Initial M-CORD services charts
Change-Id: I36bcfcb3f7800b95e54b5b8a375e113696f6d5b1
diff --git a/mcord/cni-config/01-cni-service-account.yaml b/mcord/cni-config/01-cni-service-account.yaml
new file mode 100644
index 0000000..022e248
--- /dev/null
+++ b/mcord/cni-config/01-cni-service-account.yaml
@@ -0,0 +1,50 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: pod-networks-operator
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- nonResourceURLs:
+ - '*'
+ verbs:
+ - '*'
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: sriov-dp
+ namespace: kube-system
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: sriov-dp
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: pod-networks-operator
+subjects:
+- kind: ServiceAccount
+ name: sriov-dp
+ namespace: kube-system
diff --git a/mcord/cni-config/02-network-crd.yaml b/mcord/cni-config/02-network-crd.yaml
new file mode 100644
index 0000000..3c1590a
--- /dev/null
+++ b/mcord/cni-config/02-network-crd.yaml
@@ -0,0 +1,38 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ # name must match the spec fields below, and be in the form: <plural>.<group>
+ name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+ # group name to use for REST API: /apis/<group>/<version>
+ group: k8s.cni.cncf.io
+ # version name to use for REST API: /apis/<group>/<version>
+ version: v1
+ # either Namespaced or Cluster
+ scope: Namespaced
+ names:
+ # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+ plural: network-attachment-definitions
+ # singular name to be used as an alias on the CLI and for display
+ singular: network-attachment-definition
+ # kind is normally the CamelCased singular type. Your resource manifests use this.
+ kind: NetworkAttachmentDefinition
+ # shortNames allow shorter string to match your resource on the CLI
+ shortNames:
+ - net-attach-def
diff --git a/mcord/cni-config/03-network-definition.yaml b/mcord/cni-config/03-network-definition.yaml
new file mode 100644
index 0000000..5b0b62f
--- /dev/null
+++ b/mcord/cni-config/03-network-definition.yaml
@@ -0,0 +1,53 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: s1u-net
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: intel.com/sriov
+spec:
+ config: '{
+ "type": "sriov",
+ "name": "s1u-net",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "119.0.0.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+}'
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: sgi-net
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: intel.com/sriov
+spec:
+ config: '{
+ "type": "sriov",
+ "name": "sgi-net",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "13.1.1.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+}'
diff --git a/mcord/cni-config/04-sriov-device-plugin-configmap.yaml b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
new file mode 100644
index 0000000..086b9e7
--- /dev/null
+++ b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
@@ -0,0 +1,94 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: multus-certs
+ namespace: kube-system
+data:
+ install-certs.sh: |
+ # Copied from Calico
+ # https://github.com/projectcalico/cni-plugin/blob/master/k8s-install/scripts/install-cni.sh
+ touch /host/etc/cni/net.d/multus-kubeconfig
+ chmod 600 /host/etc/cni/net.d/multus-kubeconfig
+ SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount
+ KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
+ TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
+ SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
+ #cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+ # Kubeconfig file for Multus CNI plugin.
+ apiVersion: v1
+ kind: Config
+ clusters:
+ - name: local
+ cluster:
+ server: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}
+ $TLS_CFG
+ users:
+ - name: multus
+ user:
+ token: "${SERVICEACCOUNT_TOKEN}"
+ contexts:
+ - name: multus-context
+ context:
+ cluster: local
+ user: multus
+ current-context: multus-context
+ EOF
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: sriov-config
+ namespace: kube-system
+data:
+ config.json: |
+ {
+ "resourceList":
+ [
+ {
+ "resourceName": "sriov",
+ "rootDevices": ["04:00.0"],
+ "sriovMode": true,
+ "deviceType": "netdevice"
+ }
+ ]
+ }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: multus-conf
+ namespace: kube-system
+data:
+ 01-cni-conf.json: |
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "logLevel": "debug",
+ "logFile": "/tmp/multus.log",
+ "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+ "delegates": [
+ {
+ "name": "cbr0",
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true
+ }
+ }
+ ]
+ }
diff --git a/mcord/cni-config/05-sriov-device-plugin.yaml b/mcord/cni-config/05-sriov-device-plugin.yaml
new file mode 100644
index 0000000..9b358a9
--- /dev/null
+++ b/mcord/cni-config/05-sriov-device-plugin.yaml
@@ -0,0 +1,109 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: sriov-device-plugin
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: sriov-device-plugin
+ template:
+ metadata:
+ labels:
+ name: sriov-device-plugin
+ spec:
+ serviceAccountName: sriov-dp
+ initContainers:
+ - name: init-sriov-dp
+ image: ngick8stesting/aio-cni:k8s-1.13
+ command: [ "bash", "-c" ]
+ args:
+ - cp /tmp/cni/bin/{multus,sriov,centralip} /host/opt/cni/bin/;
+ echo "Restarting crio/containerd, kubelet";
+ systemctl daemon-reload;
+ systemctl restart containerd;
+ systemctl restart crio;
+ systemctl restart kubelet;
+ volumeMounts:
+ - name: usr-bin
+ mountPath: /host/usr/bin
+ - name: cni-bin
+ mountPath: /host/opt/cni/bin
+ - name: multus-cm
+ mountPath: /tmp/etc/cni/net.d
+ - name: multus-certs
+ mountPath: /tmp/multus
+ - name: cni-conf
+ mountPath: /host/etc/cni/net.d
+ - name: dbus
+ mountPath: /var/run/dbus
+ - name: systemd
+ mountPath: /run/systemd
+ containers:
+ - name: sriov-device-plugin
+ image: ngick8stesting/aio-cni:k8s-1.13
+ imagePullPolicy: IfNotPresent
+ command: [ "/bin/sh", "-c" ]
+ args:
+ - /usr/bin/sriovdp --logtostderr -v 10;
+ echo "exit status $?";
+ volumeMounts:
+ - mountPath: /var/lib/kubelet/device-plugins/
+ name: devicesock
+ readOnly: false
+ - mountPath: /sys/class/net/
+ name: net
+ readOnly: true
+ - mountPath: /etc/pcidp/
+ name: sriov-config
+ readOnly: false
+ volumes:
+ - name: sriov-config
+ configMap:
+ name: sriov-config
+ - name: usr-bin
+ hostPath:
+ path: /usr/bin
+ - name: cni-bin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-cm
+ configMap:
+ name: multus-conf
+ - name: multus-certs
+ configMap:
+ defaultMode: 511
+ name: multus-certs
+ - name: cni-conf
+ hostPath:
+ path: /etc/cni/net.d
+ - name: dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: systemd
+ hostPath:
+ path: /run/systemd
+ - name: net
+ hostPath:
+ path: /sys/class/net
+ - name: devicesock
+ hostPath:
+ path: /var/lib/kubelet/device-plugins/
+ hostNetwork: true
+ hostPID: true
diff --git a/mcord/mcord-control-plane/Chart.yaml b/mcord/mcord-control-plane/Chart.yaml
new file mode 100644
index 0000000..98e0dc2
--- /dev/null
+++ b/mcord/mcord-control-plane/Chart.yaml
@@ -0,0 +1,20 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for MCORD Control Plane Services
+name: mcord-control-plane
+version: 0.1.0
diff --git a/mcord/mcord-control-plane/templates/_helpers.tpl b/mcord/mcord-control-plane/templates/_helpers.tpl
new file mode 100644
index 0000000..bb59df4
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/_helpers.tpl
@@ -0,0 +1,47 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Copyright 2018-present Open Networking Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mcord-cp-helm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mcord-cp-helm.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Values.namespace -}}
+{{- .Values.namespace | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Values.namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mcord-cp-helm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/mcord/mcord-control-plane/templates/cassandra.yaml b/mcord/mcord-control-plane/templates/cassandra.yaml
new file mode 100644
index 0000000..56688f8
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/cassandra.yaml
@@ -0,0 +1,88 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: cassandra
+ name: cassandra
+spec:
+ clusterIP: None
+ ports:
+ - port: 9042
+ selector:
+ app: cassandra
+---
+apiVersion: "apps/v1"
+kind: StatefulSet
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: cassandra
+ labels:
+ app: cassandra
+spec:
+ serviceName: cassandra
+ replicas: 1 # 3
+ selector:
+ matchLabels:
+ app: cassandra
+ template:
+ metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: cassandra
+ spec:
+ terminationGracePeriodSeconds: 1
+ containers:
+ - name: cassandra
+ image: ngick8stesting/c3po-cassandra:5e2eaf6
+ imagePullPolicy: Always
+ resources:
+ limits:
+ cpu: "3"
+ memory: 4Gi
+ env:
+ - name: MAX_HEAP_SIZE
+ value: 512M
+ - name: HEAP_NEWSIZE
+ value: 100M
+ - name: CASSANDRA_SEEDS
+ value: "cassandra-0.cassandra.{{ .Values.namespace }}.svc.cluster.local"
+ - name: CASSANDRA_CLUSTER_NAME
+ value: "HSS Cluster"
+ - name: CASSANDRA_RPC_ADDRESS
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: CASSANDRA_ENDPOINT_SNITCH
+ value: "GossipingPropertyFileSnitch"
+ securityContext:
+ runAsUser: 1337
+ readinessProbe:
+ exec:
+ command: ["/bin/bash", "-c", "nodetool status -r | awk -v h=$(hostname) '$2==h {exit ($1==\"UN\" ? 0 : -1)}'"]
+ initialDelaySeconds: 15
+ timeoutSeconds: 5
+ volumeMounts:
+ - name: cassandra-config
+ mountPath: /etc/cassandra/cassandra-rackdc.properties
+ subPath: cassandra-rackdc.properties
+ volumes:
+ - name: cassandra-config
+ configMap:
+ name: cassandra
diff --git a/mcord/mcord-control-plane/templates/cm.yaml b/mcord/mcord-control-plane/templates/cm.yaml
new file mode 100644
index 0000000..26b226e
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/cm.yaml
@@ -0,0 +1,897 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngiccp-config
+data:
+ adc_rules.cfg: |
+ [GLOBAL]
+ NUM_ADC_RULES = 5
+
+ ;FORMAT ::
+ ;ADC_TYPE : [ DOMAIN = 0 | IP = 1 | IP PREFIX =2 ]
+ ;
+ ;if ADC_TYPE = 0
+ ; DOMAIN
+ ;elseif ADC_TYPE = 1
+ ; IP
+ ;elseif ADC_TYPE = 2
+ ; IP
+ ; PREFIX
+ ;else
+ ; NONE
+ ;
+ ;NOTE :
+ ;Rules defined first have a higher priority, unless DROP is specified
+ ;(i.e. multiple rules for the same IP).
