AETHER-3328 Reorganize guide for better flow; App filtering screenshots
Change-Id: I1051c3816f8c28e537b29ae1704f6faffb4bdc99
diff --git a/operations/application.rst b/operations/application.rst
new file mode 100644
index 0000000..228de33
--- /dev/null
+++ b/operations/application.rst
@@ -0,0 +1,114 @@
+..
+ SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+ SPDX-License-Identifier: Apache-2.0
+
+Application Management
+======================
+
+Aether allows configuration of the application endpoints that a
+device is allowed to connect to. Configuration is possible of not only whether an
+application endpoint is reachable or not, but also what maximum bitrate and traffic
+class should be associated with that endpoint.
+
+A Slice may have a total of five user-defined application endpoints associated with it. Logically
+this could be one application with five endpoints, five applications with one endpoint
+each, or any other combination that is less than or equal to five endpoints total.
+
+In addition to
+these five user configurable endpoints, the default behavior can be set to either
+ALLOW-ALL, DENY-ALL, or ALLOW-PUBLIC. ALLOW-PUBLIC is a special rule that denies traffic
+to private IPv4 networks (as per RFC1918) and then allows everything else.
+
+Creating Applications
+---------------------
+
+Begin by creating Applications. Start by going to the application page, and
+clicking the add button.
+
+|app-list|
+
+This will open a page where application details may be specified:
+
+|app-add|
+
+Each application has an address field which may be
+set to an IPv4 address or an IPv4 subnet, which may in turn match several IPv4
+addresses. Once the address is set, move on to creating endpoints. Press the plus
+button to add an endpoint.
+
+|app-add-endpoint|
+
+Each endpoint is a port range, specified by its start and end port. A range of
+exactly one port is also acceptable. The protocol may be set to either TCP or UDP. Each
+endpoint may also have associated with it a maximum bitrate and a traffic-class. The
+maximum bitrate is per-device to the application; it is not the sum of all devices to the
+application.
+
+Once all endpoints have been added, they will be summarized on the application page. Update
+and commit the changes.
+
+|app-add-update|
+
+Adding Applications to Slices
+-----------------------------
+
+Each Slice has an application filter, which is a list of applications. Each entry
+in this list has a priority and an allow|deny setting. Keep in mind that the total
+number of endpoints for all applications attached to the Slice must be less than or
+equal to five. Start by opening up the slice and clicking the plus button next to the
+Filter list.
+
+|app-filter-slice-edit-filter-plus|
+
+Choose an application and select a priority for it.
+
+|slice-filter-popup|
+
+Also configurable for the Slice is the default-behavior, which will automatically
+be evaluated at the lowest priority, only taking effect if no other rule matches.
+The default behavior does not count against the 5-endpoint limit.
+
+How Application Filtering is Evaluated
+--------------------------------------
+
+Application filtering is evaluated from highest priority (0) to the lowest
+priority (250). The first rule to match will have its action applied. Subsequent
+rules after a match are not evaluated.
+
+For example, assume the following filter is configured:
+
+* Priority=0, Address=10.0.0.1, Protocol=TCP, Port=8000, Action=Allow
+* Priority=1, Address=10.0.0.0/24, Action=Deny
+* Default_Behavior = Allow All
+
+The above rule would allow traffic to 10.0.0.1 on TCP port 8000, but deny
+traffic to all other hosts on the IPv4 subnet 10.0.0.0/24. Ports other than
+8000 on 10.0.0.1 would be denied, as would protocols other than TCP. Traffic to
+subnets other than 10.0.0.0/24 would be allowed.
+
+.. |app-list| image:: images/aether-roc-gui-application-list.png
+ :alt: List of applications
+ :width: 1000
+
+.. |app-add| image:: images/aether-roc-gui-application-add.png
+ :alt: Add an application
+ :width: 800
+
+.. |app-add-endpoint| image:: images/aether-roc-gui-application-add-endpoint.png
+ :alt: Add an application endpoint
+ :width: 600
+
+.. |app-add-update| image:: images/aether-roc-gui-application-add-update.png
+ :alt: Ready to update and commit the application
+ :width: 800
+
+.. |app-filter-slice-edit-filter-plus| image:: images/aether-roc-gui-slice-edit-filter-plus.png
+ :alt: Slice edit page, ready to add a filter
+ :width: 800
+
+.. |slice-filter-popup| image:: images/aether-roc-gui-slice-filter-popup.png
+ :alt: Popup to add or edit an application filter
+ :width: 600
+
+
+