Changes to SFC User Guide for Boron M3

- Added VPP and IOS XE Renderers
- Renamed sfcofl2 to sfc-openflow-renderer
- Added IOS-XE Renderer overview
- Added SFC Proof of Transit overview

Change-Id: I0b2c6b5e18b47af02db961dd9f1cf5eabaeda5a7
Signed-off-by: Brady Johnson <brady.allen.johnson@ericsson.com>
Signed-off-by: Jose-Santos Pulido Garcia <jose.santos.pulido.garcia@ericsson.com>
Signed-off by: Vladimir Lavor <vlavor@cisco.com>
Signed-off by: Srihari Raghavan <srihari@cisco.com>

diff --git a/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-iosxe-renderer-user.adoc b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-iosxe-renderer-user.adoc
new file mode 100644 (file)
index 0000000..5f6ef9e
--- /dev/null
+++ b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-iosxe-renderer-user.adoc
@@ -0,0 +1,315 @@
+=== SFC IOS XE Renderer User Guide
+
+:SFCIOSXERNDR: SFC IOS-XE renderer
+
+==== Overview
+The early Service Function Chaining (SFC) renderer for IOS-XE devices
+({SFCIOSXERNDR}) implements Service Chaining functionality on IOS-XE
+capable switches. It listens for the creation of a Rendered Service
+Path (RSP) and sets up Service Function Forwarders (SFF) that are hosted
+on IOS-XE switches to steer traffic through the service chain.
+
+Common acronyms used in the following sections:
+
+* SF - Service Function
+* SFF - Service Function Forwarder
+* SFC - Service Function Chain
+* SP - Service Path
+* SFP - Service Function Path
+* RSP - Rendered Service Path
+* LSF - Local Service Forwarder
+* RSF - Remote Service Forwarder
+
+==== SFC IOS-XE Renderer Architecture
+When the {SFCIOSXERNDR} is initialized, all required listeners are registered
+to handle incoming data. It involves CSR/IOS-XE +NodeListener+ which stores
+data about all configurable devices including their mountpoints (used here
+as databrokers), +ServiceFunctionListener+, +ServiceForwarderListener+
+(see mapping) and +RenderedPathListener+ used to listen for
+RSP changes. When the {SFCIOSXERNDR} is invoked, +RenderedPathListener+ calls
+the +IosXeRspProcessor+ which processes the RSP change and creates all necessary
+Service Paths and Remote Service Forwarders (if necessary) on IOS-XE devices.
+
+==== Service Path details
+Each Service Path is defined by index (represented by NSP) and contains
+service path entries. Each entry has appropriate service index
+(NSI) and definition of next hop. Next hop can be Service Function, different
+Service Function Forwarder or definition of end of chain - terminate. After
+terminating, the packet is sent to destination. If a SFF is defined as a next hop,
+it has to be present on device in the form of Remote Service Forwarder.
+RSFs are also created during RSP processing.
+
+Example of Service Path:
+
+ service-chain service-path 200
+    service-index 255 service-function firewall-1
+    service-index 254 service-function dpi-1
+    service-index 253 terminate
+
+==== Mapping to IOS-XE SFC entities
+Renderer contains mappers for SFs and SFFs. IOS-XE capable device is using its
+own definition of Service Functions and Service Function Forwarders according to
+appropriate .yang file.
++ServiceFunctionListener+ serves as a listener for SF changes. If SF appears in
+datastore, listener extracts its management ip address and looks into cached IOS-XE
+nodes. If some of available nodes match, Service function is mapped
+in +IosXeServiceFunctionMapper+ to be understandable by IOS-XE device and it's
+written into device's config.
++ServiceForwarderListener+ is used in a similar way. All SFFs with suitable
+management ip address it mapped in +IosXeServiceForwarderMapper+. Remapped SFFs
+are configured as a Local Service Forwarders. It is not possible to directly create
+Remote Service Forwarder using IOS-XE renderer. RSF is created only during RSP processing.
+
+==== Administering {SFCIOSXERNDR}
+To use the SFC IOS-XE Renderer Karaf, at least the following Karaf
+features must be installed:
+
+* odl-aaa-shiro
+* odl-sfc-model
+* odl-sfc-provider
+* odl-restconf
+* odl-netconf-topology
+* odl-sfc-ios-xe-renderer
+
+==== {SFCIOSXERNDR} Tutorial
+
+===== Overview
+This tutorial is a simple example how to create Service Path on IOS-XE capable device
+using IOS-XE renderer
+
+===== Preconditions
+To connect to IOS-XE device, it is necessary to use several modified yang models and override
+device's ones. All .yang files are in the +Yang/netconf+ folder in the +sfc-ios-xe-renderer module+ in
+the SFC project. These files have to be copied to the +cache/schema+ directory, before
+Karaf is started. After that, custom capabilities have to be sent to network-topology:
+
+----
+PUT ./config/network-topology:network-topology/topology/topology-netconf/node/<device-name>
+
+<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
+  <node-id>device-name</node-id>
+  <host xmlns="urn:opendaylight:netconf-node-topology">device-ip</host>
+  <port xmlns="urn:opendaylight:netconf-node-topology">2022</port>
+  <username xmlns="urn:opendaylight:netconf-node-topology">login</username>
+  <password xmlns="urn:opendaylight:netconf-node-topology">password</password>
+  <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
+  <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">0</keepalive-delay>
+  <yang-module-capabilities xmlns="urn:opendaylight:netconf-node-topology">
+     <override>true</override>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&amp;revision=2013-07-15
+     </capability>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&amp;revision=2013-07-15
+     </capability>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        urn:ios?module=ned&amp;revision=2016-03-08
+     </capability>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        http://tail-f.com/yang/common?module=tailf-common&amp;revision=2015-05-22
