├── basic-gateway
    ├── init-cfg.txt
    ├── OpenStack-Heat-Template-RN.pdf
    ├── pan_basic_gw_env.yaml
    ├── README
    ├── pan_basic_gw.yaml
    └── bootstrap.xml
├── Service-Scaling
    ├── init-cfg.txt
    ├── OpenStack-Heat-Template-RN.pdf
    ├── Service_Scaling_env.yaml
    ├── README.txt
    ├── service_instance.yaml
    ├── Service_Scaling_bootstrap.xml
    └── Service_Scaling_template.yaml
├── redhat-queens
    └── basic-gateway
    │   ├── init-cfg.txt
    │   ├── pan_basic_gw_env.yaml
    │   ├── README
    │   ├── pan_basic_gw.yaml
    │   └── bootstrap.xml
├── Service-Chaining
    ├── Service-Chaining-L3
    │   ├── init-cfg.txt
    │   ├── Service_Chaining_env_L3.yaml
    │   ├── README_L3.rtf
    │   ├── Service_Chaining_bootstrap_L3.xml
    │   └── Service_Chaining_template_L3.yaml
    └── Service-Chaining-vw
    │   ├── init-cfg.txt
    │   ├── Service_Chaining_env_vw.yaml
    │   ├── README_vw.rtf
    │   ├── Service_Chaining_bootstrap_vw.xml
    │   └── Service_Chaining_template_vw.yaml
└── README.md


/basic-gateway/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | 


--------------------------------------------------------------------------------
/Service-Scaling/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | 


--------------------------------------------------------------------------------
/redhat-queens/basic-gateway/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-L3/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-vw/init-cfg.txt:
--------------------------------------------------------------------------------
1 | type=dhcp-client
2 | ip-address=
3 | default-gateway=
4 | netmask=
5 | 


--------------------------------------------------------------------------------
/basic-gateway/OpenStack-Heat-Template-RN.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PaloAltoNetworks/openstack-templates/HEAD/basic-gateway/OpenStack-Heat-Template-RN.pdf


--------------------------------------------------------------------------------
/Service-Scaling/OpenStack-Heat-Template-RN.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/PaloAltoNetworks/openstack-templates/HEAD/Service-Scaling/OpenStack-Heat-Template-RN.pdf


--------------------------------------------------------------------------------
/basic-gateway/pan_basic_gw_env.yaml:
--------------------------------------------------------------------------------
 1 | parameters:
 2 |   mgmt_network: mgmt_ext_net
 3 |   public_network: public_net
 4 |   pan_image: pa-vm-7.1.4
 5 |   pan_flavor: m1.medium
 6 |   server_image: Ubuntu-14.04
 7 |   server_flavor: m1.small
 8 |   server_key: server_key
 9 | 
10 | 


--------------------------------------------------------------------------------
/redhat-queens/basic-gateway/pan_basic_gw_env.yaml:
--------------------------------------------------------------------------------
 1 | parameters:
 2 |   public_network: public_network
 3 |   pan_image: pa-vm-8.0.0
 4 |   pan_flavor: m1.large
 5 |   server_image: Ubuntu-14.04
 6 |   server_flavor: m1.small
 7 |   server_key: server_key
 8 |   mgmt_network: mgmt_network
 9 |   mgmt_subnet: mgmt_subnet
10 |   router: router
11 | 
12 | 


--------------------------------------------------------------------------------
/basic-gateway/README:
--------------------------------------------------------------------------------
 1 | Files:
 2 | 
 3 | init-cfg.ext
 4 | bootstrap.xml
 5 | --------------------
 6 | PAN firewall bootstrap files to bootstrap PAN firewall when deployed through HEAT.
 7 | 
 8 | pan_basic_gw_env.yaml
 9 | --------
10 | Example HEAT template environment file.
11 | 
12 | pan_basic_gw.yaml
13 | --------
14 | Example HEAT template to deploy a PAN virtual firewall and Linux server instances.
15 | 
16 | This template expects following existing resources:
17 |   - PAN image
18 |   - Server image
19 |   - Server key
20 |   - Management network
21 |   - Public network 
22 | 
23 | This template creates following resources:
24 |   - Private network/subnets
25 |   - Security group 
26 |   - PAN virtual firewall instance
27 |   - Linux server instance
28 | 
29 | 
30 | 