+ ;When specifying DROP with an IP address, use a prefix of 32 to prevent DNS
+ ;results from overwriting rule.
+
+
+ [ADC_RULE_1]
+ ADC_TYPE = 2
+ IP = 0.0.0.0
+ PREFIX = 0
+
+ [ADC_RULE_2]
+ ADC_TYPE = 2
+ IP = 13.1.1.0
+ PREFIX = 24
+
+ [ADC_RULE_3]
+ ADC_TYPE = 1
+ IP = 13.1.1.254
+
+ [ADC_RULE_4]
+ ADC_TYPE = 0
+ DOMAIN = www.example.gov
+
+ [ADC_RULE_5]
+ ADC_TYPE = 0
+ DOMAIN = www.drop_example.com
+ cdr.cfg: |
+ CDR_PATH=./cdr
+ MASTER_CDR=./cdr/master.csv
+ cp_config.cfg: |
+ if [ ! -d "/dev/hugepages" ]; then
+ MEMORY="--no-huge -m $((MEM_LIMIT-1024))"
+ fi
+
+ SGW_S1U_IP=$(netstat -ie | grep -A1 s1u-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ SHARED_DIR="/opt/ngic/config/shared"
+ if [ -d ${SHARED_DIR} ]; then
+ while [ ! -f ${SHARED_DIR}/SGW_S1U_IP ]; do echo "Waiting for SGW_S1U_IP"; sleep 2; done
+ SGW_S1U_IP=$(cat ${SHARED_DIR}/SGW_S1U_IP)
+ fi
+
+ SGW_S11_IP=$(hostname)
+ MGMT_INFO="-s ${SGW_S11_IP} -m ${MME_S11_IP} -w ${SGW_S1U_IP}"
+ APN_INFO="-i ${IP_POOL_IP} -p ${IP_POOL_MASK} -a ${APN}"
+ SPGW_CFG="-d 03 -l 2 -r 7.7.7.7 -g 6.6.6.6 -v 4.4.4.4 -u 5.5.5.5"
+
+ TEID_INFO="-t ${S11_TEID_POOL_START} -e ${S11_TEID_POOL_STOP} -q ${S1U_TEID_POOL_START} -o ${S1U_TEID_POOL_STOP}"
+ APP_ARGS="${MGMT_INFO} ${APN_INFO} ${SPGW_CFG} ${TEID_INFO}"
+
+ CORES="-c $(taskset -p $$ | awk '{print $NF}')"
+ DEVICES="--no-pci"
+ EAL_ARGS="${CORES} ${MEMORY} ${DEVICES}"
+ dp_config.cfg: |
+ get_pcimac_addr () {
+ ifname=$1
+ cid="$(sed -ne '/hostname/p' /proc/1/task/1/mountinfo | awk -F '/' '{print $6}' |tr -d " " )"
+ cid="$cid-$ifname"
+ eval "export $2=$(awk -F '"' '{print $4}' /sriov-cni/$cid)"
+ eval "export $3=$(awk -F '"' '{print $8}' /sriov-cni/$cid)"
+ eval "export $4=$(awk -F '"' '{print $12}' /sriov-cni/$cid)"
+ }
+
+ if [ -d "/sriov-cni" ]; then
+ echo "================== SR-IOV FOUND ============"
+ get_pcimac_addr s1u-net SGW_S1U_PCI S1U_MAC SGW_S1U_IP
+ get_pcimac_addr sgi-net SGW_SGI_PCI SGI_MAC SGW_SGI_IP
+ DEVICES="-w $SGW_S1U_PCI -w $SGW_SGI_PCI"
+ SHARED_DIR="/opt/ngic/config/shared"
+ echo $SGW_S1U_IP > ${SHARED_DIR}/SGW_S1U_IP
+ else #dev --vdev af_packt
+ echo "vdev (AF_PACKET)"
+ # set the variables we provide
+ SGW_S1U_IP=$(netstat -ie | grep -A1 s1u-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ SGW_SGI_IP=$(netstat -ie | grep -A1 sgi-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ S1U_MAC=$( netstat -ie | grep -B1 $SGW_S1U_IP | head -n1 | awk '{print $5}' )
+ SGI_MAC=$( netstat -ie | grep -B1 $SGW_SGI_IP | head -n1 | awk '{print $5}' )
+
+ DEVICES="--no-pci --vdev eth_af_packet0,iface=s1u-net --vdev eth_af_packet1,iface=sgi-net"
+ fi
+
+ if [ ! -d "/dev/hugepages" ]; then
+ MEMORY="--no-huge -m $((MEM_LIMIT-1024))"
+ fi
+
+ CORES="-c $(taskset -p $$ | awk '{print $NF}')"
+ SPGW_CFG="--spgw_cfg 03"
+ EAL_ARGS="${CORES} ${MEMORY} ${DEVICES}"
+
+ S1U="--s1u_ip ${SGW_S1U_IP} --s1u_mac ${S1U_MAC}"
+ SGI="--sgi_ip ${SGW_SGI_IP} --sgi_mac ${SGI_MAC} --sgi_gw_ip ${RTR_SGI_IP} --sgi_mask ${SGI_MASK}"
+ WORKERS="--num_workers 1"
+ MISC="--log 1"
+ APP_ARGS="${S1U} ${SGI} ${WORKERS} ${MISC} ${SPGW_CFG}"
+ interface.cfg: |
+ [0]
+ dp_comm_ip = ngic-dp-0.ngic-dp.{{ .Values.namespace }}.cluster.global
+ dp_comm_port = 20
+ cp_comm_ip = 127.0.0.1
+ cp_comm_port = 21
+ meter_profile.cfg: |
+ [GLOBAL]
+ NUM_OF_IDX = 7
+
+ [ENTRY_1]
+ ;Committed Information Rate (CIR). Measured in bytes per second.
+ ;MBR is mapped into CIR, convert MBR from bits to Bytes and set CIR.