+     </capability>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        http://tail-f.com/yang/common?module=tailf-meta-extensions&amp;revision=2013-11-07
+     </capability>
+     <capability xmlns="urn:opendaylight:netconf-node-topology">
+        http://tail-f.com/yang/common?module=tailf-cli-extensions&amp;revision=2015-03-19
+     </capability>
+  </yang-module-capabilities>
+</node>
+----
+
+NOTE: The device name in the URL and in the XML must match.
+
+===== Instructions
+When the IOS-XE renderer is installed, all NETCONF nodes in topology-netconf are
+processed and all capable nodes with accessible mountpoints are cached.
+The first step is to create LSF on node.
+
++Service Function Forwarder configuration+
+
+----
+PUT ./config/service-function-forwarder:service-function-forwarders
+
+{
+    "service-function-forwarders": {
+        "service-function-forwarder": [
+            {
+                "name": "CSR1Kv-2",
+                "ip-mgmt-address": "172.25.73.23",
+                "sff-data-plane-locator": [
+                    {
+                        "name": "CSR1Kv-2-dpl",
+                        "data-plane-locator": {
+                            "transport": "service-locator:vxlan-gpe",
+                            "port": 6633,
+                            "ip": "10.99.150.10"
+                        }
+                    }
+                ]
+            }
+        ]
+    }
+}
+----
+
+If the IOS-XE node with appropriate management IP exists, this configuration
+is mapped and LSF is created on the device. The same approach is used for
+Service Functions.
+
+----
+PUT ./config/service-function:service-functions
+
+{
+    "service-functions": {
+        "service-function": [
+            {
+                "name": "Firewall",
+                "ip-mgmt-address": "172.25.73.23",
+                "type": "service-function-type: firewall",
+                "nsh-aware": true,
+                "sf-data-plane-locator": [
+                    {
+                        "name": "firewall-dpl",
+                        "port": 6633,
+                        "ip": "12.1.1.2",
+                        "transport": "service-locator:gre",
+                        "service-function-forwarder": "CSR1Kv-2"
+                    }
+                ]
+            },
+            {
+                "name": "Dpi",
+                "ip-mgmt-address": "172.25.73.23",
+                "type":"service-function-type: dpi",
+                "nsh-aware": true,
+                "sf-data-plane-locator": [
+                    {
+                        "name": "dpi-dpl",
+                        "port": 6633,
+                        "ip": "12.1.1.1",
+                        "transport": "service-locator:gre",
+                        "service-function-forwarder": "CSR1Kv-2"
+                    }
+                ]
+            },
+            {
+                "name": "Qos",
+                "ip-mgmt-address": "172.25.73.23",
+                "type":"service-function-type: qos",
+                "nsh-aware": true,
+                "sf-data-plane-locator": [
+                    {
+                        "name": "qos-dpl",
+                        "port": 6633,
+                        "ip": "12.1.1.4",
+                        "transport": "service-locator:gre",
+                        "service-function-forwarder": "CSR1Kv-2"
+                    }
+                ]
+            }
+        ]
+    }
+}
+----
+
+All these SFs are configured on the same device as the LSF. The next step is to
+prepare Service Function Chain. SFC is symmetric.
+
+----
+PUT ./config/service-function-chain:service-function-chains/
+
+{
+    "service-function-chains": {
+        "service-function-chain": [
+            {
+                "name": "CSR3XSF",
+                "symmetric": "true",
+                "sfc-service-function": [
+                    {
+                        "name": "Firewall",
+                        "type": "service-function-type: firewall"
+                    },
+                    {
+                        "name": "Dpi",
+                        "type": "service-function-type: dpi"
+                    },
+                    {
+                        "name": "Qos",
+                        "type": "service-function-type: qos"
+                    }
+                ]
+            }
+        ]
+    }
+}
+----
+
+Service Function Path:
+
+----
+PUT ./config/service-function-path:service-function-paths/
+
+{
+    "service-function-paths": {
+        "service-function-path": [
+            {
+                "name": "CSR3XSF-Path",
+                "service-chain-name": "CSR3XSF",
+                "starting-index": 255,
+                "symmetric": "true"
+            }
+        ]
+    }
+}
+----
+
+Without a classifier, there is possibility to POST RSP directly.
+
+----
+POST ./operations/rendered-service-path:create-rendered-path
+
+{
+  "input": {
+      "name": "CSR3XSF-Path-RSP",
+      "parent-service-function-path": "CSR3XSF-Path",
+      "symmetric": true
+  }
+}
+----
+
+The resulting configuration:
+
+----
+!
+service-chain service-function-forwarder local
+  ip address 10.99.150.10
+!
+service-chain service-function firewall
+ip address 12.1.1.2
+  encapsulation gre enhanced divert
+!
+service-chain service-function dpi
+ip address 12.1.1.1
+  encapsulation gre enhanced divert
+!
+service-chain service-function qos
+ip address 12.1.1.4
+  encapsulation gre enhanced divert
+!
+service-chain service-path 1
+  service-index 255 service-function firewall
+  service-index 254 service-function dpi
+  service-index 253 service-function qos
+  service-index 252 terminate
+!
+service-chain service-path 2
+  service-index 255 service-function qos
+  service-index 254 service-function dpi
+  service-index 253 service-function firewall
+  service-index 252 terminate
+!
+----
+
+Service Path 1 is direct, Service Path 2 is reversed. Path numbers may vary.
+
+:SFCIOSXERNDR!:

diff --git a/manuals/user-guide/src/main/asciidoc/sfc/odl-sfcofl2-user.adoc b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-openflow-renderer-user.adoc
similarity index 95%
rename from manuals/user-guide/src/main/asciidoc/sfc/odl-sfcofl2-user.adoc
rename to manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-openflow-renderer-user.adoc
index ed1b131576e535d1d753846d652575ad9d75d2da..4e2e661c8e7e9bea0cdf649b87641a77076f4dd7 100644 (file)
--- a/manuals/user-guide/src/main/asciidoc/sfc/odl-sfcofl2-user.adoc
+++ b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-openflow-renderer-user.adoc
@@ -1,7 +1,9 @@
 === SFC OpenFlow Renderer User Guide
 
 === SFC OpenFlow Renderer User Guide
 

+:SFCOFRNDR: SFC OF Renderer
+

 ==== Overview
 ==== Overview

-The Service Function Chaining (SFC) OpenFlow Renderer (SFCOFL2)
+The Service Function Chaining (SFC) OpenFlow Renderer ({SFCOFRNDR})

 implements Service Chaining on OpenFlow switches. It listens for the
 creation of a Rendered Service Path (RSP), and once received it programs
 Service Function Forwarders (SFF) that are hosted on OpenFlow capable
 implements Service Chaining on OpenFlow switches. It listens for the
 creation of a Rendered Service Path (RSP), and once received it programs
 Service Function Forwarders (SFF) that are hosted on OpenFlow capable


@@ -16,16 +18,16 @@ Common acronyms used in the following sections:
 * RSP - Rendered Service Path
 