--------------------------------------------------------------------------------
/redhat-queens/basic-gateway/README:
--------------------------------------------------------------------------------
 1 | Files:
 2 | 
 3 | init-cfg.ext
 4 | bootstrap.xml
 5 | --------------------
 6 | PAN firewall bootstrap files to bootstrap PAN firewall when deployed through HEAT.
 7 | 
 8 | pan_basic_gw_env.yaml
 9 | --------
10 | Example HEAT template environment file.
11 | 
12 | pan_basic_gw.yaml
13 | --------
14 | Example HEAT template to deploy a PAN virtual firewall and Linux server instances.
15 | 
16 | This template expects following existing resources:
17 |   - PAN image
18 |   - Server image
19 |   - Server key
20 |   - Management network
21 |   - Public network 
22 | 
23 | This template creates following resources:
24 |   - Private network/subnets
25 |   - Security group 
26 |   - PAN virtual firewall instance
27 |   - Linux server instance
28 | 
29 | 
30 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-vw/Service_Chaining_env_vw.yaml:
--------------------------------------------------------------------------------
 1 | parameters:
 2 | # VN config
 3 |   management_network: 'mgmt_nw'
 4 |   left_vn: 'left_nw'
 5 |   right_vn: 'right_nw'
 6 |   left_vn_fqdn: 'default-domain:admin:left_nw'
 7 |   right_vn_fqdn: 'default-domain:admin:right_nw'
 8 |   route_target: "target:64512:20000"
 9 | # VM config  
10 |   flavor: 'm1.small'
11 |   right_vm_image: 'TestVM'
12 |   left_vm_image: 'TestVM'
13 |   svm_name: 'PAN_SVM_vw'
14 |   left_vm_name: 'Left_VM_vw'
15 |   right_vm_name: 'Right_VM_vw'
16 |   port_tuple_name: 'port_tuple_vw'
17 | #ST Config 
18 |   S_Tmp_name: PAN_SVM_template_vw
19 |   S_Tmp_version: 2
20 |   S_Tmp_service_mode: 'transparent'
21 |   S_Tmp_service_type: 'firewall'
22 |   S_Tmp_image_name: 'PA-VM-8.0.0'
23 |   S_Tmp_flavor: 'm1.large'
24 |   S_Tmp_interface_type_mgmt: 'management'
25 |   S_Tmp_interface_type_left: 'left'
26 |   S_Tmp_interface_type_right: 'right'
27 |   domain: 'default-domain'
28 | # SI Config    
29 |   S_Ins_name: PAN_SVM_instance_vw
30 |   S_Ins_fq_name: 'default-domain:admin:PAN_SVM_instance_vw'
31 | #IPAM Config
32 |   NetIPam_ip_prefix_mgmt: '172.15.0.0'
33 |   NetIPam_ip_prefix_len_mgmt: 24
34 |   NetIPam_ip_prefix_left: '20.20.1.0'
35 |   NetIPam_ip_prefix_len_left: 24
36 |   NetIPam_ip_prefix_right: '20.20.2.0'
37 |   NetIPam_ip_prefix_len_right: 24
38 |   NetIPam_addr_from_start_true: true
39 | #Policy Config  
40 |   policy_name: 'PAN_SVM_policy-vw'
41 |   policy_fq_name: 'default-domain:admin:PAN_SVM_policy-vw'
42 |   simple_action: 'pass'
43 |   protocol: 'any'
44 |   src_port_end: -1
45 |   src_port_start: -1
46 |   direction: '<>'
47 |   dst_port_end: -1
48 |   dst_port_start: -1
49 | 
50 | 
51 | 
52 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-L3/Service_Chaining_env_L3.yaml:
--------------------------------------------------------------------------------
 1 | parameters:
 2 | # VN config
 3 |   management_network: 'mgmt_net'
 4 |   left_vn: 'left_net'
 5 |   right_vn: 'right_net'
 6 |   left_vn_fqdn: 'default-domain:admin:left_net'
 7 |   right_vn_fqdn: 'default-domain:admin:right_net'
 8 |   route_target: "target:64512:20000"
 9 | # VM config  
10 |   flavor: 'm1.small'
11 |   left_vm_image: 'TestVM'
12 |   right_vm_image: 'TestVM' 
13 |   svm_name: 'PAN_SVM_L3'
14 |   left_vm_name: 'Left_VM_L3'
15 |   right_vm_name: 'Right_VM_L3'
16 |   port_tuple_name: 'port_tuple_L3'
17 | #ST Config 
18 |   S_Tmp_name: PAN_SVM_template_L3
19 |   S_Tmp_version: 2
20 |   S_Tmp_service_mode: 'in-network'
21 |   S_Tmp_service_type: 'firewall'
22 |   S_Tmp_image_name: 'PAN-8.0-dev'
23 |   S_Tmp_flavor: 'm1.large'
24 |   S_Tmp_interface_type_mgmt: 'management'
25 |   S_Tmp_interface_type_left: 'left'
26 |   S_Tmp_interface_type_right: 'right'
27 |   domain: 'default-domain'
28 | # SI Config    
29 |   S_Ins_name: PAN_SVM_Instance_L3
30 |   S_Ins_fq_name: 'default-domain:admin:PAN_SVM_Instance_L3'
31 | #IPAM Config
32 |   NetIPam_ip_prefix_mgmt: '172.2.0.0'
33 |   NetIPam_ip_prefix_len_mgmt: 24
34 |   NetIPam_ip_prefix_left: '10.10.1.0'
35 |   NetIPam_ip_prefix_len_left: 24
36 |   NetIPam_ip_prefix_right: '10.10.2.0'
37 |   NetIPam_ip_prefix_len_right: 24
38 |   NetIPam_addr_from_start_true: true
39 | #Policy Config  
40 |   policy_name: 'PAN_SVM_policy-L3'
41 |   policy_fq_name: 'default-domain:admin:PAN_SVM_policy-L3'
42 |   simple_action: 'pass'
43 |   protocol: 'any'
44 |   src_port_end: -1
45 |   src_port_start: -1
46 |   direction: '<>'
47 |   dst_port_end: -1
48 |   dst_port_start: -1
49 | 
50 | 
51 | 
52 | 
53 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # VM-Series Firewalls on OpenStack
 2 | The VM-Series firewall for OpenStack allows you to deploy the VM-Series firewall in your OpenStack environment to provide secure application delivery along with network security, performance and visibility. This solution deploys the VM-Series firewall on a KVM/Ubuntu hypervisor in a Mirantis OpenStack environment that uses Contrail for virtualized networking functions.  
 3 | 
 4 | **Requirements**
 5 | * Hypervisor: KVM on Ubuntu 14.04
 6 | * OpenStack Distro: Mirantis 8.0 (Liberty)
 7 | * Networking: Contrail 3.2
 8 | 
 9 | **Support Policy**
10 | ***Supported***
11 | This project is released under the official support policy of Palo Alto Networks through the support options that you've purchased, for example Premium Support, support teams, or ASC (Authorized Support Centers) partners and Premium Partner Support options. The support scope is restricted to troubleshooting for the stated/intended use cases and product versions specified in the project documentation and does not cover customization of the scripts or templates. 
12 | Only projects explicitly tagged with "Supported" information are officially supported. Unless explicitly tagged, all projects or work posted in our [GitHub repository](https://github.com/PaloAltoNetworks) or sites other than our official [Downloads page](https://support.paloaltonetworks.com/) are provided under the best effort policy.
13 | 
14 | **Documentation**
15 | * Release Notes: Included in this repository.
16 |     * Technical Documentation: [7.1 VM-Series Deployment Guide](https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/set-up-the-vm-series-firewall-on-openstack)
17 |     * Technical Documentation: [8.0 VM-Series Deployment Guide](https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/set-up-the-vm-series-firewall-on-openstack)
18 | 


--------------------------------------------------------------------------------
/Service-Scaling/Service_Scaling_env.yaml:
--------------------------------------------------------------------------------
 1 | parameters:
 2 |  # VN config
 3 |   management_network: 'management_vnet'
 4 |   left_network: 'left_vnet'
 5 |   right_network: 'right_vnet'
 6 |   left_vn_fqdn: 'default-domain:admin:left_vnet'
 7 |   right_vn_fqdn: 'default-domain:admin:right_vnet'
 8 |   route_target: "target:64512:20000"  
 9 |  # VM config  
10 |   flavor: 'm1.small'
11 |   left_vm_image: 'Ubuntu' 
12 |   right_vm_image: 'Ubuntu'  
13 |   svm_name: 'PAN_SVM'
14 |   left_vm_name: 'Left_VM'
15 |   right_vm_name: 'Right_VM'
16 |   server_key: server_key  
17 |  #ST Config
18 |   S_Tmp_name: PAN_SVM_template
19 |   S_Tmp_version: 2
20 |   S_Tmp_service_mode: 'in-network'
21 |   S_Tmp_service_type: 'firewall'
22 |   S_Tmp_image_name: 'PA-VM-8.0.0'
23 |   S_Tmp_flavor: 'm1.large'
24 |   S_Tmp_service_scaling: True
25 |   S_Tmp_interface_type_mgmt: 'management'
26 |   S_Tmp_interface_type_left: 'left'
27 |   S_Tmp_interface_type_right: 'right'
28 |   domain: 'default-domain'
29 |  #SI Config
30 |   S_Ins_name: PAN_SVM_Instance
31 |   S_Ins_fq_name: 'default-domain:admin:PAN_SVM_Instance'  
32 | #IPAM Config
33 |   NetIPam_ip_prefix_mgmt: '172.2.0.0'
34 |   NetIPam_ip_prefix_len_mgmt: 24
35 |   NetIPam_ip_prefix_left: '20.20.20.0'
36 |   NetIPam_ip_prefix_len_left: 24
37 |   NetIPam_ip_prefix_right: '30.30.30.0'
38 |   NetIPam_ip_prefix_len_right: 24
39 |   NetIPam_addr_from_start_true: true
40 |   port_tuple_name: 'port_tuple'
41 | # Policy Config  
42 |   policy_name: 'PAN_SVM_policy'
43 |   policy_fq_name: 'default-domain:admin:PAN_SVM_policy'
44 |   simple_action: 'pass'
45 |   protocol: 'any'
46 |   src_port_end: -1
47 |   src_port_start: -1
48 |   direction: '<>'
49 |   dst_port_end: -1
50 |   dst_port_start: -1 
51 | #Alarm
52 | #  meter_name: 'network.incoming.bytes.rate'
53 |   meter_name: 'cpu_util'
54 |   cooldown_initial: 1200
55 |   cooldown_scaleup: 1200
56 |   cooldown_scaledown: 1200
57 |   period_high: 300
58 |   period_low: 300
59 |  # threshold_high: 2800
60 |   threshold_high: 40
61 |  # threshold_low: 12000
62 |   threshold_low:  20
63 | 