+ CIR = 2342400
+ ;Committed Burst Size unit = Bytes
+ CBS = 5856
+ ;Excess Burst Size unit = Bytes
+ EBS = 11712
+ ;Meter profile index. Refer this index in static_pcc.cfg to set AMBR/MBR
+ MTR_PROFILE_IDX = 3
+
+ [ENTRY_2]
+ ;1200 = 1756800
+ ;1400 = 2049600
+ ;1600 = 2342400
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 4
+
+ [ENTRY_3]
+ ; QCI5,QCI7 15.571kbps = 1947 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 5
+
+ [ENTRY_4]
+ ; QCI1, 44kbps = 5500 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 6
+
+ [ENTRY_5]
+ ; QCI9, 31.143kbps = 3893 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 7
+
+ [ENTRY_6]
+ ; 128B, 7pps
+ CIR = 2342400
+ CBS = 512
+ EBS = 1024
+ MTR_PROFILE_IDX = 8
+
+ [ENTRY_7]
+ ; 128B, 2pps
+ CIR = 2342400
+ CBS = 512
+ EBS = 1024
+ MTR_PROFILE_IDX = 9
+
+ pcc_rules.cfg: |
+ [GLOBAL]
+ NUM_PCC_FILTERS = 9
+ ;To config AMBR/MBR values refer meter_profile.cfg. specify only the
+ ;meter profile index to be set here.
+ UL_AMBR_MTR_PROFILE_IDX = 3
+ DL_AMBR_MTR_PROFILE_IDX = 4
+
+ ;default filter - must be first for now (until DP doesn't install any filters)
+ ;associated with default adc rule
+ [PCC_FILTER_1]
+ RULE_NAME = DefaultRule
+ RATING_GROUP = 9
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 1
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 254
+ DROP_PKT_COUNT = 0
+ ;Specify the meter profile index from meter_profile.cfg
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of ADC filter indices
+ SDF_FILTER_IDX = 99998
+
+ [PCC_FILTER_2]
+ RULE_NAME = sdf_rule_1
+ RATING_GROUP = 5
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 2
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 1
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 5
+ DL_MBR_MTR_PROFILE_IDX = 5
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 1
+
+ [PCC_FILTER_3]
+ RULE_NAME = sdf_rule_2
+ RATING_GROUP = 1
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 3
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 18
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 6
+ DL_MBR_MTR_PROFILE_IDX = 6
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 2
+
+ [PCC_FILTER_4]
+ RULE_NAME = adc_rule_1
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Internet
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 8
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ REDIRECT_INFO = 0
+ SPONSOR_ID = Example
+ PRECEDENCE = 15
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 1
+
+ [PCC_FILTER_5]
+ RULE_NAME = adc_rule_2
+ RATING_GROUP = 0
+ SERVICE_ID = CIPA
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 9
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 4
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 0
+ DL_MBR_MTR_PROFILE_IDX = 0
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 2
+
+ [PCC_FILTER_6]
+ RULE_NAME = sdf_rule_3
+ RATING_GROUP = 7
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 4
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 17
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 5
+ DL_MBR_MTR_PROFILE_IDX = 5
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 3
+
+ [PCC_FILTER_7]
+ RULE_NAME = adc_rule_3
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Internet
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 5
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 210
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 4
+
+ [PCC_FILTER_8]
+ RULE_NAME = adc_rule_4
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Management
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 6
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 200
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 12
+
+ [PCC_FILTER_9]
+ RULE_NAME = adc_rule_5
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Provisioning
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 7
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 220
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 3
+ sdf_rules.cfg: |
+ [GLOBAL]
+ NUM_SDF_FILTERS = 4
+
+ [SDF_FILTER_1]
+ DIRECTION = downlink_only
+ IPV4_REMOTE = 13.2.1.113
+ IPV4_REMOTE_MASK = 255.255.255.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 0
+ LOCAL_HIGH_LIMIT_PORT = 65535
+ REMOTE_LOW_LIMIT_PORT = 0
+ REMOTE_HIGH_LIMIT_PORT = 65535
+
+ [SDF_FILTER_2]
+ DIRECTION = uplink_only
+ IPV4_LOCAL = 16.255.255.0
+ IPV4_LOCAL_MASK = 255.255.255.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 0
+ LOCAL_HIGH_LIMIT_PORT = 65535
+ REMOTE_LOW_LIMIT_PORT = 0
+ REMOTE_HIGH_LIMIT_PORT = 65535
+
+ [SDF_FILTER_3]
+ DIRECTION = downlink_only
+ IPV4_REMOTE = 130.10.0.0
+ IPV4_REMOTE_MASK = 255.255.0.0
+ PROTOCOL = 17
+ REMOTE_LOW_LIMIT_PORT = 5060
+ REMOTE_HIGH_LIMIT_PORT = 5060
+
+ [SDF_FILTER_4]
+ DIRECTION = uplink_only
+ IPV4_REMOTE = 103.1.0.0
+ IPV4_REMOTE_MASK = 255.255.0.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 17000
+ LOCAL_HIGH_LIMIT_PORT = 17010
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: cassandra
+data:
+ cassandra-rackdc.properties: |
+ dc=DC1
+ rack=RAC1
+ prefer_local=true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: hss
+data:
+ acl.conf: |
+ ALLOW_OLD_TLS *.cluster.local
+ hss.conf: |
+ # -------- Local ---------
+ # The first parameter in this section is Identity, which will be used to
+ # identify this peer in the Diameter network. The Diameter protocol mandates
+ # that the Identity used is a valid FQDN for the peer. This parameter can be
+ # omitted, in that case the framework will attempt to use system default value
+ # (as returned by hostname --fqdn).
+ Identity = "HSS_IDENTITY";
+
+ # In Diameter, all peers also belong to a Realm. If the realm is not specified,
+ # the framework uses the part of the Identity after the first dot.
+ Realm = "HSS_REALM";
+
+
+ # This parameter is mandatory, even if it is possible to disable TLS for peers
+ # connections. A valid certificate for this Diameter Identity is expected.
+ TLS_Cred = "./conf/HSS_HOST.cert.pem", "./conf/HSS_HOST.key.pem";
+ TLS_CA = "./conf/cacert.pem";
+
+
+ # Disable use of TCP protocol (only listen and connect in SCTP)
+ # Default : TCP enabled
+ No_SCTP;
+
+
+ # This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
+ # Prefer TCP instead of SCTP for establishing new connections.
+ # This setting may be overwritten per peer in peer configuration blocs.
+ # Default : SCTP is attempted first.
+ Prefer_TCP;
+
+
+ # Disable use of IPv6 addresses (only IP)
+ # Default : IPv6 enabled
+ No_IPv6;
+
+
+ # Overwrite the number of SCTP streams. This value should be kept low,
+ # especially if you are using TLS over SCTP, because it consumes a lot of
+ # resources in that case. See tickets 19 and 27 for some additional details on
+ # this.
+ # Limit the number of SCTP streams
+ SCTP_streams = 3;
+
+
+ # By default, freeDiameter acts as a Diameter Relay Agent by forwarding all
+ # messages it cannot handle locally. This parameter disables this behavior.
+ NoRelay;
+
+
+ # Use RFC3588 method for TLS protection, where TLS is negociated after CER/CEA exchange is completed
+ # on the unsecure connection. The alternative is RFC6733 mechanism, where TLS protects also the
+ # CER/CEA exchange on a dedicated secure port.
+ # This parameter only affects outgoing connections.
+ # The setting can be also defined per-peer (see Peers configuration section).
+ # Default: use RFC6733 method with separate port for TLS.
+
+ #TLS_old_method;
+
+
+ # Number of parallel threads that will handle incoming application messages.
+ # This parameter may be deprecated later in favor of a dynamic number of threads
+ # depending on the load.
+ AppServThreads = 4;
+
+ # Specify the addresses on which to bind the listening server. This must be
+ # specified if the framework is unable to auto-detect these addresses, or if the
+ # auto-detected values are incorrect. Note that the list of addresses is sent
+ # in CER or CEA message, so one should pay attention to this parameter if some
+ # adresses should be kept hidden.