 ==== SFC OpenFlow Renderer Architecture
 * RSP - Rendered Service Path
 
 ==== SFC OpenFlow Renderer Architecture

-The SFCOFL2 is invoked after a RSP is created using an MD-SAL listener
-called +SfcL2RspDataListener+. Upon SFCOFL2 initialization, the
-+SfcL2RspDataListener+ registers itself to listen for RSP changes.
-When invoked, the +SfcL2RspDataListener+ processes the RSP and calls
-the +SfcL2FlowProgrammerOFImpl+ to create the necessary flows in the
+The {SFCOFRNDR} is invoked after a RSP is created using an MD-SAL listener
+called +SfcOfRspDataListener+. Upon {SFCOFRNDR} initialization, the
++SfcOfRspDataListener+ registers itself to listen for RSP changes.
+When invoked, the +SfcOfRspDataListener+ processes the RSP and calls
+the +SfcOfFlowProgrammerImpl+ to create the necessary flows in the

 Service Function Forwarders configured in the RSP. Refer to the
 following diagram for more details.
 
 .SFC OpenFlow Renderer High Level Architecture
 Service Function Forwarders configured in the RSP. Refer to the
 following diagram for more details.
 
 .SFC OpenFlow Renderer High Level Architecture

-image::sfc/sfcofl2_architecture.jpg["SFC OpenFlow Renderer High Level Architecture",width=500]
+image::sfc/sfcofrenderer_architecture.png["SFC OpenFlow Renderer High Level Architecture",width=500]

 
 ==== SFC OpenFlow Switch Flow pipeline
 The SFC OpenFlow Renderer uses the following tables for its Flow pipeline:
 
 ==== SFC OpenFlow Switch Flow pipeline
 The SFC OpenFlow Renderer uses the following tables for its Flow pipeline:


@@ -47,7 +49,7 @@ tables in the following sections are as described in the following
 diagram.
 
 .SFC OpenFlow Renderer Typical Network Topology
 diagram.
 
 .SFC OpenFlow Renderer Typical Network Topology

-image::sfc/sfcofl2_architecture_nwtopo.jpg["SFC OpenFlow Renderer Typical Network Topology",width=500]
+image::sfc/sfcofrenderer_nwtopo.png["SFC OpenFlow Renderer Typical Network Topology",width=500]

 
 ===== Classifier Table detailed
 
 
 ===== Classifier Table detailed
 


@@ -68,7 +70,7 @@ VLAN is used for the SFF-SF, and the other where the RSP ingress tunnel is NSH
 GRE (UDP port 4789):
 
 .Table Transport Ingress
 GRE (UDP port 4789):
 
 .Table Transport Ingress

-[width=60%]
+[cols="1,3,2"]

 |===
 |Priority |Match | Action
 
 |===
 |Priority |Match | Action
 


@@ -151,7 +153,7 @@ RSP Path 1 ingress packets come from external to SFC, for which we don’t have
 the source MAC address (MacSrc).
 
 .Table Next Hop
 the source MAC address (MacSrc).
 
 .Table Next Hop

-[width=75%]
+[cols="1,3,3"]

 |===
 |Priority |Match | Action
 
 |===
 |Priority |Match | Action
 


@@ -198,7 +200,7 @@ assumed that switches used for NSH will only have one VXLANport, the NSH
 packets are just sent back where they came from.
 
 .Table Transport Egress
 packets are just sent back where they came from.
 
 .Table Transport Egress

-[width=60%]
+[cols="1,3,3"]

 |===
 |Priority |Match | Action
 
 |===
 |Priority |Match | Action
 


@@ -235,7 +237,7 @@ packets are just sent back where they came from.
 |Drop
 |===
 
 |Drop
 |===
 

-==== Administering SFCOFL2
+==== Administering {SFCOFRNDR}

 To use the SFC OpenFlow Renderer Karaf, at least the following Karaf
 features must be installed.
 
 To use the SFC OpenFlow Renderer Karaf, at least the following Karaf
 features must be installed.
 


@@ -243,7 +245,7 @@ features must be installed.
 * odl-openflowplugin-flow-services
 * odl-sfc-provider
 * odl-sfc-model
 * odl-openflowplugin-flow-services
 * odl-sfc-provider
 * odl-sfc-model

-* odl-sfcofl2
+* odl-sfc-openflow-renderer

 * odl-sfc-ui (optional)
 
 The following command can be used to view all of the currently installed Karaf features:
 * odl-sfc-ui (optional)
 
 The following command can be used to view all of the currently installed Karaf features:


@@ -256,7 +258,7 @@ Or, pipe the command to a grep to see a subset of the currently installed Karaf
 
 To install a particular feature, use the Karaf `feature:install` command.
 