--------------------------------------------------------------------------------
/Service-Scaling/README.txt:
--------------------------------------------------------------------------------
 1 | READ ME
 2 | --------
 3 | 
 4 | The Service Scaling foler consists of:
 5 | 1. Heat Template (Service_Scaling_template.yaml)
 6 | 2. Environment file(Service_Scaling_env.yaml)
 7 | 3. Instance deployment template (service_instance.yaml)
 8 | 4. Initial-configuration file (nit-cfg.txt)
 9 | 5. bootstrap (Service_Scaling_bootstrap.xml)
10 | 
11 | ## There is an authcode file included in the template; which is optional
12 | 
13 | 
14 | 
15 | DIRECTIONS FOR USE:
16 | -------------------
17 | 
18 | 1.Copy and  upload the PAN image using the horizon UI or through glance :
19 | >$ glance image-create --name <NAME> --disk-format qcow2      --container-format bare      --file <IMAGE_FILE> 
20 | root@node-8:~# glance image-create --name PAN-8.0 --disk-format qcow2 --container-format bare --file PAN-8.0.qcow2
21 | 
22 | Step2: Confirm the image presence by doing : “glance image-list” on the contrail controller. The image uploaded should be listed in this output. 
23 | Also there should be a default image “TestVM” provided by openstack. [Ubuntu cloud image has been used to validate the traffic flow; details provided under "Validation"]
24 | 
25 | Step3: Copy files 4 and 5 [ 4.Initial-configuration file (init-cfg.txt) 5.bootstrap (Service_Scaling_bootstarp.xml)] onto controller node.
26 | Make folders in the hierarchy mentioned below and move the files here:
27 | 
28 | root@node-8:~/bootstrap/config# pwd
29 | /root/bootstrap/config
30 | root@node-8:~/bootstrap/config# ls -ltr
31 | total 36
32 | -rw-r--r-- 1 root root    55 Mar 13 17:57 init-cfg.txt
33 | -rwxr-xr-x 1 root root 13801 Apr  3 21:36 Service_Scaling_bootstarp.xml
34 | root@node-8:~/bootstrap/config#
35 | 
36 | #if authcode file is required; it can be put in the same folder as mentioned above.
37 | 
38 | Step4:Copy the first three files [1. Heat template (Service_Scaling_template.yaml) 2. Environment file (Service_Scaling_env.yaml) 3. Instance deployment template (service_instance.yaml)] 
39 | onto the contrail controller node.
40 | 
41 | Upon completion of all the above steps try the below command on controller:
42 | 
43 | 
44 | Syntax: heat stack-create -e <env_file_name> -f <template_file_name> <stack_name> 
45 | 
46 | root@node-10:~# heat stack-create -e Service_Scaling_template.yaml -f Service_Scaling_env.yaml  Scaling


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-L3/README_L3.rtf:
--------------------------------------------------------------------------------
 1 | {\rtf1\ansi\ansicpg1252\cocoartf1404\cocoasubrtf470
 2 | {\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fnil\fcharset0 Menlo-Regular;\f2\fnil\fcharset0 Menlo-Bold;
 3 | }
 4 | {\colortbl;\red255\green255\blue255;\red180\green36\blue25;}
 5 | \margl1440\margr1440\vieww27660\viewh15420\viewkind0
 6 | \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
 7 | 
 8 | \f0\fs24 \cf0 \
 9 | \
10 | \ul READ ME\ulnone \
11 | \
12 | The Service chaining L3 mode folder consists of : \
13 | 1. Heat template (Service_chaining_template_L3.yaml)\
14 | 2. Environment file (Service_Chaining_env_L3.yaml)\
15 | 3. Initial-configuration file (nit-cfg.txt)\
16 | 4. bootstrap (Service_Chaining_bootstrap_L3.xml)\
17 | \
18 | \
19 | ## There is an authcode file included in the template; which is optional . If not required please comment out the line in the template under resource pan_svm_instance.\
20 | \
21 | The template file (1) uses the parameters provided in the environment file to deploy a topology of 3 devices: \
22 | 1. PAN_SVM\
23 | 2. Left_VM\'a0\
24 | 3. Right_VM\
25 | \'a0 \
26 | The interfaces on the PAVM is mapped onto a service VM created using the \'93Port Tuple\'94. \
27 | \
28 | \
29 | \
30 | \ul DIRECTIONS FOR USE \ulnone \
31 | \
32 | \
33 | 1.Copy and  upload the PAN image using the horizon UI or through glance :\
34 | >$ glance image-create --name <NAME> --disk-format qcow2      --container-format bare      --file <IMAGE_FILE> \
35 | root@node-8:~# glance image-create --name PAN-8.0 --disk-format qcow2 --container-format bare --file PAN-8.0.qcow2\
36 | \
37 | Step2: Confirm the image presence by doing : \'93glance image-list\'94 on the contrail controller. The image uploaded should be listed in this output. Also there should be a default image \'93TestVM\'94 provided by openstack.\
38 | \
39 | Step3: Copy files 3 and 4 [ 3.iInitial-configuration file (init-cfg.txt) 4.bootstrap-l3 (Service_Chaining_bootstarp_L3.xml)] onto controller node.\
40 | Make folders in the hierarchy mentioned below and move the files here:\
41 | \
42 | root@node-8:~/bootstrap/config# pwd\
43 | /root/bootstrap/config\
44 | root@node-8:~/bootstrap/config# ls -ltr\
45 | total 36\
46 | -rw-r--r-- 1 root root    55 Mar 13 17:57 init-cfg.txt\
47 | -rwxr-xr-x 1 root root 13801 Apr  3 21:36 Service_Chaining_bootstarp_L3.xml\
48 | root@node-8:~/bootstrap/config#\
49 | \
50 | #if authcode file is required; it can be put in the same folder as mentioned above.\
51 | \
52 | \
53 | Step4:Copy the first two files [1. Heat template (Service_chaining_template_L3.yaml) 2. Environment file (Service_Chaining_env_L3.yaml)] onto the contrail controller node.\
54 | \
55 | Upon completion of all the above steps try the below command on controller:\
56 | \
57 | \
58 | Syntax: heat stack-create -e <env_file_name> -f <template_file_name> <stack_name> \
59 | Example:\'a0\
60 | \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0
61 | 
62 | \f1\fs22 \cf0 \CocoaLigature0 root@node-10:~#    \
63 | root@node-10:~# pwd\
64 | /root\
65 | root@node-10:~# ls -ltr | grep Service_Chaining_ | grep L3\
66 | -rw-r--r-- 1 root root      16849 Feb 15 23:56 Service_Chaining_template_
67 | \f2\b \cf2 L3
68 | \f1\b0 \cf0 .yaml\
69 | -rw-r--r-- 1 root root       1366 Feb 16 01:56 Service_Chaining_env_
70 | \f2\b \cf2 L3
71 | \f1\b0 \cf0 .yaml\
72 | \
73 | root@node-10:~# 
74 | \f0\fs24 \CocoaLigature1 heat stack-create -e Service_Chaining_env_L3.yaml -f Service_Chaining_template_L3.yaml  Service-Chaining-L3\
75 | \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
76 | \cf0 \
77 | \
78 | \
79 | \
80 | \
81 | \
82 | \
83 | \
84 | }