+ #ListenOn = "127.0.0.1";
+
+ Port = {{ .Values.hss.ports.s6a }};
+ SecPort = {{ .Values.hss.ports.secs6a }};
+
+ LoadExtension = "acl_wl.fdx" : "./conf/acl.conf";
+
+ # -------- Extensions ---------
+
+ #LoadExtension = "/usr/local/lib/freeDiameter/_sample.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/app_acct.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/app_diameap.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/app_radgw.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/app_redirect.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/app_sip.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dbg_interactive.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dbg_monitor.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_dumps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dbg_msg_timings.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dbg_rt.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_CxDx.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Ro.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_S6mS6n.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_SLh.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sh.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_T4.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Tsp.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_3gpp.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_dcca_starent.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_eap.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_legacy_xml.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6a.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_mip6i.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_nas_mipv6.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_nasreq.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_sip.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_busypeers.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_default.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_ereg.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_ignore_dh.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_load_balance.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_randomize.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/rt_redirect.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_acct.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_app.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_hss.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_netemul.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_rt_any.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/test_sip.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rf.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+
+
+ # Load RFC4072 dictionary objects
+ #LoadExtension = "dict_eap.fdx";
+
+ # Load the Diameter EAP server extension (requires diameap.conf)
+ #LoadExtension = "app_diameap.fdx" : "diameap.conf";
+
+ # Load the Accounting Server extension (requires app_acct.conf)
+ #LoadExtension = "app_acct.fdx" : "app_acct.conf";
+
+ # -------- Peers ---------
+
+ # The framework will actively attempt to establish and maintain a connection
+ # with the peers listed here.
+ # For only accepting incoming connections, see the acl_wl.fx extension.
+
+ #ConnectPeer = "peer1.localdomain" { ConnectTo = "127.0.0.1"; };
+ hss.json: |
+ {"common": {
+ "fdcfg": "conf/hss.conf",
+ "originhost": "HSS_IDENTITY",
+ "originrealm": "HSS_REALM"
+ },
+ "hss": {
+ "gtwhost": "*",
+ "gtwport" : 9080,
+ "restport" : 9081,
+ "casssrv": "CASSANDRA_ADDR",
+ "cassusr": "root",
+ "casspwd": "root",
+ "cassdb" : "vhss",
+ "randv" : true,
+ "optkey" : "63bfa50ee6523365ff14c1f45f88737d",
+ "reloadkey" : true
+ }
+ }
+ launch.sh: |
+ #!/bin/bash
+
+ cd /opt/c3po/hss
+ cp /etc/hss/conf/{acl.conf,hss.json,hss.conf} conf
+
+ HSS_HOST=$(hostname)
+ HSS_DOMAIN=$(dnsdomainname)
+ CASSANDRA_ADDR=${CASSANDRA_ADDR:-localhost}
+
+ # from hss.json
+ sed -i "s/HSS_IDENTITY/$HSS_HOST.$HSS_DOMAIN/g" conf/hss.json
+ sed -i "s/HSS_REALM/$HSS_DOMAIN/g" conf/hss.json
+ sed -i "s/CASSANDRA_ADDR/$CASSANDRA_ADDR/g" conf/hss.json
+
+ # from hss.conf
+ sed -i "s/HSS_IDENTITY/$HSS_HOST.$HSS_DOMAIN/g" conf/hss.conf
+ sed -i "s/HSS_REALM/$HSS_DOMAIN/g" conf/hss.conf
+ sed -i "s/HSS_HOST/$HSS_HOST/g" conf/hss.conf
+
+ # If necessary, calculate the OPc value for each UE (User Equipment).
+ #./bin/hss -j conf/hss.json --onlyloadkey
+
+ cd conf
+ make_certs.sh $(hostname) $(dnsdomainname)
+ cd ..
+
+ # finally, launch
+ hss -j conf/hss.json
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: mme
+data:
+ launch.sh: |
+ #!/bin/bash
+
+ cd /opt/c3po/mme/bin
+ cp /etc/mme/conf/{vbsm_cfg.txt,vbfd.conf} .
+
+ # from vbsm_cfg.txt
+ SGW_S11_IP=${SGW_S11_IP:-sgw.localdomain}
+ ENB_S1AP_IP=${ENB_S1AP_IP:-enb1.localdomain}
+ ENB_S1AP_PORT=${ENB_S1AP_PORT:-36412}
+ MME_ETH0_IP=${MME_ETH0_IP:-0.0.0.0}
+
+ # from vbfd.conf
+ CONNECT_PEER=${CONNECT_PEER:-hss.localdomain}
+ HSS_S6A_IP=${HSS_S6A_IP:-hss.localdomain}
+ HSS_PORT=${HSS_PORT:-3868}
+ VAR_HSS_REALM=${VAR_HSS_REALM:-openair4G.eur}
+
+
+ sed -i "s/SGW_S11_IP/$(dig $SGW_S11_IP +short)/g" vbsm_cfg.txt
+ sed -i "s/ENB_S1AP_IP/$ENB_S1AP_IP/g" vbsm_cfg.txt
+ sed -i "s/ENB_S1AP_PORT/$ENB_S1AP_PORT/g" vbsm_cfg.txt
+ sed -i "s/MME_ETH0_IP/$MME_ETH0_IP/g" vbsm_cfg.txt
+ sed -i "s/VAR_HSS_HOST/$CONNECT_PEER/g" vbsm_cfg.txt
+ sed -i "s/VAR_HSS_REALM/$VAR_HSS_REALM/g" vbsm_cfg.txt
+
+
+ MME_HOST=$(hostname)
+ MME_DOMAIN=$(dnsdomainname)
+ sed -i "s/CONNECT_PEER/$CONNECT_PEER/g" vbfd.conf
+ sed -i "s/HSS_S6A_IP/$HSS_S6A_IP/g" vbfd.conf
+ sed -i "s/HSS_PORT/$HSS_PORT/g" vbfd.conf
+ sed -i "s/MME_IDENTITY/$MME_HOST.$MME_DOMAIN/g" vbfd.conf
+ sed -i "s/MME_REALM/$MME_DOMAIN/g" vbfd.conf
+ sed -i "s/MME_HOST/$MME_HOST/g" vbfd.conf
+
+ # generate the certs
+ # ./make_certs.sh mme localdomain
+ ./make_certs.sh $MME_HOST $MME_DOMAIN
+
+
+ # finally, launch
+ ./vb_acc
+ vbfd.conf: |
+ # -------- Test configuration ---------
+
+ # Identity = "<diameter_host>.<diameter_realm>";
+ Identity = "MME_IDENTITY";
+ Realm = "MME_REALM";
+ # Port = 3868;
+ # SecPort = 3869;
+
+ ConnectPeer = "CONNECT_PEER" { ConnectTo = "HSS_S6A_IP"; No_TLS; port = HSS_PORT; };
+
+ # TLS_Cred = "<diameter_host>.cert.pem", "<diameter_host>.key.pem";
+ TLS_Cred = "MME_HOST.cert.pem",
+ "MME_HOST.key.pem";
+ TLS_CA = "cacert.pem";
+
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_3gpp2_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_CreditControl.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_base_rfc6733.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_draftload_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_etsi283034_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4004_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4006bis_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4072_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc4590_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5447_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5580_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5777_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc5778_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6734_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc6942_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7155_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7683_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_rfc7944_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29061_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29128_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29154_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29173_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29212_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29214_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29215_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29217_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29229_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29272_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29273_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29329_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29336_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29337_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29338_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29343_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29344_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29345_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29368_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts29468_avps.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_ts32299_avps.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_CxDx.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Gx.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_NAS.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rf.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Ro.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Rx.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6as6d.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6c.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_S6mS6n.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_S6t.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_S9.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_SGd.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_SLh.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sd.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Sh.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_T4.fdx";
+ LoadExtension = "/usr/local/lib/freeDiameter/dict_T6aT6bT7.fdx";
+ #LoadExtension = "/usr/local/lib/freeDiameter/dict_Tsp.fdx";
+ vbsm_cfg.txt: |
+ # Configuration file for MME
+
+ ##### NOTE: Please Do NOT change the order of the parameters #####
+
+ # EGTP related
+ VBSM_EG_DFLT_PORT 2123 # EGTP Default port
+ VBSM_EG_NONDFLT_PORT 2124 # EGTP Non Default port
+ VBSM_EG_S10_NONDFLT_PORT 2125 # EGTP Non Default
+ VBSM_EG_S3_NONDFLT_PORT 2126 # EGTP Non Default port for S3 interface towards SGSN
+ # port for S10
+ VBSM_EG_DFLT_HOST_NAME "sutlej.ccin.ccpu.com" # EGTP host name
+
+
+ # E-NodeB related
+ VBSM_ENB_ADDR_1 "ENB_S1AP_IP" # IP address of eNodeB
+ VBSM_ENB_PORT_1 "ENB_S1AP_PORT" # eNodeB port
+ #VBSM_ENB_ADDR_2 "172.26.20.180" # IP address of eNodeB
+ #VBSM_ENB_PORT_2 36422 # eNodeB port
+
+ # MME related
+ VBSM_MME_IPADDR "MME_ETH0_IP" # MME IP address
+ VBSM_MME_S1AP_IPADDR "MME_ETH0_IP" # MME IP address associated with the S1AP interface
+ VBSM_MME_EGTP_IPADDR "MME_ETH0_IP" # MME IP address associated with the EGTP interface
+ VBSM_MME_SCTP_PORT {{ .Values.mme.ports.s1ap }} # MME SCTP port
+
+ VBSM_SGW_IPADDR "SGW_S11_IP" # SGW IP address
+ VBSM_PGW_IPADDR "192.168.1.105" # PDN-GW IP address
+
+ VBSM_UE_NUM 1000 # Support 1000 UE's
+ VBSM_SCTP_UDP_SERV_TYPE 0 #service type,default 0 SCTP
+
+ # Debug mask to be set; each represent
+ #different debug masks to be set (1 and 0 to unset)
+ #in the form |LVB_DBGMASK_INFO|LVB_DBGMASK_ERROR|LVB_DBGMASK_TRC|LVB_DBGMASK_MEM
+
+ VBSM_MME_DBG_MASK 1111
+ VBSM_DBG_MASK 1111
+ VBSM_NW_INIATED_DETACH_TIMER 1000
+
+ VBSM_MCC_DIG1 3
+ VBSM_MCC_DIG2 0
+ VBSM_MCC_DIG3 2
+
+ VBSM_MNC_DIG1 7
+ VBSM_MNC_DIG2 2
+ VBSM_MNC_DIG3 0
+
+ # Target PLMN ID format [ MCC + MNC], + is concatination operator
+ # If MNC has two digits, the last charater shall be 'f'
+ # Valid Configurations: 11223f, 112345.
