, pub) +prv_to_pub_map = (0,1)(2,3) +prv_que_handler = (0,2) +;lib_arp_debug = 1 +[PIPELINE2] +type = TXRX +core = s0c2 +pktq_in = RXQ0.0 RXQ1.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = SWQ0 SWQ1 SWQ2;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = RXRX +; +[PIPELINE3] +type = LOADB +core = 3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 ;SWQ10 SWQ11 +outport_offset = 136; 8 +n_vnf_threads = 1 +prv_que_handler = (0) +n_lb_tuples = 5 +;loadb_debug = 0 +[PIPELINE4] +type = VFW +core = s0c4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ5 SWQ6;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 + +[PIPELINE5] +type = TXRX +core = s0c2h +pktq_in = SWQ5 SWQ6 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = TXQ0.1 TXQ1.1 ;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = TXTX +[PIPELINE6] +type = TXRX +core = s0c5 +pktq_in = RXQ2.0 RXQ3.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = SWQ7 SWQ8 SWQ9;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = RXRX +; +[PIPELINE7] +type = LOADB +core = 6 +pktq_in = SWQ7 SWQ8 +pktq_out = SWQ9 SWQ10 ;SWQ10 SWQ11 +outport_offset = 136; 8 +n_vnf_threads = 1 +n_lb_tuples = 5 +;loadb_debug = 0 +[PIPELINE8] +type = VFW +core = s0c7 +pktq_in = SWQ9 SWQ10 +pktq_out = SWQ11 SWQ12;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv6 +traffic_type = 6 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 +[PIPELINE9] +type = TXRX +core = s0c5h +pktq_in = SWQ11 SWQ12 ;SWQ20 SWQ21 ;RXQ0.0 RXQ1.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = TXQ2.1 TXQ3.1 ;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = TXTX |