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-vw/README_vw.rtf:
--------------------------------------------------------------------------------
 1 | {\rtf1\ansi\ansicpg1252\cocoartf1404\cocoasubrtf470
 2 | {\fonttbl\f0\fswiss\fcharset0 Helvetica;\f1\fnil\fcharset0 Menlo-Regular;\f2\fnil\fcharset0 Menlo-Bold;
 3 | }
 4 | {\colortbl;\red255\green255\blue255;\red180\green36\blue25;}
 5 | \margl1440\margr1440\vieww16420\viewh15420\viewkind0
 6 | \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
 7 | 
 8 | \f0\fs24 \cf0 \
 9 | \
10 | \ul READ ME\ulnone \
11 | \
12 | The Service chaining vw mode folder consists of : \
13 | 1. Heat template (Service_chaining_template_vw.yaml)\
14 | 2. Environment file (Service_Chaining_env_vw.yaml)\
15 | 3. Initial-configuration file (nit-cfg.txt)\
16 | 4. bootstrap (Service_Chaining_bootstrap_vw.xml)\
17 | \
18 | \
19 | ## There is an authcode file included in the template; which is optional . If not required please comment out the line in the template under resource pan_svm_instance.\
20 | \
21 | The template file (1) uses the parameters provided in the environment file to deploy a topology of 3 devices: \
22 | 1. PAN_SVM\
23 | 2. Left_VM\'a0\
24 | 3. Right_VM\
25 | \'a0 \
26 | The interfaces on the PAVM is mapped onto a service VM created using the \'93Port Tuple\'94. \
27 | \
28 | \
29 | \
30 | \ul DIRECTIONS FOR USE \ulnone \
31 | \
32 | \
33 | \
34 | 1.Copy and  upload the PAN image using the horizon UI or through glance :\
35 | >$ glance image-create --name <NAME> --disk-format qcow2      --container-format bare      --file <IMAGE_FILE> \
36 | root@node-8:~# glance image-create --name PAN-8.0 --disk-format qcow2 --container-format bare --file PAN-8.0.qcow2\
37 | \
38 | Step2: Confirm the image presence by doing : \'93glance image-list\'94 on the contrail controller. The image uploaded should be listed in this output. Also there should be a default image \'93TestVM\'94 provided by openstack.\
39 | \
40 | Step3: Copy files 3 and 4 [ 3.iInitial-configuration file (init-cfg.txt) 4.bootstrap-vw (Service_Chaining_bootstarp_vw_xml)] onto controller node.\
41 | Make folders in the hierarchy mentioned below and move the files here:\
42 | \
43 | root@node-8:~/bootstrap/config# pwd\
44 | /root/bootstrap/config\
45 | root@node-8:~/bootstrap/config# ls -ltr\
46 | total 36\
47 | -rw-r--r-- 1 root root    55 Mar 13 17:57 init-cfg.txt\
48 | -rwxr-xr-x 1 root root 13801 Apr  3 21:36 Service_Chaining_bootstarp_vw_xml\
49 | root@node-8:~/bootstrap/config#\
50 | \
51 | \
52 | #if authcode file is required; it can be put in the same folder as mentioned above.\
53 | \
54 | Step4:Copy the first two files [1. Heat template (Service_chaining_template_vw.yaml) 2. Environment file (Service_Chaining_env_vw.yaml)] onto the contrail controller node.\
55 | \
56 | Upon completion of all the above steps try the below command on controller:\
57 | \
58 | \
59 | Syntax: heat stack-create -e <env_file_name> -f <template_file_name> <stack_name> \
60 | Example:\'a0\
61 | \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\pardirnatural\partightenfactor0
62 | 
63 | \f1\fs22 \cf0 \CocoaLigature0 root@node-10:~#    \
64 | root@node-10:~# pwd\
65 | /root\
66 | root@node-10:~# ls -ltr | grep Service_Chaining_ | grep vw\
67 | -rw-r--r-- 1 root root      16849 Feb 15 23:56 Service_Chaining_template_
68 | \f2\b \cf2 vw
69 | \f1\b0 \cf0 .yaml\
70 | -rw-r--r-- 1 root root       1366 Feb 16 01:56 Service_Chaining_env_
71 | \f2\b \cf2 vw
72 | \f1\b0 \cf0 .yaml\
73 | \
74 | root@node-10:~# 
75 | \f0\fs24 \CocoaLigature1 heat stack-create -e Service_Chaining_env_vw.yaml -f Service_Chaining_template_vw.yaml  Service-Chaining-vw\
76 | \pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
77 | \cf0 \
78 | \
79 | \
80 | \
81 | \
82 | \
83 | \
84 | \
85 | }


