From a59ed4772da29826915010a7c9d34b5ebd256c42 Mon Sep 17 00:00:00 2001 From: Anand B Jyoti Date: Tue, 18 Apr 2017 13:36:02 +0530 Subject: vFW: Adding Virtual Firewall VNF JIRA: SAMPLEVNF-4 vFW supports following features: - Basic packet filtering (malformed packets, IP fragments) - Connection tracking for TCP and UDP - Access Control List for rule based policy enforcement - SYN-flood protection via Synproxy* for TCP - UDP, TCP and ICMP protocol pass-through - CLI based enable/disable connection tracking, synproxy, basic packet filtering - Hardware and Software Load Balancing - L2L3 stack support for ARP/ICMP handling - Multithread support - Multiple physical port support Change-Id: I96d28858488ed8764370d161975bc1e0557c8b20 Signed-off-by: Anand B Jyoti [Push patch to gerrit] Signed-off-by: Deepak S --- .../config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg | 155 +++++++++++++++++++++ 1 file changed, 155 insertions(+) create mode 100644 VNFs/vFW/config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg (limited to 'VNFs/vFW/config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg') diff --git a/VNFs/vFW/config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg b/VNFs/vFW/config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg new file mode 100644 index 00000000..adcce34e --- /dev/null +++ b/VNFs/vFW/config/VFW_SWLB_IPV4_MultiPortPair_4Thread.cfg @@ -0,0 +1,155 @@ +; Copyright (c) 2017 Intel Corporation +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http:#www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. + +[PIPELINE0] +type = MASTER +core = 0 +[PIPELINE1] +type = ARPICMP +core = 1 + +pktq_in = SWQ2 SWQ13 +pktq_out = TXQ0.0 TXQ1.0 TXQ2.0 TXQ3.0 +; ARP route table entries (ip, mask, if_port, nh) hex values with no 0x +arp_route_tbl = (ad102814,ff000000,1,ad102814) (cb106414,ff000000,0,cb106414) +arp_route_tbl = (ac102814,ff000000,3,ac102814) (ca106414,ff000000,2,ca106414) +; Link MAC addresses in order aa:bb:cc:dd:ee:ff separated by space +; +; Hex values with no leading 0x, MACs in ascending port order starting @P0 +#ports_mac_list = 00:cb:10:64:14:00 00:ca:10:64:14:00 00:ad:10:28:14:00 00:ac:10:28:14:00 +ports_mac_list = 00:cb:10:64:14:00 00:ca:10:64:14:00 00:ad:10:28:14:00 00:ac:10:28:14:00 +; +; egress (private interface) info +pktq_in_prv = RXQ0.0 RXQ2.0 +; +;for pub port <-> prv port mapping (prv, pub) +prv_to_pub_map = (0,1)(2,3) +prv_que_handler = (0,2) + +;lib_arp_debug = 1 +[PIPELINE2] +type = TXRX +core = s0c2 +pktq_in = RXQ0.0 RXQ1.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = SWQ0 SWQ1 SWQ2;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = RXRX +; +[PIPELINE3] +type = LOADB +core = 3 +pktq_in = SWQ0 SWQ1 +pktq_out = SWQ3 SWQ4 SWQ5 SWQ6 ;SWQ10 SWQ11 +outport_offset = 136; 8 +n_vnf_threads = 2 +prv_que_handler = (0) + +n_lb_tuples = 5 +;loadb_debug = 0 +[PIPELINE4] +type = VFW +core = s0c4 +pktq_in = SWQ3 SWQ4 +pktq_out = SWQ7 SWQ8;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 +[PIPELINE5] +type = VFW +core = s0c4h +pktq_in = SWQ5 SWQ6 +pktq_out = SWQ9 SWQ10;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 + +[PIPELINE6] +type = TXRX +core = s0c2h +pktq_in = SWQ7 SWQ8 SWQ9 SWQ10 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 ;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = TXTX +[PIPELINE7] +type = TXRX +core = s0c5 +pktq_in = RXQ2.0 RXQ3.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = SWQ11 SWQ12 SWQ13;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = RXRX +; +[PIPELINE8] +type = LOADB +core = 6 +pktq_in = SWQ11 SWQ12 +pktq_out = SWQ14 SWQ15 SWQ16 SWQ17 ;SWQ10 SWQ11 +outport_offset = 136; 8 +n_vnf_threads = 2 +n_lb_tuples = 5 +prv_que_handler = (0) +;loadb_debug = 0 +[PIPELINE9] +type = VFW +core = s0c7 +pktq_in = SWQ14 SWQ15 +pktq_out = SWQ18 SWQ19;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 +;udp_unreplied and udp_replied controls udp "connection" timeouts, normally 30/180 +;udp_unreplied = 20 +;udp_replied = 20 +[PIPELINE10] +type = VFW +core = s0c7h +pktq_in = SWQ16 SWQ17 +pktq_out = SWQ20 SWQ21;TXQ0.0 TXQ1.0 + +n_rules = 10000 + +;n_flows gets round up to power of 2 +n_flows = 1000000 +pkt_type = ipv4 +traffic_type = 4 +; tcp_time_wait controls timeout for closed connection, normally 120 +tcp_time_wait = 10 +tcp_be_liberal = 0 + +[PIPELINE11] +type = TXRX +core = s0c5h +pktq_in = SWQ18 SWQ19 SWQ20 SWQ21 ;RXQ0.0 RXQ1.0 ;SWQ4 SWQ5 ;SWQ8 SWQ9 SWQ12 SWQ13 +pktq_out = TXQ2.1 TXQ3.1 TXQ2.2 TXQ3.2 ;TXQ0.0 TXQ1.0 ;TXQ0.1 TXQ1.1 TXQ0.2 TXQ1.2 +pipeline_txrx_type = TXTX -- cgit 1.2.3-korg