+ VBSM_TARGET_MME_PLMN_ID 31310f
+ VBSM_TARGET_MME_IP_ADDR "192.25.1.100"
+
+ VBSM_T3412 32
+
+ VBSM_SGSN_IP_ADDR "192.25.1.195"
+
+
+ VBSM_SGSN_PLMN_ID 31311f
+
+ VBSM_FD_CFG "vbfd.conf"
+ VBSM_HSS_HOST "VAR_HSS_HOST"
+ VBSM_HSS_REALM "VAR_HSS_REALM"
+
+ # set VBSM_DISABLE_EPC_DNS 0 - enable DNS, 1 - disable DNS
+ VBSM_DISABLE_EPC_DNS 1
+ VBSM_DISABLE_EIA0 1
+ VBSM_REL_CAP 1
+ VBSM_MME_NAME "vmmestandalone"
+ VBSM_S1C_SCTP_INSTREAMS 10
+ VBSM_S1C_SCTP_OUTSTREAMS 10
+ VBSM_MAX_ENB 2
+ VBSM_NO_OFGUMMEIS 1
+ VBSM_MMECODE 1
+ VBSM_MMEGRPID 1
+ VBSM_NO_OF_TAI 1
+ VBSM_TAI_LIST {{"{{ 1,2,0,8,0,1,1 }}"}}
+
+ VBSM_SMS_ROUTER_HOST "smsrouter.test3gpp.net"
+ VBSM_SMS_ROUTER_REALM "test3gpp.net"
diff --git a/mcord/mcord-control-plane/templates/cp.yaml b/mcord/mcord-control-plane/templates/cp.yaml
new file mode 100644
index 0000000..dc6545f
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/cp.yaml
@@ -0,0 +1,114 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngic-cp
+spec:
+ selector:
+ app: ngic-cp
+ clusterIP: None
+ ports:
+ - name: s11
+ port: {{ .Values.ngic_cp.ports.s11 }}
+ protocol: UDP
+ - name: sx
+ port: {{ .Values.ngic_cp.ports.sx }}
+ protocol: UDP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngic-cp
+ labels:
+ app: ngic-cp
+spec:
+ replicas: {{ .Values.ngic_cp.replicas }}
+ selector:
+ matchLabels:
+ app: ngic-cp
+ serviceName: "ngic-cp"
+ template:
+ metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: ngic-cp
+ spec:
+ initContainers:
+ - name: init-iptables
+ image: {{ .Values.ngic_cp.images.init }}
+ command: [ "sh", "-c"]
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ args:
+ - iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
+ terminationGracePeriodSeconds: 1
+ containers:
+ - name: ngic
+ image: {{ .Values.ngic_cp.images.cp }}
+ imagePullPolicy: IfNotPresent
+ stdin: true
+ command: [ "bash", "-cx", ". /opt/ngic/config/cp_config.cfg; sleep 20; ./ngic_controlplane $EAL_ARGS -- $APP_ARGS"]
+ #command: ["sleep", "3600"]
+ tty: true
+ env:
+ - name: MME_S11_IP
+ value: mme-0.mme.{{ .Values.namespace }}.local
+ #- name: SGW_S1U_IP # for now,this will be in our own pod
+ # value: "5.5.5.5"
+ - name: APN
+ value: {{ .Values.ngic_cp.config.apn }}
+ - name: IP_POOL_IP
+ value: "{{ .Values.ngic_cp.config.ue_ip_pool }}"
+ - name: IP_POOL_MASK
+ value: "{{ .Values.ngic_cp.config.ue_ip_pool_mask }}"
+ - name: S11_TEID_POOL_START
+ value: "00100000"
+ - name: S11_TEID_POOL_STOP
+ value: "001fffff"
+ - name: S1U_TEID_POOL_START
+ value: "00100000"
+ - name: S1U_TEID_POOL_STOP
+ value: "001fffff"
+ - name: MEM_LIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: ngic
+ resource: limits.memory
+ divisor: 1Mi
+ volumeMounts:
+ - name: config-volume
+ mountPath: /opt/ngic/config
+ #- name: hugepage
+ # mountPath: /dev/hugepages
+ - name: shared-data
+ mountPath: /opt/ngic/config/shared
+ resources:
+ limits:
+ #hugepages-1Gi: 4Gi
+ cpu: {{ .Values.ngic_cp.resources.cpu }}
+ memory: {{ .Values.ngic_cp.resources.mem }}
+ volumes:
+ - name: config-volume
+ configMap:
+ name: ngiccp-config
+ - name: shared-data
+ emptyDir: {}
diff --git a/mcord/mcord-control-plane/templates/hss.yaml b/mcord/mcord-control-plane/templates/hss.yaml
new file mode 100644
index 0000000..48ccdfc
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/hss.yaml
@@ -0,0 +1,92 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: hss
+spec:
+ selector:
+ app: hss
+ clusterIP: None
+ ports:
+ - name: s6a
+ port: {{ .Values.hss.ports.s6a }}
+ protocol: TCP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: hss
+ labels:
+ app: hss
+spec:
+ replicas: {{ .Values.hss.replicas }}
+ selector:
+ matchLabels:
+ app: hss
+ serviceName: "hss"
+ template:
+ metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: hss
+ spec:
+ terminationGracePeriodSeconds: 1
+ initContainers:
+ - name: init-db
+ image: {{ .Values.hss.images.init }}
+ command: [ "bash", "-xc"]
+ args:
+ - until nslookup cassandra; do echo waiting for cassandra; sleep 2; done;
+ sleep 5;
+ cqlsh --file /scripts/oai_db.cql cassandra;
+ /scripts/data_provisioning_users.sh 302720100000421 1122334456 apn1 6226194254742F2D67145153602F7C8D 1 cassandra mme-0.mme.{{ .Values.namespace }}.svc.cluster.local mme.{{ .Values.namespace }}.svc.cluster.local;
+ cqlsh -e "use vhss; update users_imsi set opc='D6CAF10C337FD65AC31A18EBACBF5BF9' where imsi='302720100000421';" cassandra;
+ cqlsh -e "select imsi,key,opc,sqn from vhss.users_imsi;" cassandra;
+ /scripts/data_provisioning_mme.sh 1 19136246000 mme-0.mme.{{ .Values.namespace }}.svc.cluster.local mme.{{ .Values.namespace }}.svc.cluster.local 1 cassandra;
+ /scripts/data_provisioning_mme.sh 1 19136246000 smsrouter.test3gpp.net test3gpp.net 0 cassandra;
+ containers:
+ - name: hss
+ image: {{ .Values.hss.images.hss }}
+ imagePullPolicy: Always
+ env:
+ - name: CASSANDRA_ADDR
+ value: cassandra
+ - name: MME_ADDR
+ value: mme-0.mme.{{ .Values.namespace }}.svc.cluster.local
+ #command: [ "sleep", "3600"]
+ resources:
+ limits:
+ cpu: {{ .Values.hss.resources.cpu }}
+ memory: {{ .Values.hss.resources.mem }}
+ volumeMounts:
+ - name: hss-script
+ mountPath: /opt/c3po/hss/launch.sh
+ subPath: launch.sh
+ - name: hss-config
+ mountPath: /etc/hss/conf
+ volumes:
+ - name: hss-script
+ configMap:
+ name: hss
+ defaultMode: 493
+ - name: hss-config
+ configMap:
+ name: hss
+ defaultMode: 420
diff --git a/mcord/mcord-control-plane/templates/mme.yaml b/mcord/mcord-control-plane/templates/mme.yaml
new file mode 100644
index 0000000..7b85e55
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/mme.yaml