--------------------------------------------------------------------------------
/Service-Scaling/service_instance.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | description: >
  4 |   HOT template for service-Pan_Svm_instance scaling
  5 | parameters:
  6 |   virtual_network_M:
  7 |     type: string
  8 |     description: mgmt_virtual_network for the ServiceInstance
  9 |   virtual_network_M_fqdn:
 10 |     type: string
 11 |     description: mgmt_virtual_network for the ServiceInstance
 12 |   virtual_network_L:
 13 |     type: string
 14 |     description: left_virtual_network for the ServiceInstance
 15 |   virtual_network_L_fqdn:
 16 |     type: string
 17 |     description: mgmt_virtual_network for the ServiceInstance
 18 |   virtual_network_R:
 19 |     type: string
 20 |     description: right_virtual_network for the ServiceInstance
 21 |   virtual_network_R_fqdn:
 22 |     type: string
 23 |     description: mgmt_virtual_network for the ServiceInstance
 24 |   image:
 25 |     type: string
 26 |     description: Name of the image
 27 |   flavor:
 28 |     type: string
 29 |     description: Flavor
 30 |   service_instance_name:
 31 |     type: string
 32 |     label: Service Pan_Svm_instance fq name
 33 |     description: Service Pan_Svm_instance for port tuple
 34 |   service_interface_type_M:
 35 |     type: string
 36 |     description: service_interface_type for the ServiceTemplate
 37 |   service_interface_type_L:
 38 |     type: string
 39 |     description: service_interface_type for the ServiceTemplate
 40 |   service_interface_type_R:
 41 |     type: string
 42 |     description: service_interface_type for the ServiceTemplate
 43 |   port_tuple_name:
 44 |     type: string
 45 |     description: name of Port Tuple
 46 | 
 47 | resources:
 48 |   porttuple:
 49 |     type: OS::ContrailV2::PortTuple
 50 |     properties:
 51 |       name: { get_param: port_tuple_name }
 52 |       service_instance: { get_param: service_instance_name }
 53 | 
 54 |   VirtualMachineInterface_M:
 55 |     type: OS::ContrailV2::VirtualMachineInterface
 56 |     depends_on: [ porttuple ]
 57 |     properties:
 58 |       name: { get_param: virtual_network_M }
 59 |       virtual_machine_interface_properties:
 60 |         {
 61 |           virtual_machine_interface_properties_service_interface_type: { get_param: service_interface_type_M },
 62 |         }
 63 |       port_tuple_refs: [{ get_resource: porttuple }]
 64 |       virtual_network_refs: [{ get_param: virtual_network_M_fqdn }]
 65 | 
 66 |   VirtualMachineInterface_L:
 67 |     type: OS::ContrailV2::VirtualMachineInterface
 68 |     depends_on: [ porttuple ]
 69 |     properties:
 70 |       name: { get_param: virtual_network_L }
 71 |       virtual_machine_interface_properties:
 72 |         {
 73 |           virtual_machine_interface_properties_service_interface_type: { get_param: service_interface_type_L },
 74 |         }
 75 |       port_tuple_refs: [{ get_resource: porttuple }]
 76 |       virtual_network_refs: [{ get_param: virtual_network_L_fqdn }]
 77 | 
 78 |   VirtualMachineInterface_R:
 79 |     type: OS::ContrailV2::VirtualMachineInterface
 80 |     depends_on: [ porttuple ]
 81 |     properties:
 82 |       name: { get_param: virtual_network_R }
 83 |       virtual_machine_interface_properties:
 84 |         {
 85 |           virtual_machine_interface_properties_service_interface_type: { get_param: service_interface_type_R },
 86 |         }
 87 |       port_tuple_refs: [{ get_resource: porttuple }]
 88 |       virtual_network_refs: [{ get_param: virtual_network_R_fqdn }]
 89 | 
 90 |   mgmt_InstanceIp:
 91 |     type: OS::ContrailV2::InstanceIp
 92 |     depends_on: [ VirtualMachineInterface_M ]
 93 |     properties:
 94 |       name: { get_param: virtual_network_M }
 95 |       virtual_machine_interface_refs: [{ get_resource: VirtualMachineInterface_M }]
 96 |       virtual_network_refs: [{ get_param: virtual_network_M_fqdn }]
 97 | 
 98 |   left_InstanceIp:
 99 |     type: OS::ContrailV2::InstanceIp
100 |     depends_on: [ VirtualMachineInterface_L ]
101 |     properties:
102 |       name: { get_param: virtual_network_L }
103 |       virtual_machine_interface_refs: [{ get_resource: VirtualMachineInterface_L }]
104 |       virtual_network_refs: [{ get_param: virtual_network_L_fqdn }]
105 | 
106 |   right_InstanceIp:
107 |     type: OS::ContrailV2::InstanceIp
108 |     depends_on: [VirtualMachineInterface_R ]
109 |     properties:
110 |       name: { get_param: virtual_network_R }
111 |       virtual_machine_interface_refs: [{ get_resource: VirtualMachineInterface_R }]
112 |       virtual_network_refs: [{ get_param: virtual_network_R_fqdn }]
113 | 
114 |   Pan_Svm_instance:
115 |     type: OS::Nova::Server
116 |     depends_on: [ mgmt_InstanceIp, left_InstanceIp, right_InstanceIp ]
117 |     properties:
118 |       image: { get_param:  image }
119 |       flavor: { get_param: flavor }
120 |       networks:
121 |         - port: { get_resource: VirtualMachineInterface_M }
122 |         - port: { get_resource: VirtualMachineInterface_L }
123 |         - port: { get_resource: VirtualMachineInterface_R }
124 |       user_data_format: RAW
125 |       config_drive: true
126 |       personality:
127 |         /config/init-cfg.txt: {get_file: "/root/bootstrap/config/init-cfg.txt"}
128 | #        /config/init-cfg.txt: { get_file: "http://10.4.1.21/op_test/config/init-cfg.txt" }
129 |         /config/bootstrap.xml: {get_file: "/root/bootstrap/config/Service_Scaling_bootstrap.xml"}
130 | #        /config/bootstrap.xml: { get_file: "http://10.4.1.21/op_test/config/Service_Chaining_bootstrap_L3.xml" }
131 | #       /license/authcodes: {get_file: "/opt/pan/bootstrap/license/authcodes"}
132 | #        /license/authcodes: {get_file: "http://10.4.1.21/op_test/license/authcodes"}
133 |         
134 | 
135 | 
136 | 


--------------------------------------------------------------------------------
