blob: b925a2932820edf0dab43346012d42d45cdd7857 [file] [log] [blame]
..
SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
SPDX-License-Identifier: Apache-2.0
.. _application:
Application Management
======================
Aether allows configuration of the application endpoints that a
device is allowed to connect to. Configuration is possible of not only whether an
application endpoint is reachable or not, but also what maximum bitrate and traffic
class should be associated with that endpoint.
A Slice may have a total of five user-defined application endpoints associated with it. Logically
this could be one application with five endpoints, five applications with one endpoint
each, or any other combination that is less than or equal to five endpoints total.
Each application has an address field which may be
set to an IPv4 address or an IPv4 subnet, which may in turn match several IPv4
addresses. This address is common to all endpoints for the application.
Each endpoint is a port range, specified by its start and end port. A range of
exactly one port is also acceptable. The protocol may be set to either TCP or UDP. Each
endpoint may also have associated with it a maximum bitrate and a traffic-class. The
maximum bitrate (MBR) is per-device to the application; it is not the sum of all devices to the
application. For more information see the section on :ref:`metering`.
In addition to
these five user configurable endpoints, the default behavior can be set to either
ALLOW-ALL, DENY-ALL, or ALLOW-PUBLIC. ALLOW-PUBLIC is a special rule that denies traffic
to private IPv4 networks (as per RFC1918) and then allows everything else.
Creating Applications
---------------------
Begin by creating Applications. Start by going to the application page, and
clicking the add button.
|app-list|
This will open a page where application details may be specified:
|app-add|
Set the address and then move on to creating endpoints. Press the *+*
button to add an endpoint.
|app-add-endpoint|
Specify the port range, protocol, and optionally the MBR and traffic class for the
endpoint.
Once all endpoints have been added, they will be summarized on the application page. Update
and commit the changes.
|app-add-update|
Adding Applications to Slices
-----------------------------
Each Slice has an application filter, which is a list of applications. Each entry
in this list has a priority and an allow|deny setting. Keep in mind that the total
number of endpoints for all applications attached to the Slice must be less than or
equal to five. Start by opening up the slice and clicking the plus button next to the
Filter list.
|app-filter-slice-edit-filter-plus|
Choose an application and select a priority for it.
|slice-filter-popup|
Also configurable for the Slice is the default-behavior, which will automatically
be evaluated at the lowest priority, only taking effect if no other rule matches.
The default behavior does not count against the 5-endpoint limit.
How Application Filtering is Evaluated
--------------------------------------
Application filtering is evaluated from highest priority (0) to the lowest
priority (250). The first rule to match will have its action applied. Subsequent
rules after a match are not evaluated.
For example, assume the following filter is configured:
* Priority=0, Address=10.0.0.1, Protocol=TCP, Port=8000, Action=Allow
* Priority=1, Address=10.0.0.0/24, Action=Deny
* Default_Behavior = Allow All
The above rule would allow traffic to 10.0.0.1 on TCP port 8000, but deny
traffic to all other hosts on the IPv4 subnet 10.0.0.0/24. Ports other than
8000 on 10.0.0.1 would be denied, as would protocols other than TCP. Traffic to
subnets other than 10.0.0.0/24 would be allowed.
.. |app-list| image:: images/aether-roc-gui-application-list.png
:alt: List of applications
:width: 1000
.. |app-add| image:: images/aether-roc-gui-application-add.png
:alt: Add an application
:width: 800
.. |app-add-endpoint| image:: images/aether-roc-gui-application-add-endpoint.png
:alt: Add an application endpoint
:width: 600
.. |app-add-update| image:: images/aether-roc-gui-application-add-update.png
:alt: Ready to update and commit the application
:width: 800
.. |app-filter-slice-edit-filter-plus| image:: images/aether-roc-gui-slice-edit-filter-plus.png
:alt: Slice edit page, ready to add a filter
:width: 800
.. |slice-filter-popup| image:: images/aether-roc-gui-slice-filter-popup.png
:alt: Popup to add or edit an application filter
:width: 600