@@ -0,0 +1,114 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: mme
+spec:
+ selector:
+ app: mme
+ type: NodePort
+ ports:
+ - name: s11
+ port: {{ .Values.mme.ports.s11 }}
+ protocol: UDP
+ - name: s1ap
+ port: {{ .Values.mme.ports.s1ap }}
+ protocol: TCP
+ - name: s6a
+ port: {{ .Values.mme.ports.s6a }}
+ protocol: TCP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: mme
+ labels:
+ app: mme
+spec:
+ replicas: {{ .Values.mme.replicas }}
+ selector:
+ matchLabels:
+ app: mme
+ serviceName: "mme"
+ template:
+ metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: mme
+ spec:
+ terminationGracePeriodSeconds: 1
+ initContainers:
+ - name: init-mme
+ image: {{ .Values.mme.images.init }}
+ command: [ "sh", "-c"]
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - NET_ADMIN
+ args:
+ - iptables -A OUTPUT -p sctp --sport {{ .Values.mme.ports.s1ap }} --chunk-types any ABORT -j DROP;
+ until nslookup hss-0.hss.{{ .Values.namespace }}.svc.cluster.local;
+ do echo waiting for hss; sleep 2; done;
+ containers:
+ - name: mme
+ image: {{ .Values.mme.images.mme }}
+ imagePullPolicy: Always
+ env:
+ - name: SGW_S11_IP
+ value: ngic-0.ngic-cp.{{ .Values.namespace }}.svc.cluster.local
+ - name: MME_ETH0_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: ENB_S1AP_IP
+ value: {{ .Values.mme.enb_s1ap_ip }}
+ - name: ENB_S1AP_PORT
+ value: "{{ .Values.mme.ports.s1ap }}" #ng4t uses 32767
+ - name: CONNECT_PEER
+ value: hss-0.hss.{{ .Values.namespace }}.svc.cluster.local
+ - name: VAR_HSS_REALM
+ value: hss.{{ .Values.namespace }}.svc.cluster.local
+ - name: HSS_S6A_IP
+ value: hss-0.hss.{{ .Values.namespace }}.svc.cluster.local
+ - name: HSS_PORT
+ value: "{{ .Values.mme.ports.s6a }}"
+ stdin: true
+ tty: true
+ #command: [ "sleep", "3600"]
+ resources:
+ limits:
+ cpu: {{ .Values.mme.resources.cpu }}
+ memory: {{ .Values.mme.resources.mem }}
+ volumeMounts:
+ - name: mme-script
+ mountPath: /opt/c3po/mme/bin/launch.sh
+ subPath: launch.sh
+ - name: mme-config
+ mountPath: /etc/mme/conf
+ volumes:
+ - name: mme-script
+ configMap:
+ name: mme
+ defaultMode: 493
+ - name: mme-config
+ configMap:
+ name: mme
+ defaultMode: 420
diff --git a/mcord/mcord-control-plane/templates/namespace.yaml b/mcord/mcord-control-plane/templates/namespace.yaml
new file mode 100644
index 0000000..a135721
--- /dev/null
+++ b/mcord/mcord-control-plane/templates/namespace.yaml
@@ -0,0 +1,20 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Values.namespace }}
diff --git a/mcord/mcord-control-plane/values.yaml b/mcord/mcord-control-plane/values.yaml
new file mode 100644
index 0000000..8cbc0aa
--- /dev/null
+++ b/mcord/mcord-control-plane/values.yaml
@@ -0,0 +1,63 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for mcord-vepc-helm.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+hss:
+ # TODO: init UE's IMEI to DB?
+ images:
+ init: "ngick8stesting/c3po-cassandra:5e2eaf6"
+ hss: "ngick8stesting/c3po-hss:5e2eaf6"
+ ports:
+ s6a: 3868
+ secs6a: 5868
+ replicas: 1
+ resources:
+ cpu: 3
+ mem: "1Gi"
+
+mme:
+ images:
+ init: "ngick8stesting/c3po-mmeinit"
+ mme: "ngick8stesting/c3po-mme:5e2eaf6"
+ ports:
+ s11: 2123
+ s1ap: 36412
+ s6a: 3868
+ replicas: 1
+ enb_s1ap_ip: "119.0.0.10"
+ resources:
+ cpu: 3
+ mem: "1Gi"
+
+ngic_cp:
+ images:
+ init: "ngick8stesting/c3po-mmeinit"
+ cp: "ngick8stesting/ngic-cp:690f418"
+ replicas: 1
+ ports:
+ s11: 2123
+ sx: 21
+ config:
+ apn: "apn1"
+ ue_ip_pool: "16.0.0.0"
+ ue_ip_pool_mask: "255.240.0.0"
+ resources:
+ cpu: 3
+ mem: "5Gi"
+
+namespace: epc
diff --git a/mcord/mcord-data-plane/.helmignore b/mcord/mcord-data-plane/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/mcord/mcord-data-plane/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/mcord/mcord-data-plane/Chart.yaml b/mcord/mcord-data-plane/Chart.yaml
new file mode 100644
index 0000000..47fbc69
--- /dev/null
+++ b/mcord/mcord-data-plane/Chart.yaml
@@ -0,0 +1,20 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for MCORD Data Plane Services
+name: mcord-data-plane
+version: 0.1.0
diff --git a/mcord/mcord-data-plane/templates/_helpers.tpl b/mcord/mcord-data-plane/templates/_helpers.tpl
new file mode 100644
index 0000000..6eb0fdf
--- /dev/null
+++ b/mcord/mcord-data-plane/templates/_helpers.tpl
@@ -0,0 +1,47 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Copyright 2018-present Open Networking Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mcord-dp-helm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mcord-dp-helm.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Values.namespace -}}
+{{- .Values.namespace | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Values.namespace $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mcord-dp-helm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/mcord/mcord-data-plane/templates/cm.yaml b/mcord/mcord-data-plane/templates/cm.yaml
new file mode 100644
index 0000000..37687d9
--- /dev/null
+++ b/mcord/mcord-data-plane/templates/cm.yaml
@@ -0,0 +1,439 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngicdp-config
+data:
+ adc_rules.cfg: |
+ [GLOBAL]
+ NUM_ADC_RULES = 5
+
+ ;FORMAT ::
+ ;ADC_TYPE : [ DOMAIN = 0 | IP = 1 | IP PREFIX =2 ]
+ ;
+ ;if ADC_TYPE = 0
+ ; DOMAIN
+ ;elseif ADC_TYPE = 1
+ ; IP
+ ;elseif ADC_TYPE = 2
+ ; IP
+ ; PREFIX
+ ;else
+ ; NONE
+ ;
+ ;NOTE :
+ ;Rules defined first have a higher priority, unless DROP is specified
+ ;(i.e. multiple rules for the same IP).
+ ;When specifying DROP with an IP address, use a prefix of 32 to prevent DNS
+ ;results from overwriting rule.
