diff options
author | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-04-18 13:36:02 +0530 |
---|---|---|
committer | Deepak S <deepak.s@linux.intel.com> | 2017-04-19 03:15:39 -0700 |
commit | a59ed4772da29826915010a7c9d34b5ebd256c42 (patch) | |
tree | 05f9a4f3c7a6ef86c1ece39771120741a9cb2a75 /docs/vFW/RELEASE_NOTES.rst | |
parent | 8a4e9e534fcb1ef718ed5c1089fdc8698b13fb7f (diff) |
vFW: Adding Virtual Firewall VNF
JIRA: SAMPLEVNF-4
vFW supports following features:
- Basic packet filtering (malformed packets, IP fragments)
- Connection tracking for TCP and UDP
- Access Control List for rule based policy enforcement
- SYN-flood protection via Synproxy* for TCP
- UDP, TCP and ICMP protocol pass-through
- CLI based enable/disable connection tracking, synproxy,
basic packet filtering
- Hardware and Software Load Balancing
- L2L3 stack support for ARP/ICMP handling
- Multithread support
- Multiple physical port support
Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
[Push patch to gerrit]
Signed-off-by: Deepak S <deepak.s@linux.intel.com>
Diffstat (limited to 'docs/vFW/RELEASE_NOTES.rst')
-rw-r--r-- | docs/vFW/RELEASE_NOTES.rst | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/docs/vFW/RELEASE_NOTES.rst b/docs/vFW/RELEASE_NOTES.rst new file mode 100644 index 00000000..0c880042 --- /dev/null +++ b/docs/vFW/RELEASE_NOTES.rst @@ -0,0 +1,78 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) OPNFV, National Center of Scientific Research "Demokritos" and others. + +========================================================= +Virtual Firewall - vFW +========================================================= + +1. Introduction +================ + +This is a beta release for Sample Virtual Firewall VNF. +This vFW can application can be run independently (refer INSTALL.rst). + +2. User Guide +=============== +Refer to README.rst for further details on vFW, HLD, features supported, test +plan. For build configurations and execution requisites please refer to +INSTALL.rst. + +3. Feature for this release +=========================== +This release supports following features as part of vFW: + - Basic packet filtering (malformed packets, IP fragments) + - Connection tracking for TCP and UDP + - Access Control List for rule based policy enforcement + - SYN-flood protection via Synproxy* for TCP + - UDP, TCP and ICMP protocol pass-through + - CLI based enable/disable connection tracking, synproxy, basic packet + filtering + - L2L3 stack support for ARP/ICMP handling + - ARP (request, response, gratuitous) + - ICMP (terminal echo, echo response, passthrough) + - ICMPv6 and ND (Neighbor Discovery) + - Hardware and Software Load Balancing + - Multithread support + - Multiple physical port support + +4. System requirements - OS and kernel version +============================================== +This is supported on Ubuntu 14.04 and Ubuntu 16.04 and kernel version less than 4.5 + + VNFs on BareMetal support: + OS: Ubuntu 14.04 or 16.04 LTS + kernel: < 4.5 + http://releases.ubuntu.com/16.04/ + Download/Install the image: ubuntu-16.04.1-server-amd64.iso + + VNFs on Standalone Hypervisor + HOST OS: Ubuntu 14.04 or 16.04 LTS + http://releases.ubuntu.com/16.04/ + Download/Install the image: ubuntu-16.04.1-server-amd64.iso + - OVS (DPDK) - 2.5 + - kernel: < 4.5 + - Hypervisor - KVM + - VM OS - Ubuntu 16.04/Ubuntu 14.04 + +5. Known Bugs and limitations +============================= + - Hadware Load Balancer feature is supported on fortville nic FW version 4.53 and below. + - Hardware Checksum offload is not supported for IPv6 traffic. + - vFW on sriov is tested upto 4 threads + - Http Multiple clients/server with HWLB is not working + +6. Future Work +============== +Following would be possible enhancement functionalities + - Automatic enable/disable of synproxy + - Support TCP timestamps with synproxy + - FTP ALG integration + - Performance optimization on different platforms + +7. References +============= +Following links provides additional information + .. _QUICKSTART: http://dpdk.org/doc/guides-16.04/linux_gsg/quick_start.html + .. _DPDKGUIDE: http://dpdk.org/doc/guides-16.04/prog_guide/index.html |