/basic-gateway/pan_basic_gw.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | description: Example template to deploy a PAN firewall and Linux server instances
  4 | 
  5 | parameters:
  6 |   pan_image:
  7 |     type: string
  8 |     label: PAN image name
  9 |     description: PAN virtual firewall image to be used for firewall instance
 10 |     default: pa-vm-7.1.4 
 11 | 
 12 |   server_image:
 13 |     type: string
 14 |     label: Server image name
 15 |     description: Server image to be used for server instance
 16 |     default: Ubuntu-14.04
 17 | 
 18 |   pan_flavor:
 19 |     type: string
 20 |     label: Flavor
 21 |     description: Type of instance (flavor) to be used for PAN firewall instance
 22 |     default: m1.medium
 23 | 
 24 |   server_flavor:
 25 |     type: string
 26 |     label: Flavor
 27 |     description: Type of instance (flavor) to be used for server instance
 28 |     default: m1.small
 29 | 
 30 |   server_key:
 31 |     type: string
 32 |     label: Key name
 33 |     description: Name of key-pair to be used for server instance
 34 | 
 35 |   mgmt_network:
 36 |     type: string
 37 |     label: Management network name
 38 |     description: Network to attach management interface of PAN firewall instance to.
 39 | 
 40 |   public_network:
 41 |     type: string
 42 |     label: Public network name
 43 |     description: Public network for which floating IP addresses will be allocated
 44 | 
 45 | resources:
 46 |   pan_trust_net:
 47 |         type: OS::Neutron::Net
 48 |         properties:
 49 |           name: pan-trust-net
 50 | 
 51 |   pan_trust_subnet:
 52 |         type: OS::Neutron::Subnet
 53 |         properties:
 54 |           network_id: { get_resource: pan_trust_net }
 55 |           cidr: 192.168.100.0/24
 56 |           gateway_ip: 192.168.100.1
 57 | 
 58 |   pan_untrust_net:
 59 |         type: OS::Neutron::Net
 60 |         properties:
 61 |           name: pan-untrust-net
 62 | 
 63 |   pan_untrust_subnet:
 64 |         type: OS::Neutron::Subnet
 65 |         properties:
 66 |           network_id: { get_resource: pan_untrust_net }
 67 |           cidr: 192.168.200.0/24
 68 |           gateway_ip: 192.168.200.1
 69 | 
 70 |   allow_ssh_https_icmp_secgroup:
 71 |     type: OS::Neutron::SecurityGroup
 72 |     properties:
 73 |       rules:
 74 |         - protocol: tcp
 75 |           remote_ip_prefix: 0.0.0.0/0
 76 |           port_range_min: 22
 77 |           port_range_max: 22
 78 |         - protocol: tcp
 79 |           remote_ip_prefix: 0.0.0.0/0
 80 |           port_range_min: 443
 81 |           port_range_max: 443
 82 |         - protocol: icmp
 83 |           remote_ip_prefix: 0.0.0.0/0
 84 | 
 85 |   pan_untrust_port:
 86 |     type: OS::Neutron::Port
 87 |     properties:
 88 |       network: { get_resource: pan_untrust_net }
 89 |       security_groups:
 90 |         - { get_resource: allow_ssh_https_icmp_secgroup }
 91 |       fixed_ips:
 92 |         - subnet: { get_resource: pan_untrust_subnet }
 93 |           ip_address: "192.168.200.10"
 94 | 
 95 |   pan_untrust_floating_ip:
 96 |     type: OS::Neutron::FloatingIP
 97 |     properties:
 98 |       floating_network: { get_param: public_network }
 99 | 
100 |   pan_untrust_floating_ip_assoc:
101 |     type: OS::Neutron::FloatingIPAssociation
102 |     properties:
103 |       floatingip_id: { get_resource: pan_untrust_floating_ip }
104 |       port_id: { get_resource: pan_untrust_port }
105 | 
106 |   pan_trust_port:
107 |     type: OS::Neutron::Port
108 |     properties:
109 |       network: { get_resource: pan_trust_net }
110 |       security_groups:
111 |         - { get_resource: allow_ssh_https_icmp_secgroup }
112 |       fixed_ips:
113 |         - subnet: { get_resource: pan_trust_subnet }
114 | 
115 |   server_trust_port:
116 |     type: OS::Neutron::Port
117 |     properties:
118 |       network: { get_resource: pan_trust_net }
119 |       security_groups:
120 |         - { get_resource: allow_ssh_https_icmp_secgroup }
121 |       fixed_ips:
122 |         - subnet: { get_resource: pan_trust_subnet }
123 |           ip_address: "192.168.100.10"
124 | 
125 |   pan_fw_instance:
126 |     type: OS::Nova::Server
127 |     properties:
128 |       image: { get_param: pan_image }
129 |       flavor: { get_param: pan_flavor }
130 |       networks:
131 |         - network: { get_param: mgmt_network }
132 |         - port: { get_resource: pan_untrust_port }
133 |         - port: { get_resource: pan_trust_port }
134 |       user_data_format: RAW
135 |       config_drive: true
136 |       personality:
137 | #        /config/init-cfg.txt: {get_file: "/opt/pan_bs/init-cfg.txt"}
138 |         /config/init-cfg.txt: { get_file: "http://web_server_name_ip/pan_bs/init-cfg.txt" }
139 | #        /config/bootstrap.xml: {get_file: "/opt/pan_bs/bootstrap.xml"}
140 |         /config/bootstrap.xml: { get_file: "http://web_server_name_ip/pan_bs/bootstrap.xml" }
141 | #        /license/authcodes: {get_file: "/opt/pan_bs/authcodes"}
142 |         /license/authcodes: {get_file: "http://web_server_name_ip/pan_bs/authcodes"}
143 | 
144 |   server_instance:
145 |     type: OS::Nova::Server
146 |     properties:
147 |       image: { get_param: server_image }
148 |       flavor: { get_param: server_flavor }
149 |       key_name: { get_param: server_key }
150 |       networks:
151 |         - port: { get_resource: server_trust_port }
152 | 
153 | outputs:
154 |   pan_fw_name:
155 |     description: Name of the PAN firewall
156 |     value: { get_attr: [pan_fw_instance, name] }
157 |   pan_fw_mgmt_ip:
158 |     description: Management IP address of the PAN firewall in mgmt network 
159 |     value: { get_attr: [pan_fw_instance, first_address] }
160 |   pan_fw_public_ip:
161 |     description: Floating IP address of PAN firewall in public network
162 |     value: { get_attr: [ pan_untrust_floating_ip, floating_ip_address ] }
163 |   server_name:
164 |     description: Name of the server
165 |     value: { get_attr: [server_instance, name] }
166 | 
167 | 