+
+
+ [ADC_RULE_1]
+ ADC_TYPE = 2
+ IP = 0.0.0.0
+ PREFIX = 0
+
+ [ADC_RULE_2]
+ ADC_TYPE = 2
+ IP = 13.1.1.0
+ PREFIX = 24
+
+ [ADC_RULE_3]
+ ADC_TYPE = 1
+ IP = 13.1.1.254
+
+ [ADC_RULE_4]
+ ADC_TYPE = 0
+ DOMAIN = www.example.gov
+
+ [ADC_RULE_5]
+ ADC_TYPE = 0
+ DOMAIN = www.drop_example.com
+ cdr.cfg: |
+ CDR_PATH=./cdr
+ MASTER_CDR=./cdr/master.csv
+ cp_config.cfg: |
+ if [ ! -d "/dev/hugepages" ]; then
+ MEMORY="--no-huge -m $((MEM_LIMIT-1024))"
+ fi
+
+ SGW_S1U_IP=$(netstat -ie | grep -A1 s1u-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ SHARED_DIR="/opt/ngic/config/shared"
+ if [ -d ${SHARED_DIR} ]; then
+ while [ ! -f ${SHARED_DIR}/SGW_S1U_IP ]; do echo "Waiting for SGW_S1U_IP"; sleep 2; done
+ SGW_S1U_IP=$(cat ${SHARED_DIR}/SGW_S1U_IP)
+ fi
+
+ SGW_S11_IP=$(hostname)
+ MGMT_INFO="-s ${SGW_S11_IP} -m ${MME_S11_IP} -w ${SGW_S1U_IP}"
+ APN_INFO="-i ${IP_POOL_IP} -p ${IP_POOL_MASK} -a ${APN}"
+ SPGW_CFG="-d 03 -l 2 -r 7.7.7.7 -g 6.6.6.6 -v 4.4.4.4 -u 5.5.5.5"
+
+ TEID_INFO="-t ${S11_TEID_POOL_START} -e ${S11_TEID_POOL_STOP} -q ${S1U_TEID_POOL_START} -o ${S1U_TEID_POOL_STOP}"
+ APP_ARGS="${MGMT_INFO} ${APN_INFO} ${SPGW_CFG} ${TEID_INFO}"
+
+ CORES="-c $(taskset -p $$ | awk '{print $NF}')"
+ DEVICES="--no-pci"
+ EAL_ARGS="${CORES} ${MEMORY} ${DEVICES}"
+ dp_config.cfg: |
+ get_pcimac_addr () {
+ ifname=$1
+ cid="$(sed -ne '/hostname/p' /proc/1/task/1/mountinfo | awk -F '/' '{print $6}' |tr -d " " )"
+ cid="$cid-$ifname"
+ eval "export $2=$(awk -F '"' '{print $4}' /sriov-cni/$cid)"
+ eval "export $3=$(awk -F '"' '{print $8}' /sriov-cni/$cid)"
+ eval "export $4=$(awk -F '"' '{print $12}' /sriov-cni/$cid)"
+ }
+
+ if [ -d "/sriov-cni" ]; then
+ echo "================== SR-IOV FOUND ============"
+ get_pcimac_addr s1u-net SGW_S1U_PCI S1U_MAC SGW_S1U_IP
+ get_pcimac_addr sgi-net SGW_SGI_PCI SGI_MAC SGW_SGI_IP
+ DEVICES="-w $SGW_S1U_PCI -w $SGW_SGI_PCI"
+ SHARED_DIR="/opt/ngic/config/shared"
+ echo $SGW_S1U_IP > ${SHARED_DIR}/SGW_S1U_IP
+ else #dev --vdev af_packt
+ echo "vdev (AF_PACKET)"
+ # set the variables we provide
+ SGW_S1U_IP=$(netstat -ie | grep -A1 s1u-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ SGW_SGI_IP=$(netstat -ie | grep -A1 sgi-net | tail -1 | awk '{print $2}' | tr -d addr:)
+ S1U_MAC=$( netstat -ie | grep -B1 $SGW_S1U_IP | head -n1 | awk '{print $5}' )
+ SGI_MAC=$( netstat -ie | grep -B1 $SGW_SGI_IP | head -n1 | awk '{print $5}' )
+
+ DEVICES="--no-pci --vdev eth_af_packet0,iface=s1u-net --vdev eth_af_packet1,iface=sgi-net"
+ fi
+
+ if [ ! -d "/dev/hugepages" ]; then
+ MEMORY="--no-huge -m $((MEM_LIMIT-1024))"
+ fi
+
+ CORES="-c $(taskset -p $$ | awk '{print $NF}')"
+ SPGW_CFG="--spgw_cfg 03"
+ EAL_ARGS="${CORES} ${MEMORY} ${DEVICES}"
+
+ S1U="--s1u_ip ${SGW_S1U_IP} --s1u_mac ${S1U_MAC}"
+ SGI="--sgi_ip ${SGW_SGI_IP} --sgi_mac ${SGI_MAC} --sgi_gw_ip ${RTR_SGI_IP} --sgi_mask ${SGI_MASK}"
+ WORKERS="--num_workers 1"
+ MISC="--log 1"
+ APP_ARGS="${S1U} ${SGI} ${WORKERS} ${MISC} ${SPGW_CFG}"
+ interface.cfg: |
+ [0]
+ dp_comm_ip = 127.0.0.1
+ dp_comm_port = 20
+ cp_comm_ip = ngic-cp-0.ngic-cp.{{ .Values.namespace }}.cluster.global
+ cp_comm_port = 21
+ meter_profile.cfg: |
+ [GLOBAL]
+ NUM_OF_IDX = 7
+
+ [ENTRY_1]
+ ;Committed Information Rate (CIR). Measured in bytes per second.
+ ;MBR is mapped into CIR, convert MBR from bits to Bytes and set CIR.
+ CIR = 2342400
+ ;Committed Burst Size unit = Bytes
+ CBS = 5856
+ ;Excess Burst Size unit = Bytes
+ EBS = 11712
+ ;Meter profile index. Refer this index in static_pcc.cfg to set AMBR/MBR
+ MTR_PROFILE_IDX = 3
+
+ [ENTRY_2]
+ ;1200 = 1756800
+ ;1400 = 2049600
+ ;1600 = 2342400
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 4
+
+ [ENTRY_3]
+ ; QCI5,QCI7 15.571kbps = 1947 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 5
+
+ [ENTRY_4]
+ ; QCI1, 44kbps = 5500 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 6
+
+ [ENTRY_5]
+ ; QCI9, 31.143kbps = 3893 B
+ CIR = 2342400
+ CBS = 5856
+ EBS = 11712
+ MTR_PROFILE_IDX = 7
+
+ [ENTRY_6]
+ ; 128B, 7pps
+ CIR = 2342400
+ CBS = 512
+ EBS = 1024
+ MTR_PROFILE_IDX = 8
+
+ [ENTRY_7]
+ ; 128B, 2pps
+ CIR = 2342400
+ CBS = 512
+ EBS = 1024
+ MTR_PROFILE_IDX = 9
+
+ pcc_rules.cfg: |
+ [GLOBAL]
+ NUM_PCC_FILTERS = 9
+ ;To config AMBR/MBR values refer meter_profile.cfg. specify only the
+ ;meter profile index to be set here.
