diff options
| -rw-r--r-- | docs/testing/user/userguide/06-How_to_use_REST_api.rst | 175 | ||||
| -rw-r--r-- | docs/testing/user/userguide/07-Config_files.rst | 84 | ||||
| -rw-r--r-- | docs/testing/user/userguide/08-CLI_Commands_Reference.rst | 531 | ||||
| -rw-r--r-- | docs/testing/user/userguide/index.rst | 1 |
4 files changed, 675 insertions, 116 deletions
diff --git a/docs/testing/user/userguide/06-How_to_use_REST_api.rst b/docs/testing/user/userguide/06-How_to_use_REST_api.rst index c2c8836e..53726464 100644 --- a/docs/testing/user/userguide/06-How_to_use_REST_api.rst +++ b/docs/testing/user/userguide/06-How_to_use_REST_api.rst @@ -91,68 +91,67 @@ for your VNF. URI definition for different VNF’s =================================== -:: -URI REST Method Arguments Description +URI REST Method Arguments Description =========================================================================================================================== -/vnf GET None Displays top level methods available - -/vnf/config GET None Displays the current config set - POST pci_white_list: Command success/failure - num_worker(o): - vnf_type(o): - pkt_type (o): - num_lb(o): - sw_lb(o): - sock_in(o): - hyperthread(o) : - -/vnf/config/arp GET None Displays ARP/ND info - POST action: <add/del/req> Command success/failure - ipv4/ipv6: <address> - portid: <> - macaddr: <> for add - -/vnf/config/link GET None - POST link_id:<> Command success/failure - state: <1/0> - -/vnf/config/link/<link id> GET None - POST Command success/failure - ipv4/ipv6: <address> - depth: <> - -/vnf/config/route GET None Displays gateway route entries - POST portid: <> Adds route entries for default gateway - nhipv4/nhipv6: <addr> - depth: <> - type:"net/host" - -/vnf/config/rules(vFW/vACL only) GET None Displays the methods /load/clear -/vnf/config/rules/load GET None Displays if file was loaded - PUT <script file - with cmds> Executes each command from script file -/vnf/config/rules/clear GET None Command success/failure clear the stat - -/vnf/config/nat(vCGNAPT only) GET None Displays the methods /load/clear -/vnf/config/nat/load GET None Displays if file was loaded - PUT <script file - with commands> Executes each command from script file - -/vnf/config/nat/clear GET None Command success/failure clear the stats -/vnf/log GET None This needs to be implemented for each VNF - just keeping this as placeholder. - -/vnf/dbg GET None Will display methods supported like /pipelines/cmd -/vnf/dbg/pipelines GET None Displays pipeline information(names) - of each pipelines -/vnf/dbg/pipelines/<pipe id> GET None Displays debug level for particular pipeline - -/vnf/dbg/cmd GET None Last executed command parameters - POST cmd: Command success/failure - dbg: - d1: - d2: +/vnf GET None Displays top level methods available + +/vnf/config GET None Displays the current config set + POST pci_white_list: Command success/failure + num_worker(o): + vnf_type(o): + pkt_type (o): + num_lb(o): + sw_lb(o): + sock_in(o): + hyperthread(o) : + +/vnf/config/arp GET None Displays ARP/ND info + POST action: <add/del/req> Command success/failure + ipv4/ipv6: <address> + portid: <> + macaddr: <> for add + +/vnf/config/link GET None + POST link_id:<> Command success/failure + state: <1/0> + +/vnf/config/link/<link id> GET None + POST ipv4/ipv6: <address> Command success/failure + depth: <> + + +/vnf/config/route GET None Displays gateway route entries + POST portid: <> Adds route entries for default gateway + nhipv4/nhipv6: <addr> + depth: <> + type:"net/host" + +/vnf/config/rules(vFW/vACL only) GET None Displays the methods /load/clear +/vnf/config/rules/load GET None Displays if file was loaded + PUT <script file + with cmds> Executes each command from script file +/vnf/config/rules/clear