 
 To install a particular feature, use the Karaf `feature:install` command.
 

-==== SFCOFL2 Tutorial
+==== {SFCOFRNDR} Tutorial

 
 ===== Overview
 In this tutorial, 2 different encapsulations will be shown: MPLS and NSH. The
 
 ===== Overview
 In this tutorial, 2 different encapsulations will be shown: MPLS and NSH. The


@@ -264,7 +266,7 @@ following Network Topology diagram is a logical view of the SFFs and SFs involve
 in creating the Service Chains.
 
 .SFC OpenFlow Renderer Typical Network Topology
 in creating the Service Chains.
 
 .SFC OpenFlow Renderer Typical Network Topology

-image::sfc/sfcofl2_architecture_nwtopo.jpg["SFC OpenFlow Renderer Typical Network Topology",width=500]
+image::sfc/sfcofrenderer_nwtopo.png["SFC OpenFlow Renderer Typical Network Topology",width=500]

 
 ===== Prerequisites
 To use this example, SFF OpenFlow switches must be created and
 
 ===== Prerequisites
 To use this example, SFF OpenFlow switches must be created and


@@ -283,7 +285,7 @@ There are numerous ways to send the configuration. In the following
 configuration chapters, the appropriate `curl` command is shown for
 each configuration to be sent, including the URL.
 
 configuration chapters, the appropriate `curl` command is shown for
 each configuration to be sent, including the URL.
 

-Steps to configure the SFCOFL2 tutorial:
+Steps to configure the {SFCOFRNDR} tutorial:

 
 . Send the `SF` RESTCONF configuration
 . Send the `SFF` RESTCONF configuration
 
 . Send the `SF` RESTCONF configuration
 . Send the `SFF` RESTCONF configuration


@@ -313,7 +315,7 @@ In all the following configuration sections, replace the `${JSON}`
 string with the appropriate JSON configuration. Also, change the
 `localhost` desintation in the URL accordingly.
 
 string with the appropriate JSON configuration. Also, change the
 `localhost` desintation in the URL accordingly.
 

-====== SFCOFL2 NSH Tutorial
+====== {SFCOFRNDR} NSH Tutorial

 
 The following configuration sections show how to create the different elements
 using NSH encapsulation.
 
 The following configuration sections show how to create the different elements
 using NSH encapsulation.


@@ -512,7 +514,7 @@ The following command can be used to query all of the created Rendered Service P
  curl -H "Content-Type: application/json" -H "Cache-Control: no-cache" -X GET --user admin:admin http://localhost:8181/restconf/operational/rendered-service-path:rendered-service-paths/
 
 
  curl -H "Content-Type: application/json" -H "Cache-Control: no-cache" -X GET --user admin:admin http://localhost:8181/restconf/operational/rendered-service-path:rendered-service-paths/
 
 

-====== SFCOFL2 MPLS Tutorial
+====== {SFCOFRNDR} MPLS Tutorial

 
 The following configuration sections show how to create the different elements
 using MPLS encapsulation.
 
 The following configuration sections show how to create the different elements
 using MPLS encapsulation.


@@ -778,3 +780,8 @@ The following command can be used to query all of the created Rendered Service P
 
  curl -H "Content-Type: application/json" -H "Cache-Control: no-cache" -X GET --user admin:admin http://localhost:8181/restconf/operational/rendered-service-path:rendered-service-paths/
 
 
  curl -H "Content-Type: application/json" -H "Cache-Control: no-cache" -X GET --user admin:admin http://localhost:8181/restconf/operational/rendered-service-path:rendered-service-paths/
 

