Gitiles
Code Review Sign In
gerrit.opencord.org / aether-docs / 3c7cfea659e9480dcf6314e9113d593a0e4eb3f2 / . / operations / application.rst
blob: 228de339add241f8c7db022bdc6eb8a1895e8ce1 [file] [log] [blame]
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]1..
2 SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
3 SPDX-License-Identifier: Apache-2.0
4
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]5Application Management
6======================
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]7
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]8Aether allows configuration of the application endpoints that a
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]9device is allowed to connect to. Configuration is possible of not only whether an
10application endpoint is reachable or not, but also what maximum bitrate and traffic
11class should be associated with that endpoint.
12
Scott Bakerc0747562022-03-09 13:48:29 -0800[diff] [blame]13A Slice may have a total of five user-defined application endpoints associated with it. Logically
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]14this could be one application with five endpoints, five applications with one endpoint
15each, or any other combination that is less than or equal to five endpoints total.
16
17In addition to
18these five user configurable endpoints, the default behavior can be set to either
19ALLOW-ALL, DENY-ALL, or ALLOW-PUBLIC. ALLOW-PUBLIC is a special rule that denies traffic
20to private IPv4 networks (as per RFC1918) and then allows everything else.
21
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]22Creating Applications
23---------------------
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]24
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]25Begin by creating Applications. Start by going to the application page, and
26clicking the add button.
27
28|app-list|
29
30This will open a page where application details may be specified:
31
32|app-add|
33
34Each application has an address field which may be
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]35set to an IPv4 address or an IPv4 subnet, which may in turn match several IPv4
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]36addresses. Once the address is set, move on to creating endpoints. Press the plus
37button to add an endpoint.
38
39|app-add-endpoint|
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]40
41Each endpoint is a port range, specified by its start and end port. A range of
42exactly one port is also acceptable. The protocol may be set to either TCP or UDP. Each
43endpoint may also have associated with it a maximum bitrate and a traffic-class. The
44maximum bitrate is per-device to the application; it is not the sum of all devices to the
45application.
46
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]47Once all endpoints have been added, they will be summarized on the application page. Update
48and commit the changes.
49
50|app-add-update|
51
Scott Bakerc0747562022-03-09 13:48:29 -0800[diff] [blame]52Adding Applications to Slices
53-----------------------------
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]54
Scott Bakerc0747562022-03-09 13:48:29 -0800[diff] [blame]55Each Slice has an application filter, which is a list of applications. Each entry
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]56in this list has a priority and an allow|deny setting. Keep in mind that the total
Scott Bakerc0747562022-03-09 13:48:29 -0800[diff] [blame]57number of endpoints for all applications attached to the Slice must be less than or
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]58equal to five. Start by opening up the slice and clicking the plus button next to the
59Filter list.
60
61|app-filter-slice-edit-filter-plus|
62
63Choose an application and select a priority for it.
64
65|slice-filter-popup|
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]66
Scott Bakerc0747562022-03-09 13:48:29 -0800[diff] [blame]67Also configurable for the Slice is the default-behavior, which will automatically
Scott Bakerd3a7ec52021-11-08 22:59:07 -0800[diff] [blame]68be evaluated at the lowest priority, only taking effect if no other rule matches.
69The default behavior does not count against the 5-endpoint limit.
70
71How Application Filtering is Evaluated
72--------------------------------------
73
74Application filtering is evaluated from highest priority (0) to the lowest
75priority (250). The first rule to match will have its action applied. Subsequent
76rules after a match are not evaluated.
77
78For example, assume the following filter is configured:
79
80* Priority=0, Address=10.0.0.1, Protocol=TCP, Port=8000, Action=Allow
81* Priority=1, Address=10.0.0.0/24, Action=Deny
82* Default_Behavior = Allow All
83
84The above rule would allow traffic to 10.0.0.1 on TCP port 8000, but deny
85traffic to all other hosts on the IPv4 subnet 10.0.0.0/24. Ports other than
868000 on 10.0.0.1 would be denied, as would protocols other than TCP. Traffic to
87subnets other than 10.0.0.0/24 would be allowed.
Scott Baker3c7cfea2022-03-09 16:22:42 -0800[diff] [blame^]88
89.. |app-list| image:: images/aether-roc-gui-application-list.png
90 :alt: List of applications
91 :width: 1000
92
93.. |app-add| image:: images/aether-roc-gui-application-add.png
94 :alt: Add an application
95 :width: 800
96
97.. |app-add-endpoint| image:: images/aether-roc-gui-application-add-endpoint.png
98 :alt: Add an application endpoint
99 :width: 600
100
101.. |app-add-update| image:: images/aether-roc-gui-application-add-update.png
102 :alt: Ready to update and commit the application
103 :width: 800
104
105.. |app-filter-slice-edit-filter-plus| image:: images/aether-roc-gui-slice-edit-filter-plus.png
106 :alt: Slice edit page, ready to add a filter
107 :width: 800
108
109.. |slice-filter-popup| image:: images/aether-roc-gui-slice-filter-popup.png
110 :alt: Popup to add or edit an application filter
111 :width: 600
112
113
114