GET None Command success/failure clear the stat + +/vnf/config/nat(vCGNAPT only) GET None Displays the methods /load/clear +/vnf/config/nat/load GET None Displays if file was loaded + PUT <script file + with commands> Executes each command from script file + +/vnf/config/nat/clear GET None Command success/failure clear the stats +/vnf/log GET None This needs to be implemented for each VNF + just keeping this as placeholder. + +/vnf/dbg GET None Will display methods supported like /pipelines/cmd +/vnf/dbg/pipelines GET None Displays pipeline information(names) + of each pipelines +/vnf/dbg/pipelines/<pipe id> GET None Displays debug level for particular pipeline + +/vnf/dbg/cmd GET None Last executed command parameters + POST cmd: Command success/failure + dbg: + d1: + d2: API Usage =============== @@ -181,7 +180,7 @@ void rest_api_<vnf>_init(struct mg_context *ctx, struct app_params *app) { myapp = app; - VNF specific command registration + VNF specific command registration mg_set_request_handler(,,,); } @@ -199,7 +198,7 @@ export VNF_CORE=`pwd` export RTE_SDK=`pwd`/dpdk-16.04 export RTE_TARGET=x86_64-native-linuxapp-gcc -./build/vFW -p 0x3 (Without the -f & -s option) +./build/vFW (Without the -f & -s option) 1. When VNF(vCGNAPT/vACL/vFW) is launched it waits for user to provide the /vnf/config REST method. A typical curl command if used will look like below @@ -220,10 +219,10 @@ public_ip_port_range being added, please note the "/" being used to seperate mul inputs for public_ip_port_range. e.g curl -X POST -H "Content-Type:application/json" -d '{"pci_white_list": "0000:05:00.0 0000:05:00.2 0000:07:00.0 0000:07:00.2", - "num_lb":"2", "num_worker":"10","public_ip_port_range_0": "04040000:(1, 65535)/04040001:(1, 65535)", - "public_ip_port_range_1": "05050000:(1, 65535)/05050001:(1, 65535)" }' http://10.223.197.179/vnf/config + "num_lb":"2", "num_worker":"10","public_ip_port_range_0": "04040000:(1, 65535)/04040001:(1, 65535)", + "public_ip_port_range_1": "05050000:(1, 65535)/05050001:(1, 65535)" }' http://10.223.197.179/vnf/config -2. Check the Link IP's using the REST API +2. Check the Link IP's using the REST API (vCGNAPT/vACL/vFW) e.g curl <IP>/vnf/config/link This would indicate the number of links enabled. You should enable all the links @@ -234,7 +233,7 @@ http://<IP>/vnf/config/link curl -X POST -H "Content-Type:application/json" -d '{"linkid": "1", "state": "1"}' http://<IP>/vnf/config/link -3. Now that links are enabled we can configure IP's using link method as follows +3. Now that links are enabled we can configure IP's using link method as follows (vCGNAPT/vACL/vFW) e.g curl -X POST -H "Content-Type:application/json" -d '{"ipv4":"<IP to be configured>","depth":"24"}' http://<IP>/vnf/config/link/0 @@ -248,33 +247,61 @@ required. curl -X POST -H "Content-Type:application/json" -d '{"portid":"0", "nhipv4":"IPV4 address", "depth":"8", "type":"net"}' http://<IP>/vnf/config/route +4. Adding arp entries we can use this method (vCGNAPT/vACL/vFW) +/vnf/config/arp -4. For Firewall/ACL in order to load the rules a script file needs to be posted -using a script. +e.g + +curl -X POST -H "Content-Type:application/json" -d '{"action":"add", "ipv4":"202.16.100.20", + "portid":"0", "macaddr":"00:00:00:00:00:01"}' + http://10.223.166.213/vnf/config/arp + +curl -X POST -H "Content-Type:application/json" -d '{"action":"add", "ipv4":"172.16.40.20", + "portid":"1", "macaddr":"00:00:00:00:00:02"}' + http://10.223.166.213/vnf/config/arp + +5. Adding route entries we can use this method (vCGNAPT/vACL/vFW) +vnf/config/route + +e.g curl -X POST -H "Content-Type:application/json" -d '{"type":"net", "depth":"8", "nhipv4":"202.16.100.20", + "portid":"0"}' http://10.223.166.240/vnf/config/route +curl -X POST -H "Content-Type:application/json" -d '{"type":"net", "depth":8", "nhipv4":"172.16.100.20", + "portid":"1"}' http://10.223.166.240/vnf/config/route + +5. In order to load the rules a script file needs to be posting a script.