--------------------------------------------------------------------------------
/redhat-queens/basic-gateway/pan_basic_gw.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | description: Example template to deploy a PAN firewall and Linux server instances
  4 | 
  5 | parameters:
  6 |   pan_image:
  7 |     type: string
  8 |     label: PAN image name
  9 |     description: PAN virtual firewall image to be used for firewall instance
 10 |     default: pa-vm-7.1.4 
 11 | 
 12 |   server_image:
 13 |     type: string
 14 |     label: Server image name
 15 |     description: Server image to be used for server instance
 16 |     default: Ubuntu-14.04
 17 | 
 18 |   pan_flavor:
 19 |     type: string
 20 |     label: Flavor
 21 |     description: Type of instance (flavor) to be used for PAN firewall instance
 22 |     default: m1.medium
 23 | 
 24 |   server_flavor:
 25 |     type: string
 26 |     label: Flavor
 27 |     description: Type of instance (flavor) to be used for server instance
 28 |     default: m1.small
 29 | 
 30 |   server_key:
 31 |     type: string
 32 |     label: Key name
 33 |     description: Name of key-pair to be used for server instance
 34 | 
 35 |   public_network:
 36 |     type: string
 37 |     label: Public network name
 38 |     description: Public network for which floating IP addresses will be allocated
 39 | 
 40 |   mgmt_network:
 41 |     type: string
 42 |     label: Management network name
 43 |     description: Network to attach the PAN firewall management port to.
 44 | 
 45 |   mgmt_subnet:
 46 |     type: string
 47 |     label: Management network subnet name
 48 |     description: Subnet to attach the PAN firewall management port to.
 49 | 
 50 |   router:
 51 |     type: string
 52 |     label: Router name
 53 |     description: Router to provide external network access for PAN firewall untrust network
 54 | 
 55 | resources:
 56 |   pan_trust_net:
 57 |         type: OS::Neutron::Net
 58 |         properties:
 59 |           name: pan-trust-net
 60 | 
 61 |   pan_trust_subnet:
 62 |         type: OS::Neutron::Subnet
 63 |         properties:
 64 |           network_id: { get_resource: pan_trust_net }
 65 |           cidr: 192.168.100.0/24
 66 |           gateway_ip: 192.168.100.1
 67 | 
 68 |   pan_untrust_net:
 69 |         type: OS::Neutron::Net
 70 |         properties:
 71 |           name: pan-untrust-net
 72 | 
 73 |   pan_untrust_subnet:
 74 |         type: OS::Neutron::Subnet
 75 |         properties:
 76 |           network_id: { get_resource: pan_untrust_net }
 77 |           cidr: 192.168.200.0/24
 78 |           gateway_ip: 192.168.200.1
 79 | 
 80 |   allow_ssh_https_icmp_secgroup:
 81 |     type: OS::Neutron::SecurityGroup
 82 |     properties:
 83 |       rules:
 84 |         - protocol: tcp
 85 |           remote_ip_prefix: 0.0.0.0/0
 86 |           port_range_min: 22
 87 |           port_range_max: 22
 88 |         - protocol: tcp
 89 |           remote_ip_prefix: 0.0.0.0/0
 90 |           port_range_min: 443
 91 |           port_range_max: 443
 92 |         - protocol: icmp
 93 |           remote_ip_prefix: 0.0.0.0/0
 94 | 
 95 |   pan_untrust_port:
 96 |     type: OS::Neutron::Port
 97 |     properties:
 98 |       network: { get_resource: pan_untrust_net }
 99 |       security_groups:
100 |         - { get_resource: allow_ssh_https_icmp_secgroup }
101 |       fixed_ips:
102 |         - subnet: { get_resource: pan_untrust_subnet }
103 |           ip_address: "192.168.200.10"
104 | 
105 |   pan_untrust_floating_ip:
106 |     type: OS::Neutron::FloatingIP
107 |     properties:
108 |       floating_network: { get_param: public_network }
109 | 
110 |   pan_untrust_floating_ip_assoc:
111 |     type: OS::Neutron::FloatingIPAssociation
112 |     properties:
113 |       floatingip_id: { get_resource: pan_untrust_floating_ip }
114 |       port_id: { get_resource: pan_untrust_port }
115 | 
116 |   pan_trust_port:
117 |     type: OS::Neutron::Port
118 |     properties:
119 |       network: { get_resource: pan_trust_net }
120 |       security_groups:
121 |         - { get_resource: allow_ssh_https_icmp_secgroup }
122 |       fixed_ips:
123 |         - subnet: { get_resource: pan_trust_subnet }
124 | 
125 |   server_trust_port:
126 |     type: OS::Neutron::Port
127 |     properties:
128 |       network: { get_resource: pan_trust_net }
129 |       security_groups:
130 |         - { get_resource: allow_ssh_https_icmp_secgroup }
131 |       fixed_ips:
132 |         - subnet: { get_resource: pan_trust_subnet }
133 |           ip_address: "192.168.100.10"
134 | 
135 |   pan_router_untrust_interface:
136 |     type: OS::Neutron::RouterInterface
137 |     properties:
138 |       router_id: { get_param: router }
139 |       subnet_id: { get_resource: pan_untrust_subnet }
140 | 
141 |   mgmt_port:
142 |     type: OS::Neutron::Port
143 |     properties:
144 |       network: { get_param: mgmt_network }
145 |       security_groups:
146 |         - { get_resource: allow_ssh_https_icmp_secgroup }
147 |       fixed_ips:
148 |         - subnet: { get_param: mgmt_subnet }
149 | 
150 |   mgmt_floating_ip:
151 |     type: OS::Neutron::FloatingIP
152 |     properties:
153 |       floating_network: { get_param: public_network }
154 | 
155 |   mgmt_floating_ip_assoc:
156 |     type: OS::Neutron::FloatingIPAssociation
157 |     properties: 
158 |       floatingip_id: { get_resource: mgmt_floating_ip }
159 |       port_id: { get_resource: mgmt_port }
160 | 
161 |   pan_fw_instance:
162 |     type: OS::Nova::Server
163 |     properties:
164 |       image: { get_param: pan_image }
165 |       flavor: { get_param: pan_flavor }
166 |       networks:
167 |         - port: { get_resource: mgmt_port }
168 |         - port: { get_resource: pan_untrust_port }
169 |         - port: { get_resource: pan_trust_port }
170 |       user_data_format: RAW
171 |       config_drive: true
172 |       user_data:
173 |         get_file: http://webserver/images/bootstrap.tgz
174 | 
175 |   server_instance:
176 |     type: OS::Nova::Server
177 |     properties:
178 |       image: { get_param: server_image }
179 |       flavor: { get_param: server_flavor }
180 |       key_name: { get_param: server_key }
181 |       networks:
182 |         - port: { get_resource: server_trust_port }
183 | 
184 | outputs:
185 |   pan_fw_name:
186 |     description: Name of the PAN firewall
187 |     value: { get_attr: [pan_fw_instance, name] }
188 |   pan_fw_mgmt_ip:
189 |     description: Management IP address of the PAN firewall in mgmt network 
190 |     value: { get_attr: [pan_fw_instance, first_address] }
191 |   pan_fw_public_ip:
192 |     description: Floating IP address of PAN firewall in public network
193 |     value: { get_attr: [ pan_untrust_floating_ip, floating_ip_address ] }
194 |   server_name:
195 |     description: Name of the server
196 |     value: { get_attr: [server_instance, name] }
197 | 
198 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-vw/Service_Chaining_bootstrap_vw.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <config version="8.0.0" urldb="paloaltonetworks">
  3 |   <mgt-config>
  4 |     <users>
  5 |       <entry name="admin">
  6 |         <phash>fnRL/G5lXVMug</phash>
  7 |         <permissions>
  8 |           <role-based>
  9 |             <superuser>yes</superuser>
 10 |           </role-based>
 11 |         </permissions>
 12 |       </entry>
 13 |     </users>
 14 |   </mgt-config>
 15 |   <shared>
 16 |     <application/>
 17 |     <application-group/>
 18 |     <service/>
 19 |     <service-group/>
 20 |     <botnet>
 21 |       <configuration>
 22 |         <http>
 23 |           <dynamic-dns>
 24 |             <enabled>yes</enabled>
 25 |             <threshold>5</threshold>
 26 |           </dynamic-dns>
 27 |           <malware-sites>
 28 |             <enabled>yes</enabled>
 29 |             <threshold>5</threshold>
 30 |           </malware-sites>
 31 |           <recent-domains>
 32 |             <enabled>yes</enabled>
 33 |             <threshold>5</threshold>
 34 |           </recent-domains>
 35 |           <ip-domains>
 36 |             <enabled>yes</enabled>
 37 |             <threshold>10</threshold>
 38 |           </ip-domains>
 39 |           <executables-from-unknown-sites>
 40 |             <enabled>yes</enabled>
 41 |             <threshold>5</threshold>
 42 |           </executables-from-unknown-sites>
 43 |         </http>
 44 |         <other-applications>
 45 |           <irc>yes</irc>
 46 |         </other-applications>
 47 |         <unknown-applications>
 48 |           <unknown-tcp>
 49 |             <destinations-per-hour>10</destinations-per-hour>
 50 |             <sessions-per-hour>10</sessions-per-hour>
 51 |             <session-length>
 52 |               <maximum-bytes>100</maximum-bytes>
 53 |               <minimum-bytes>50</minimum-bytes>
 54 |             </session-length>
 55 |           </unknown-tcp>
 56 |           <unknown-udp>
 57 |             <destinations-per-hour>10</destinations-per-hour>
 58 |             <sessions-per-hour>10</sessions-per-hour>
 59 |             <session-length>
 60 |               <maximum-bytes>100</maximum-bytes>
 61 |               <minimum-bytes>50</minimum-bytes>
 62 |             </session-length>
 63 |           </unknown-udp>
 64 |         </unknown-applications>
 65 |       </configuration>
 66 |       <report>
 67 |         <topn>100</topn>
 68 |         <scheduled>yes</scheduled>
 69 |       </report>
 70 |     </botnet>
 71 |   </shared>
 72 |   <devices>
 73 |     <entry name="localhost.localdomain">
 74 |       <network>
 75 |         <interface>
 76 |           <ethernet>
 77 |             <entry name="ethernet1/1">
 78 |               <virtual-wire>
 79 |                 <lldp>
 80 |                   <enable>no</enable>
 81 |                 </lldp>
 82 |               </virtual-wire>
 83 |             </entry>
 84 |             <entry name="ethernet1/2">
 85 |               <virtual-wire>
 86 |                 <lldp>
 87 |                   <enable>no</enable>
 88 |                 </lldp>
 89 |               </virtual-wire>
 90 |             </entry>
 91 |             <entry name="ethernet1/3">
 92 |               <tap/>
 93 |             </entry>
