From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Tue, 18 Apr 2017 13:36:02 +0530 Subject: vFW: Adding Virtual Firewall VNF JIRA: SAMPLEVNF-4 vFW supports following features: - Basic packet filtering (malformed packets, IP fragments) - Connection tracking for TCP and UDP - Access Control List for rule based policy enforcement - SYN-flood protection via Synproxy* for TCP - UDP, TCP and ICMP protocol pass-through - CLI based enable/disable connection tracking, synproxy, basic packet filtering - Hardware and Software Load Balancing - L2L3 stack support for ARP/ICMP handling - Multithread support - Multiple physical port support Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20 Signed-off-by: Anand B Jyoti [Push patch to gerrit] Signed-off-by: Deepak S --- .../config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg | 60 ++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg (limited to 'VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg') diff --git a/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg b/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg new file mode 100644 index 00000000..a274506b --- /dev/null +++ b/VNFs/vFW/config/VFW_HWLB_IPV4_MultiPortPair_1Thread.cfg @@ -0,0 +1,60 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 + +pktq_in = SWQ0 +pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 +; ARP route table entries (ip, mask, if_port, nh) hex values with no 0x +arp_route_tbl = (ad102814,ff000000,2,ad102814) (cb106414,ff000000,0,cb106414) +arp_route_tbl = (ac102814,ff000000,3,ac102814) (ca106414,ff000000,1,ca106414) +; Link MAC addresses in order aa:bb:cc:dd:ee:ff separated by space +; +; Hex values with no leading 0x, MACs in ascending port order starting @P0 +ports_mac_list = 00:cb:10:64:14:00 00:ca:10:64:14:00 00:ad:10:28:14:00 00:ac:10:28:14:00 +; +; egress (private interface) info +pktq_in_prv = RXQ0.0 RXQ1.0 +; +;for pub port <-> prv port mapping (prv, pub) +prv_to_pub_map = (0,2)(1,3) +prv_que_handler = (0,1) +[PIPELINE2] +type = VFW +core = 2 +pktq_in = RXQ0.0 RXQ1.0 RXQ2.0 RXQ3.0 +pktq_out = TXQ0.1 TXQ1.1 TXQ2.1 TXQ3.1 SWQ0 + +;n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 + +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 + + + + -- cgit 1.2.3-korg