+ UL_AMBR_MTR_PROFILE_IDX = 3
+ DL_AMBR_MTR_PROFILE_IDX = 4
+
+ ;default filter - must be first for now (until DP doesn't install any filters)
+ ;associated with default adc rule
+ [PCC_FILTER_1]
+ RULE_NAME = DefaultRule
+ RATING_GROUP = 9
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 1
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 254
+ DROP_PKT_COUNT = 0
+ ;Specify the meter profile index from meter_profile.cfg
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of ADC filter indices
+ SDF_FILTER_IDX = 99998
+
+ [PCC_FILTER_2]
+ RULE_NAME = sdf_rule_1
+ RATING_GROUP = 5
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 2
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 1
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 5
+ DL_MBR_MTR_PROFILE_IDX = 5
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 1
+
+ [PCC_FILTER_3]
+ RULE_NAME = sdf_rule_2
+ RATING_GROUP = 1
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 3
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 18
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 6
+ DL_MBR_MTR_PROFILE_IDX = 6
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 2
+
+ [PCC_FILTER_4]
+ RULE_NAME = adc_rule_1
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Internet
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 8
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ REDIRECT_INFO = 0
+ SPONSOR_ID = Example
+ PRECEDENCE = 15
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 1
+
+ [PCC_FILTER_5]
+ RULE_NAME = adc_rule_2
+ RATING_GROUP = 0
+ SERVICE_ID = CIPA
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 9
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 4
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 0
+ DL_MBR_MTR_PROFILE_IDX = 0
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 2
+
+ [PCC_FILTER_6]
+ RULE_NAME = sdf_rule_3
+ RATING_GROUP = 7
+ SERVICE_ID = 0
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 4
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = 0
+ REDIRECT_INFO = 0
+ PRECEDENCE = 17
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 5
+ DL_MBR_MTR_PROFILE_IDX = 5
+ ;List of SDF filter indices
+ SDF_FILTER_IDX = 3
+
+ [PCC_FILTER_7]
+ RULE_NAME = adc_rule_3
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Internet
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 5
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 210
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 4
+
+ [PCC_FILTER_8]
+ RULE_NAME = adc_rule_4
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Management
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 6
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 200
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 12
+
+ [PCC_FILTER_9]
+ RULE_NAME = adc_rule_5
+ RATING_GROUP = Zero-Rate
+ SERVICE_ID = Provisioning
+ RULE_STATUS = 0
+ GATE_STATUS = 1
+ SESSION_CONT = 0
+ REPORT_LEVEL = 7
+ CHARGING_MODE = 0
+ METERING_METHOD = 0
+ MUTE_NOTIFY = 0
+ MONITORING_KEY = 0
+ SPONSOR_ID = Example
+ REDIRECT_INFO = 0
+ PRECEDENCE = 220
+ DROP_PKT_COUNT = 0
+ UL_MBR_MTR_PROFILE_IDX = 7
+ DL_MBR_MTR_PROFILE_IDX = 7
+ ;List of SDF filter indices
+ ADC_FILTER_IDX = 3
+ sdf_rules.cfg: |
+ [GLOBAL]
+ NUM_SDF_FILTERS = 4
+
+ [SDF_FILTER_1]
+ DIRECTION = downlink_only
+ IPV4_REMOTE = 13.2.1.113
+ IPV4_REMOTE_MASK = 255.255.255.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 0
+ LOCAL_HIGH_LIMIT_PORT = 65535
+ REMOTE_LOW_LIMIT_PORT = 0
+ REMOTE_HIGH_LIMIT_PORT = 65535
+
+ [SDF_FILTER_2]
+ DIRECTION = uplink_only
+ IPV4_LOCAL = 16.255.255.0
+ IPV4_LOCAL_MASK = 255.255.255.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 0
+ LOCAL_HIGH_LIMIT_PORT = 65535
+ REMOTE_LOW_LIMIT_PORT = 0
+ REMOTE_HIGH_LIMIT_PORT = 65535
+
+ [SDF_FILTER_3]
+ DIRECTION = downlink_only
+ IPV4_REMOTE = 130.10.0.0
+ IPV4_REMOTE_MASK = 255.255.0.0
+ PROTOCOL = 17
+ REMOTE_LOW_LIMIT_PORT = 5060
+ REMOTE_HIGH_LIMIT_PORT = 5060
+
+ [SDF_FILTER_4]
+ DIRECTION = uplink_only
+ IPV4_REMOTE = 103.1.0.0
+ IPV4_REMOTE_MASK = 255.255.0.0
+ PROTOCOL = 17
+ LOCAL_LOW_LIMIT_PORT = 17000
+ LOCAL_HIGH_LIMIT_PORT = 17010
+
diff --git a/mcord/mcord-data-plane/templates/dp.yaml b/mcord/mcord-data-plane/templates/dp.yaml
new file mode 100644
index 0000000..f7da922
--- /dev/null
+++ b/mcord/mcord-data-plane/templates/dp.yaml
@@ -0,0 +1,135 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngic-dp
+spec:
+ selector:
+ app: ngic-dp
+ clusterIP: None
+ ports:
+ - name: sx
+ port: {{ .Values.ngic_dp.ports.sx }}
+ protocol: UDP
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ namespace: {{ .Values.namespace }}
+ name: ngic-dp
+ labels:
+ app: ngic-dp
+spec:
+ replicas: {{ .Values.ngic_dp.replicas }}
+ selector:
+ matchLabels:
+ app: ngic-dp
+ serviceName: "ngic-dp"
+ template:
+ metadata:
+ namespace: {{ .Values.namespace }}
+ labels:
+ app: ngic-dp
+ annotations:
+ k8s.v1.cni.cncf.io/networks: '[
+ { "name": "s1u-net", "interface": "s1u-net", "namespace": "default" },
+ { "name": "sgi-net", "interface": "sgi-net", "namespace": "default" }
+ ]'
+ spec:
+ initContainers:
+ - name: init-iptables
+ image: {{ .Values.ngic_dp.images.init }}
+ command: [ "sh", "-c"]
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
+ args:
+ - iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
+ terminationGracePeriodSeconds: 1
+ containers:
+ - name: ngic
+ image: {{ .Values.ngic_dp.images.dp }}
+ imagePullPolicy: IfNotPresent
+ stdin: true
+ tty: true
+ env:
+ - name: RTR_SGI_IP
+ value: {{ .Values.ngic_dp.config.rtr_sgi_ip }}
+ - name: SGI_MASK
+ value: {{ .Values.ngic_dp.config.sgi_mask }}
+ - name: MEM_LIMIT
+ valueFrom:
+ resourceFieldRef:
+ containerName: ngic
+ resource: limits.memory
+ divisor: 1Mi
+ command: [ "bash", "-cx", "ifconfig -a; . /opt/ngic/config/dp_config.cfg ; ./ngic_dataplane $EAL_ARGS -- $APP_ARGS"]
+ #command: ["sleep", "3600"]
+ volumeMounts:
+ - name: config-volume
+ mountPath: /opt/ngic/config
+ {{- if .Values.ngic_dp.config.hugepage_enabled}}
+ - name: hugepage
+ mountPath: /dev/hugepages
+ {{- end}}
+ - name: shared-data
+ mountPath: /opt/ngic/config/shared
+ {{- if .Values.ngic_dp.config.dpdk_enabled}}
+ - name: sriov-volume
+ mountPath: /sriov-cni
+ - name: vfio-volume
+ mountPath: /dev/vfio
+ {{- end}}
+ resources:
+ limits:
+ hugepages-1Gi: {{ .Values.ngic_dp.resources.hugepage }}
+ cpu: {{ .Values.ngic_dp.resources.cpu }}
+ memory: {{ .Values.ngic_dp.resources.mem }}
+ intel.com/sriov: '2'
+ securityContext:
+ {{- if .Values.ngic_dp.config.dpdk_enabled}}
+ privileged: true
+ {{- else}}
+ capabilities:
+ add:
+ - NET_ADMIN
+ - IPC_LOCK
+ {{- end}}
+ volumes:
+ - name: config-volume
+ configMap:
+ name: ngicdp-config
+ {{- if .Values.ngic_dp.config.hugepage_enabled }}
+ - name: hugepage
+ emptyDir:
+ medium: HugePages
+ {{- end}}
+ - name: shared-data
+ emptyDir: {}
+ {{- if .Values.ngic_dp.config.dpdk_enabled}}
+ - name: sriov-volume
+ hostPath:
+ path: /var/lib/cni/sriov
+ type: Directory
+ - name: vfio-volume
+ hostPath:
+ path: /dev/vfio
+ type: Directory
+ {{- end}}
diff --git a/mcord/mcord-data-plane/values.yaml b/mcord/mcord-data-plane/values.yaml
new file mode 100644
index 0000000..80c4852
--- /dev/null
+++ b/mcord/mcord-data-plane/values.yaml
@@ -0,0 +1,37 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for mcord-vepc-helm.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+ngic_dp:
+ images:
+ init: "ngick8stesting/c3po-mmeinit"
+ dp: "ngick8stesting/ngic-dp:690f418"
+ ports:
+ sx: 20
+ replicas: 1
+ resources:
+ cpu: 8
+ mem: "1Gi"
+ hugepage: "8Gi"
+ config:
+ rtr_sgi_ip: "13.1.1.254"
+ sgi_mask: "255.255.255.0"
+ dpdk_enabled: false
+ hugepage_enabled: true
+
+namespace: epc