(vACL/vFW) /vnf/config/rules/load Typical example for loading a script file is shown below curl -X PUT -F 'image=@<path to file>' http://<IP>/vnf/config/rules/load -vCGNAPT can use the following REST api's for runtime configuring through a script +typically arpadd/routeadd commands can be provided as part of this to +add static arp entries & adding route entries providing the NHIP's. + +6. The following REST api's for runtime configuring through a script (vCGNAPT Only) /vnf/config/rules/clear -/vnf/config/nat(vCGNAPT only) +/vnf/config/nat /vnf/config/nat/load -For debug purpose following REST API's could be used as described above. +7. For debug purpose following REST API's could be used as described above.(vCGNAPT/vACL/vFW) /vnf/dbg + +e.g curl http://10.223.166.240/vnf/config/dbg + /vnf/dbg/pipelines +e.g curl http://10.223.166.240/vnf/config/dbg/pipelines + /vnf/dbg/pipelines/<pipe id> +e.g curl http://10.223.166.240/vnf/config/dbg/pipelines/<id> + /vnf/dbg/cmd -5. For stats we can use the following method +8. For stats we can use the following method (vCGNAPT/vACL/vFW) /vnf/stats e.g curl <IP>/vnf/stats -6. For quittiong the application +9. For quittiong the application (vCGNAPT/vACL/vFW) /vnf/quit e.g curl <IP>/vnf/quit - diff --git a/docs/testing/user/userguide/07-Config_files.rst b/docs/testing/user/userguide/07-Config_files.rst index 6ad6c6fb..9061ee57 100644 --- a/docs/testing/user/userguide/07-Config_files.rst +++ b/docs/testing/user/userguide/07-Config_files.rst @@ -7,14 +7,14 @@ SampleVNF - Config files ======================== The configuration files are created based on the DUT test scenarios. -The example reference files are provided as part of the VNFs in the +The example reference files are provided as part of the VNFs in the config folder. Following parameters will define the config files. -1. Loadbalancing: Hardware or Software +1. Load balancing type: Hardware or Software 2. Traffic type: IPv4 or IPv6 -3. Number of Ports: pairs: Single port or Multi-Port +3. Number of Port Pairs: Single or Multi Following are the example configuration files for sampleVNFs. @@ -31,7 +31,7 @@ The reference configuration files explained here are for Software and Hardware loadbalancing with IPv4 traffic type and single port pair. For other configurations liek IPv6 and Multi-port, refer to example config files provided as part of the source code in config(VNFs/vFW/config) folder -of the VNFs. +of the VNFs. 1. SWLB, IPv4, Single Port Pair, 4WT: @@ -40,35 +40,35 @@ of the VNFs. [PIPELINE0] type = MASTER core = 0 - + [PIPELINE1] type = ARPICMP core = 0 - + pktq_in = SWQ2 pktq_out = TXQ0.0 TXQ1.0 - + ; IPv4 ARP route table entries (dst_ip, mask, if_port, nh) hex values with no 0x ; arp_route_tbl = (ac102814,ff000000,1,ac102814) (ca106414,ff000000,0,ca106414) - + ; IPv6 ARP route table entries (dst_ip, mask, if_port, nh) hex values with no 0x ;nd_route_tbl = (fec0::6a05:caff:fe30:21b0,64,0,fec0::6a05:caff:fe30:21b0) ;nd_route_tbl = (2012::6a05:caff:fe30:2081,64,1,2012::6a05:caff:fe30:2081) - + ; egress (private interface) info pktq_in_prv = RXQ0.0 - + ;for pub port <-> prv port mapping (prv, pub) prv_to_pub_map = (0,1) prv_que_handler = (0) - + [PIPELINE2] type = TXRX core = 1 pktq_in = RXQ0.0 RXQ1.0 pktq_out = SWQ0 SWQ1 SWQ2 pipeline_txrx_type = RXRX - + [PIPELINE3] type = LOADB core = 2 @@ -79,13 +79,13 @@ of the VNFs. prv_que_handler = (0) n_lb_tuples = 5 ; tuple(src_ip,dst_ip, src_port, dst_port, protocol) ;loadb_debug = 0 - + [PIPELINE4] type = VFW core = 3 pktq_in = SWQ3 SWQ4 pktq_out = SWQ11 SWQ12;TXQ0.0 TXQ1.0 - + n_rules = 4096 ; Max number of ACL rules ;n_flows gets round up to power of 2 n_flows = 1048576 ; Max number of connections/flows per vFW WT @@ -97,13 +97,13 @@ of the VNFs. ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 ; UDP timeouts for unreplied traffic udp_replied = 180 ; UDP timeout for replied traffic - + [PIPELINE5] type = VFW core = 4 pktq_in = SWQ5 SWQ6 pktq_out = SWQ13 SWQ14;TXQ0.0 TXQ1.0 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 @@ -115,13 +115,13 @@ of the VNFs. ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE6] type = VFW core = 5 pktq_in = SWQ7 SWQ8 pktq_out = SWQ15 SWQ16 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 @@ -133,24 +133,24 @@ of the VNFs. ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE7] type = VFW core = 6 pktq_in = SWQ9 SWQ10 pktq_out = SWQ17 SWQ18 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 - traffic_type = 4 ; IPv4 Traffic + traffic_type = 4 ; IPv4 Traffic ;traffic_type = 6 ; IPv6 Traffic ; tcp_time_wait controls timeout for closed connection, normally 120 tcp_time_wait = 10 tcp_be_liberal = 0 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE8] type = TXRX core = 1h @@ -168,30 +168,30 @@ This configuration doesn't require LOADB and TXRX pipelines [PIPELINE0] type = MASTER core = 0 - + [PIPELINE1] type = ARPICMP core = 0 pktq_in = SWQ0 SWQ1 SWQ2 SWQ3 pktq_out = TXQ0.0 TXQ1.0 - + ; egress (private interface) info pktq_in_prv = RXQ0.0 - + ;for pub port <-> prv port mapping (prv, pub) prv_to_pub_map = (0,1) prv_que_handler = (0) - + [PIPELINE2] type = VFW core = 1 pktq_in = RXQ0.0 RXQ1.0 pktq_out = TXQ0.1 TXQ1.1 SWQ0 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 - + traffic_type = 4 ; IPv4 Traffic ;traffic_type = 6 ; IPv6 Traffic ; tcp_time_wait controls timeout for closed connection, normally 120 @@ -200,17 +200,17 @@ This configuration doesn't require LOADB and TXRX pipelines ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE3] type = VFW core = 2 pktq_in = RXQ0.1 RXQ1.1 pktq_out = TXQ0.2 TXQ1.2 SWQ1 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 - + traffic_type = 4 ; IPv4 Traffic ;traffic_type = 6 ; IPv6 Traffic ; tcp_time_wait controls timeout for closed connection, normally 120 @@ -219,17 +219,17 @@ This configuration doesn't require LOADB and TXRX pipelines ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE4] type = VFW core = 3 pktq_in = RXQ0.2 RXQ1.2 pktq_out = TXQ0.3 TXQ1.3 SWQ2 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 - + traffic_type = 4 ; IPv4 Traffic ;traffic_type = 6 ; IPv6 Traffic ; tcp_time_wait controls timeout for closed connection, normally 120 @@ -238,17 +238,17 @@ This configuration doesn't require LOADB and TXRX pipelines ;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 udp_unreplied = 180 udp_replied = 180 - + [PIPELINE5] type = VFW core = 4 pktq_in = RXQ0.3 RXQ1.3 pktq_out = TXQ0.4 TXQ1.4 SWQ3 - + n_rules = 4096 ;n_flows gets round up to power of 2 n_flows = 1048576 - + traffic_type = 4 ; IPv4 Traffic ;traffic_type = 6 ; IPv6 Traffic ; tcp_time_wait controls timeout for closed connection, normally 120 @@ -266,7 +266,7 @@ The reference configuration files explained here are for Software and Hardware loadbalancing with IPv4 traffic type and single port pair. For other configurations liek IPv6 and Multi-port, refer to example config files provided as part of the source code in config(VNFs/vACL/config) folder -of the VNFs. +of the VNFs. 1. SWLB, IPv4, Single Port Pair, 1 WT: @@ -276,7 +276,7 @@ of the VNFs. # add pci whitelist eg below w = 05:00.0 ; Network Ports binded to dpdk w = 05:00.1 ; Network Ports binded to dpdk - + [PIPELINE0] type = MASTER core = 0 @@ -289,7 +289,7 @@ of the VNFs. pktq_in_prv = RXQ0.0 prv_to_pub_map = (0,1) prv_que_handler = (0) - + [PIPELINE2] type = TXRX core = 1 @@ -327,13 +327,13 @@ of the VNFs. 2. SWLB, IPv4, Single Port Pair, 1 WT: - :: + :: [EAL] # add pci whitelist eg below w = 05:00.0 w = 05:00.1 - + [PIPELINE0] type = MASTER core = 0 diff --git a/docs/testing/user/userguide/08-CLI_Commands_Reference.rst b/docs/testing/user/userguide/08-CLI_Commands_Reference.rst new file mode 100644 index 00000000..ece0986d --- /dev/null +++ b/docs/testing/user/userguide/08-CLI_Commands_Reference.rst @@ -0,0 +1,531 @@ +.. This work is licensed under a creative commons attribution 4.0 international +.. license. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) opnfv, national center of scientific research "demokritos" and others. + +===================== +CLI Command Reference +===================== + +Introduction +============ +This chapter provides a commonly used sampleVNFs CLI commmands description. +The more detailed information and details will be available from the CLI +prompt of the VNF. + +Generic commands +================ + +routeadd +-------- +The routeadd command provides a mechanism to add the routing entries for the +VNF. + +The destination device me be directly(host) attached or attached to net. The +parameter net or host should be used accordngly along with other information. + +IPv4 interaface: + +:: + + Syntax: + + routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> + + Example: + + routeadd net 0 202.16.100.20 0xffff0000 + routeadd net 1 172.16.40.20 0xffff0000 + routeadd host 0 202.16.100.20 + routeadd host 1 172.16.40.20 + + +IPv6 interaface: + +:: + + Syntax: + + routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> + + Example: + + routeadd net 0 fec0::6a05:caff:fe30:21b0 64 + routeadd net 1 2012::6a05:caff:fe30:2081 64 + routeadd host 0 fec0::6a05:caff:fe30:21b0 + routeadd host 1 2012::6a05:caff:fe30:2081 + + +The route can also be added to the VNF as a config parameters. This method is +deprecated and not recommended to use but is supported for backward +compatiblity. + +IPv4 interaface: + +:: + + Syntax: + + ARP route table entries (ip, mask, if_port, nh) hex values with no 0x + + Example: + + arp_route_tbl = (c0106414,FFFF0000,0,c0106414) + arp_route_tbl = (ac102814,FFFF0000,1,ac102814) + + +IPv6 interaface: + +:: + + Syntax: + + ARP route table entries (ip, mask, if_port, nh) hex values with no 0x + + Example: + + nd_route_tbl = (0064:ff9b:0:0:0:0:9810:6414,120,0,0064:ff9b:0:0:0:0:9810:6414) + nd_route_tbl = (0064:ff9b:0:0:0:0:9810:2814,120,1,0064:ff9b:0:0:0:0:9810:2814) + + +arpadd +------ +The arpadd command is provided to add the static arp entries to the VNF. + +IPv4 interface: + +:: + + Syntax: + + p <arpicmp_pipe_id> arpadd <interface_id> <ip_address in deciaml> <mac addr in hex> + + Example: + + p 1 arpadd 0 202.16.100.20 00:ca:10:64:14:00 + p 1 arpadd 1 172.16.40.20 00:ac:10:28:14:00 + + +IPv6 interface: + +:: + + Syntax: + + p <arpicmp_pipe_id> arpadd <interface_id> <ip_address in deciaml> <mac addr in hex> + + Example: + + p 1 arpadd 0 0064:ff9b:0:0:0:0:9810:6414 00:00:00:00:00:01 + p 1 arpadd 1 0064:ff9b:0:0:0:0:9810:2814 00:00:00:00:00:02 + + +lbentry +------- +Loadbalancer CLI commands for debug + +:: + + LB Commands + ------------------------------------------------------------- + Commands Description + ------------------------------------------------------------- + p <pipe_id> lbentry dbg 0 0 To show received packets count + p <pipe_id> lbentry dbg 1 0 To reset received packets count + p <pipe_id> lbentry dbg 2 0 To set debug level + p <pipe_id> lbentry dbg 3 0 To display debug level + p <pipe_id> lbentry dbg 4 0 To display port statistics + + +arpls +----- + +The arpls command is used to list the arp and route entries. + +:: + + Syntax: + + P <pipe_id> arpls <0: IPv4, 1: IPv6> + + Example: + + p 1 arpls 0 + p 1 arpls 1 + + +vFW Specific commands +===================== +The following list of commands are specific to VFW pipeline. + +action add +---------- +Refer to "action add" CLI command line help to get more details. +Many options are available for this command for accept, fwd, count, conntrack +etc. + +applyruleset +------------ +This command must be executed to apply the ACL rules configured. + +:: + + Syntax/Example: + + p vfw applyruleset + + +add +--- +This command is used to add teh ACL rules to vFW + +Adding ACL rules for IPv4: + +:: + + Syntax: + + p vfw add <priority> <src_ip> <mask> <dst_ip> <mask> <src_port_start> <src_port_end> <dst_port_start> <dst_port_end> <protocol_mask> <action_id> + ;Log info: Prio = 1 (SA = 202.0.0.0/8, DA = 192.0.0.0/8, SP = 0-65535, DP = 0-65535, Proto = 0 / 0x0) => Action ID = 1 + + Example: + + p vfw add 2 202.16.100.20 8 172.16.40.20 8 0 65535 0 65535 0 0 1 + p vfw add 2 172.16.40.20 8 202.16.100.20 8 0 65535 0 65535 0 0 0 + + +Adding ACL rules for IPv6: + +:: + + Syntax: + + p vfw add <priority> <src_ip> <mask> <dst_ip> <mask> <src_port_start> <src_port_end> <dst_port_start> <dst_port_end> <protocol_mask> <action_id> + + Example: + + p vfw add 2 fec0::6a05:caff:fe30:21b0 64 2012::6a05:caff:fe30:2081 64 0 65535 0 65535 0 0 1 + p vfw add 2 2012::6a05:caff:fe30:2081 64 fec0::6a05:caff:fe30:21b0 64 0 65535 0 65535 0 0 0 + + +stats +----- +Display vFW stats. + +:: + + Syntax/Example: + + p vfw stats + +clearstats +----------- +Clear vFW stats + +:: + + Syntax/Example: + + p vfw clearstats + +counterdump +----------- +Enable or disable the counterdump using the following commands + +:: + + Syntax/Example: + + p vfw counterdump start + p vfw counterdump stop + +debug +----- +Enable or Disable the dynamic debug logs + +:: + + Syntax/Example: + + Disable dbg logs + p vfw dbg 0 + + Enable dbg logs + p vfw dbg 1 + +firewall +-------- +Enable or disable the firewall basic filtering using following commands. + +:: + + Syntax/Example: + + To disable + p <pipe_id> vfw firewall 0 + + To enable + p <pipe_id> vfw firewall 1 + +synproxy +-------- +Enable or disable the synproxy using following commands. + +:: + + Syntax/Example: + + To disable + p <pipe_id> vfw synproxy 0 + + To enable + p <pipe_id> vfw synproxy 1 + +conntrack +--------- +Enable or disable the connection tracking per VFW pipeline + +:: + + Syntax/Example: + + To enable connection tracking + p action add <pipe_id> conntrack + + To disable connection tracking + p action del <pipe_id> conntrack + + +loadrules +--------- + +A new file containing ACL rules and actions. The existing ACL rules and actions are +cleared. + +:: + + Syntax: + p vfw loadrules <rule file> + + Example: + p vfw loadrules ./config/acl_script_rules.tc + +list +---- +List the ACL rules in vFW + +:: + + Syntax/Example: + + List Active ACL rules + p vfw ls 0 + + List Standby ACL rules + p vfw ls 1 + + +vACL Specific commands +====================== +Following are the typical commands used in vACL. Refer to CLI command line +prompt for more details. + + +action add +---------- +Using pipeline CLI, an action can be added using the following command: + +:: + + Syntax: + p action add <action-id> <action> <optional option> + + Example: + + Accept: + p action add 1 accept + + Drop: + p action add 2 drop + + Count: + p action add 1 count + + fwd: + p action add 1 fwd 1 + Where a port # must be specified + + NAT: + p action add 3 nat 2 + Where a port # must be specified + + List Action: + p action ls <pipleine-id> + e.g. p action ls 2 + +add rules +--------- +Using pipeline CLI, an ACL rule can be added using the following command: + +:: + + Syntax: + p acl add <priority> <src-ip> <mask> <dst-ip> <mask> <src-port-from> <src-port-to> <dst-port-from> <dst-port-to> <protocol> <protocol-mask> <action-id> + + Example: + p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1 + + UDP only with source and destination IP addresses: + p acl add 1 172.16.100.00 24 172.16.40.00 24 0 65535 0 65535 17 255 1 + p acl add 1 172.16.40.00 24 172.16.100.00 24 0 65535 0 65535 17 255 1 + + UDP Only: + p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 17 255 1 + + Allow all packets: + ----------------- + p acl add 1 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 1 + + +list ACL rules +-------------- +Using pipeline CLI, the list of current ACL rules can be viewed using: + +:: + + Syntax: + p acl ls <pipe_id> + + Example: + p acl ls 2 + + +del an ACL rule +--------------- +Using pipeline CLI, an ACL rule can be deleted using the following command: + +:: + + Syntax: + p acl del <src-ip> <mask> <dst-ip> <mask> <src-port-from> <src-port-to> <dst-port-from> <dst-port-to> <protocol> <protocol-mask> + + Example: + p acl del 0.0.0.0 0 0.0.0.0 0 0 65535 0 65535 0 0 + + +stats +----- +Display ACL stats. + +:: + + Syntax/Example: + + p acl stats + +clearstats +----------- +Clear ACL stats + +:: + + Syntax/Example: + + p acl clearstats + + +loadrules +--------- + +A new file containing ACL rules and actions. The existing ACL rules and actions are +cleared. + +:: + + Syntax: + p acl loadrules <rule file> + + Example: + p acl loadrules ./config/acl_script_rules.tc + + +debug +----- +Debug logs can be turn on or turn off using the following commands + +:: + + Syntax/Example: + + Turn on Debug: + p 2 acl dbg 1 + + Turn off Debug: + p 2 acl dbg 0 + + +vCGNAT Specific commands +======================== + +The following are the details of the CLI commands supported by vCGNAT. +Refer to vCGNAPT application CLI command prompt help more details. + +:: + + To add bulk vCGNAPT entries + p <pipe_id> entry addm <prv_ip/prv_ipv6> <prv_port> <pub_ip> <pub_port> <phy_port> <ttl> <no_of_entries> <end_prv_port> <end_pub_port> + + To add single vCGNAPT entry + p <pipe_id> entry add <prv_ip/prv_ipv6> <prv_port> <pub_ip> <pub_port> <phy_port> <ttl> + + To delete single vCGNAPT entry + p <pipe_id> entry del <prv_ip/prv_ipv6> <prv_port> <phy_port> + + Displays all vCGNAPT static entries + p <pipe_id> entry ls + + To display debug level , bulk entries added count + p <pipe_id> entry dbg 3 0 0 + + To show counters info + p <pipe_id> entry dbg 3 3 0 + + To show physical port statistics + p <pipe_id> entry dbg 6 0 0 + + To show SWQ number stats + p <pipe_id> entry dbg 6 1 <SWQ number> + + For code instrumentation + p <pipe_id> entry dbg 7 0 0 + + Displays CGNAPT version + p <pipe_id> entry ver 1 0 + + To enable ipv6 traffic. + p <pipe_id> entry dbg 11 1 0 + + To disable ipv6 traffic. + p <pipe_id> entry dbg 11 0 0 + + To add Network Specific Preifx and depth in prefix table + p <pipe_id> nsp add <nsp_prefix/depth> + + To delete Network Specific Preifx and depth in prefix table + p <pipe_id> nsp del <nsp_prefix/depth> + + To show nsp prefix/depth configured/added in prefix table. + p <pipe_id> entry dbg 13 0 0 + + To show number of clients per public IP address + p <pipe_id> entry dbg 14 0 0 + + To show list of public IP addresses + p <pipe_id> entry dbg 15 0 0 + + To show number of clients per public IP address + p <pipe_id> numipcli + + Enable dual stack. + p <pipe_id> entry dbg 11 1 0 + diff --git a/docs/testing/user/userguide/index.rst b/docs/testing/user/userguide/index.rst index 71f3a0e7..8d797627 100644 --- a/docs/testing/user/userguide/index.rst +++ b/docs/testing/user/userguide/index.rst @@ -19,5 +19,6 @@ SampleVNF User Guide 05-How_to_run_SampleVNFs 06-How_to_use_REST_api 07-Config_files + 08-CLI_Commands_Reference glossary references |