+
+
+
+:SFCOFRNDR!:
+

diff --git a/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-pot-user.adoc b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-pot-user.adoc
new file mode 100644 (file)
index 0000000..d1fafc8
--- /dev/null
+++ b/manuals/user-guide/src/main/asciidoc/sfc/odl-sfc-pot-user.adoc
@@ -0,0 +1,145 @@
+=== SFC Proof of Transit User Guide
+
+:SFCPOT: SFC Proof of Transit
+
+==== Overview
+Early Service Function Chaining (SFC) Proof of Transit ({SFCPOT})
+implements Service Chaining Proof of Transit functionality on
+capable switches.  After the creation of an Rendered Service
+Path (RSP), a user can configure to enable SFC proof of transit
+on the selected RSP to effect the proof of transit.
+
+Common acronyms used in the following sections:
+
+* SF - Service Function
+* SFF - Service Function Forwarder
+* SFC - Service Function Chain
+* SFP - Service Function Path
+* RSP - Rendered Service Path
+* SFCPOT - Service Function Chain Proof of Transit
+
+==== SFC Proof of Transit Architecture
+When {SFCPOT} is initialized, all required listeners are registered
+to handle incoming data. It involves +SfcPotNodeListener+ which stores
+data about all node devices including their mountpoints (used here
+as databrokers), +SfcPotRSPDataListener+, +RenderedPathListener+.
++RenderedPathListener+ is used to listen for RSP changes.
++SfcPotRSPDataListener+ implements RPC services to enable or disable
+SFC Proof of Transit on a particular RSP.  When the {SFCPOT} is invoked,
+RSP listeners and service implementations are setup to receive SFCPOT
+configurations.  When a user configures via a POST RPC call to enable
+SFCPOT on a particular RSP, the configuration drives the creation of
+necessary augmentations to the RSP to effect the SFCPOT configurations.
+
+==== SFC Proof of Transit details
+Several deployments use traffic engineering, policy routing,
+segment routing or service function chaining (SFC) to steer packets
+through a specific set of nodes. In certain cases regulatory obligations
+or a compliance policy require to prove that all packets that are
+supposed to follow a specific path are indeed being forwarded across
+the exact set of nodes specified. I.e. if a packet flow is supposed to
+go through a series of service functions or network nodes, it has to
+be proven that all packets of the flow actually went through the
+service chain or collection of nodes specified by the policy.
+In case the packets of a flow weren't appropriately processed, a
+proof of transit egress device would be required to identify the policy
+violation and take corresponding actions (e.g. drop or redirect the packet,
+send an alert etc.) corresponding to the policy.
+
+The SFCPOT approach is based on meta-data which is added to every packet.
+The meta data is updated at every hop and is used to verify whether
+a packet traversed all required nodes. A particular path is either
+described by a set of secret keys, or a set of shares of a single
+secret. Nodes on the path retrieve their individual keys or shares
+of a key (using for e.g. Shamir's Shared Sharing Secret scheme) from
+a central controller. The complete key set is only known to the
+verifier- which is typically the ultimate node on a path that
+requires proof of transit. Each node in the path uses its secret or share
+of the secret to update the meta-data of the packets as the packets
+pass through the node. When the verifier receives a packet, it can use
+its key(s) along with the meta-data to validate whether the packet
+traversed the service chain correctly.
+
+==== SFC Proof of Transit entities
+In order to implement SFC Proof of Transit for a service function chain,
+an RSP is a pre-requisite to identify the SFC to enable SFC PoT
+on.  SFC Proof of Transit for a particular RSP is enabled by an RPC request
+to the controller along with necessary parameters to control some of the
+aspects of the SFC Proof of Transit process.
+
+The RPC handler identifies the RSP and generates SFC Proof of Transit
+parameters like secret share, secret etc., and adds the generated SFCPOT
+configuration parameters to SFC main as well as the various SFC hops.
+The last node in the SFC is configured as a verifier node to allow SFCPOT
+Proof of Transit process to be completed.
+
+The SFCPOT configuration generators and related handling are done by
++SfcPotAPI+, +SfcPotConfigGenerator+,
++SfcPotListener+, +SfcPotPolyAPI+,
++SfcPotPolyClassAPI+ and +SfcPotPolyClass+.
+
+==== Administering {SFCPOT}
+To use the SFC Proof of Transit Karaf, at least the following Karaf
+features must be installed:
+
+* odl-sfc-model
+* odl-sfc-provider
+* odl-sfc-netconf
+* odl-restconf
+* odl-netconf-topology
+* odl-netconf-connector-all
+* odl-sfc-pot
+
+==== {SFCPOT} Tutorial
+
+===== Overview
+This tutorial is a simple example how to configure Service Function Chain
+Proof of Transit using SFC POT feature.
+
+===== Preconditions
+To enable a device to handle SFC Proof of Transit, it is expected that the netconf server
+device advertise capability as under ioam-scv.yang present under src/main/yang folder of
+sfc-pot feature.  It is also expected that netconf notifications be enabled and its
+support capability advertised as capabilities.
+
+It is also expected that the devices are netconf mounted and available in the
+topology-netconf store.
+
+===== Instructions
+When SFC Proof of Transit is installed, all netconf nodes in topology-netconf are
+processed and all capable nodes with accessible mountpoints are cached.
+
+First step is to create the required RSP as usually done.
+
+Once RSP name is avaiable it is used to send a POST RPC to the controller similar to
+below:
+
+----
+
+POST ./restconf/operations/sfc-ioam-nb-pot:enable-sfc-ioam-pot-rendered-path
+
+{
+  "input": {
+    "sfc-ioam-pot-rsp-name": "rsp1"
+  }
+}
+
+----
+
+The following can be used to disable the SFC Proof of Transit on an RSP which removes
+the augmentations and stores back the RSP without the SFCPOT enabled features and also
+sending down a delete configuration to the SFCPOT configuration sub-tree in the nodes.
+
+----
+
+POST ./restconf/operations/sfc-ioam-nb-pot:disable-sfc-ioam-pot-rendered-path
+
+{
+  "input": {
+    "sfc-ioam-pot-rsp-name": "rsp1"
+  }
+}
+
+----
+
+:SFCPOT!:

diff --git a/manuals/user-guide/src/main/asciidoc/sfc/sfc.adoc b/manuals/user-guide/src/main/asciidoc/sfc/sfc.adoc
index 40123e91bb357676a8214b58b27dcf83dcd09f53..013e9c7e3b7b851a3b14f90ac7d3729ef1412e54 100644 (file)
--- a/manuals/user-guide/src/main/asciidoc/sfc/sfc.adoc
+++ b/manuals/user-guide/src/main/asciidoc/sfc/sfc.adoc
@@ -10,7 +10,13 @@ include::odl-sfc-ovs-user.adoc[SFC OVS User guide]
 
 include::odl-sfc-classifier-user.adoc[SFC Classifier configuration User guide]
 
 
 include::odl-sfc-classifier-user.adoc[SFC Classifier configuration User guide]
 

-include::odl-sfcofl2-user.adoc[SFC OpenFlow Renderer user guide]
+// SFC Renderers
+include::odl-sfc-openflow-renderer-user.adoc[SFC OpenFlow Renderer]
+
+include::odl-sfc-iosxe-renderer-user.adoc[SFC IOS XE Renderer]
+
+include::odl-sfc-vpp-renderer-user.adoc[SFC VPP Renderer]
+// SFC Renderers

 
 include::odl-sfc-sf-scheduler-user.adoc[Service Function selection scheduler]
 
 
 include::odl-sfc-sf-scheduler-user.adoc[Service Function selection scheduler]
 


@@ -18,3 +24,5 @@ include::odl-sfc-sf-scheduler-user.adoc[Service Function selection scheduler]
 // include::odl-sfc-sf-monitoring-user.adoc[Service Function Monitoring]
 
 include::odl-sfc-load-balance-user.adoc[Service Function Grouping and Load Balancing user guide]
 // include::odl-sfc-sf-monitoring-user.adoc[Service Function Monitoring]
 
 include::odl-sfc-load-balance-user.adoc[Service Function Grouping and Load Balancing user guide]

+
+include::odl-sfc-pot-user.adoc[SFC Proof of Transit]

diff --git a/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture.jpg b/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture.jpg
deleted file mode 100644 (file)
index c16b8d4..0000000
Binary files a/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture.jpg and /dev/null differ

diff --git a/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture_nwtopo.jpg b/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture_nwtopo.jpg
deleted file mode 100644 (file)
index 788431c..0000000
Binary files a/manuals/user-guide/src/main/resources/images/sfc/sfcofl2_architecture_nwtopo.jpg and /dev/null differ

diff --git a/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_architecture.png b/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_architecture.png
new file mode 100644 (file)
index 0000000..a6c6c5a
Binary files /dev/null and b/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_architecture.png differ

diff --git a/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_nwtopo.png b/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_nwtopo.png
new file mode 100644 (file)
index 0000000..51ccb97
Binary files /dev/null and b/manuals/user-guide/src/main/resources/images/sfc/sfcofrenderer_nwtopo.png differ