 94 |             <entry name="ethernet1/4">
 95 |               <tap/>
 96 |             </entry>
 97 |           </ethernet>
 98 |         </interface>
 99 |         <profiles>
100 |           <monitor-profile>
101 |             <entry name="default">
102 |               <interval>3</interval>
103 |               <threshold>5</threshold>
104 |               <action>wait-recover</action>
105 |             </entry>
106 |           </monitor-profile>
107 |           <interface-management-profile>
108 |             <entry name="mgmt">
109 |               <https>yes</https>
110 |               <ssh>yes</ssh>
111 |               <ping>yes</ping>
112 |             </entry>
113 |           </interface-management-profile>
114 |         </profiles>
115 |         <ike>
116 |           <crypto-profiles>
117 |             <ike-crypto-profiles>
118 |               <entry name="default">
119 |                 <encryption>
120 |                   <member>aes-128-cbc</member>
121 |                   <member>3des</member>
122 |                 </encryption>
123 |                 <hash>
124 |                   <member>sha1</member>
125 |                 </hash>
126 |                 <dh-group>
127 |                   <member>group2</member>
128 |                 </dh-group>
129 |                 <lifetime>
130 |                   <hours>8</hours>
131 |                 </lifetime>
132 |               </entry>
133 |               <entry name="Suite-B-GCM-128">
134 |                 <encryption>
135 |                   <member>aes-128-cbc</member>
136 |                 </encryption>
137 |                 <hash>
138 |                   <member>sha256</member>
139 |                 </hash>
140 |                 <dh-group>
141 |                   <member>group19</member>
142 |                 </dh-group>
143 |                 <lifetime>
144 |                   <hours>8</hours>
145 |                 </lifetime>
146 |               </entry>
147 |               <entry name="Suite-B-GCM-256">
148 |                 <encryption>
149 |                   <member>aes-256-cbc</member>
150 |                 </encryption>
151 |                 <hash>
152 |                   <member>sha384</member>
153 |                 </hash>
154 |                 <dh-group>
155 |                   <member>group20</member>
156 |                 </dh-group>
157 |                 <lifetime>
158 |                   <hours>8</hours>
159 |                 </lifetime>
160 |               </entry>
161 |             </ike-crypto-profiles>
162 |             <ipsec-crypto-profiles>
163 |               <entry name="default">
164 |                 <esp>
165 |                   <encryption>
166 |                     <member>aes-128-cbc</member>
167 |                     <member>3des</member>
168 |                   </encryption>
169 |                   <authentication>
170 |                     <member>sha1</member>
171 |                   </authentication>
172 |                 </esp>
173 |                 <dh-group>group2</dh-group>
174 |                 <lifetime>
175 |                   <hours>1</hours>
176 |                 </lifetime>
177 |               </entry>
178 |               <entry name="Suite-B-GCM-128">
179 |                 <esp>
180 |                   <encryption>
181 |                     <member>aes-128-gcm</member>
182 |                   </encryption>
183 |                   <authentication>
184 |                     <member>none</member>
185 |                   </authentication>
186 |                 </esp>
187 |                 <dh-group>group19</dh-group>
188 |                 <lifetime>
189 |                   <hours>1</hours>
190 |                 </lifetime>
191 |               </entry>
192 |               <entry name="Suite-B-GCM-256">
193 |                 <esp>
194 |                   <encryption>
195 |                     <member>aes-256-gcm</member>
196 |                   </encryption>
197 |                   <authentication>
198 |                     <member>none</member>
199 |                   </authentication>
200 |                 </esp>
201 |                 <dh-group>group20</dh-group>
202 |                 <lifetime>
203 |                   <hours>1</hours>
204 |                 </lifetime>
205 |               </entry>
206 |             </ipsec-crypto-profiles>
207 |             <global-protect-app-crypto-profiles>
208 |               <entry name="default">
209 |                 <encryption>
210 |                   <member>aes-128-cbc</member>
211 |                 </encryption>
212 |                 <authentication>
213 |                   <member>sha1</member>
214 |                 </authentication>
215 |               </entry>
216 |             </global-protect-app-crypto-profiles>
217 |           </crypto-profiles>
218 |         </ike>
219 |         <qos>
220 |           <profile>
221 |             <entry name="default">
222 |               <class>
223 |                 <entry name="class1">
224 |                   <priority>real-time</priority>
225 |                 </entry>
226 |                 <entry name="class2">
227 |                   <priority>high</priority>
228 |                 </entry>
229 |                 <entry name="class3">
230 |                   <priority>high</priority>
231 |                 </entry>
232 |                 <entry name="class4">
233 |                   <priority>medium</priority>
234 |                 </entry>
235 |                 <entry name="class5">
236 |                   <priority>medium</priority>
237 |                 </entry>
238 |                 <entry name="class6">
239 |                   <priority>low</priority>
240 |                 </entry>
241 |                 <entry name="class7">
242 |                   <priority>low</priority>
243 |                 </entry>
244 |                 <entry name="class8">
245 |                   <priority>low</priority>
246 |                 </entry>
247 |               </class>
248 |             </entry>
249 |           </profile>
250 |         </qos>
251 |         <virtual-router>
252 |           <entry name="default">
253 |             <protocol>
254 |               <bgp>
255 |                 <enable>no</enable>
256 |                 <dampening-profile>
257 |                   <entry name="default">
258 |                     <cutoff>1.25</cutoff>
259 |                     <reuse>0.5</reuse>
260 |                     <max-hold-time>900</max-hold-time>
261 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
262 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
263 |                     <enable>yes</enable>
264 |                   </entry>
265 |                 </dampening-profile>
266 |               </bgp>
267 |             </protocol>
268 |             <interface/>
269 |           </entry>
270 |         </virtual-router>
271 |         <virtual-wire>
272 |           <entry name="virtualwire">
273 |             <interface1>ethernet1/1</interface1>
274 |             <interface2>ethernet1/2</interface2>
275 |             <tag-allowed>0-4094</tag-allowed>
276 |           </entry>
277 |         </virtual-wire>
278 |       </network>
279 |       <deviceconfig>
280 |         <system>
281 |           <ip-address>192.168.1.1</ip-address>
282 |           <netmask>255.255.255.0</netmask>
283 |           <update-server>updates.paloaltonetworks.com</update-server>
284 |           <update-schedule>
285 |             <threats>
286 |               <recurring>
287 |                 <weekly>
288 |                   <day-of-week>wednesday</day-of-week>
289 |                   <at>01:02</at>
290 |                   <action>download-only</action>
291 |                 </weekly>
292 |               </recurring>
293 |             </threats>
294 |           </update-schedule>
295 |           <timezone>US/Pacific</timezone>
296 |           <service>
297 |             <disable-telnet>yes</disable-telnet>
298 |             <disable-http>yes</disable-http>
299 |           </service>
300 |           <hostname>PA-VM</hostname>
301 |           <type>
302 |             <dhcp-client>
303 |               <send-hostname>yes</send-hostname>
304 |               <send-client-id>no</send-client-id>
305 |               <accept-dhcp-hostname>no</accept-dhcp-hostname>
306 |               <accept-dhcp-domain>no</accept-dhcp-domain>
307 |             </dhcp-client>
308 |           </type>
309 |         </system>
310 |         <setting>
311 |           <config>
312 |             <rematch>yes</rematch>
313 |           </config>
314 |           <management>
315 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
316 |             <initcfg>
317 |               <type>
318 |                 <dhcp-client>
319 |                   <send-hostname>yes</send-hostname>
320 |                   <send-client-id>no</send-client-id>
321 |                   <accept-dhcp-hostname>no</accept-dhcp-hostname>
322 |                   <accept-dhcp-domain>no</accept-dhcp-domain>
323 |                 </dhcp-client>
324 |               </type>
325 |             </initcfg>
326 |           </management>
327 |           <auto-mac-detect>yes</auto-mac-detect>
328 |         </setting>
329 |       </deviceconfig>
330 |       <vsys>
331 |         <entry name="vsys1">
332 |           <application/>
333 |           <application-group/>
334 |           <zone>
335 |             <entry name="trust">
336 |               <network>
337 |                 <virtual-wire>
338 |                   <member>ethernet1/1</member>
339 |                 </virtual-wire>
340 |               </network>
341 |             </entry>
342 |             <entry name="untrust">
343 |               <network>
344 |                 <virtual-wire>
345 |                   <member>ethernet1/2</member>
346 |                 </virtual-wire>
347 |               </network>
348 |             </entry>
349 |           </zone>
350 |           <service/>
351 |           <service-group/>
352 |           <schedule/>
353 |           <rulebase>
354 |             <security>
355 |               <rules>
356 |                 <entry name="allow">
357 |                   <to>
358 |                     <member>any</member>
359 |                   </to>
360 |                   <from>
361 |                     <member>any</member>
362 |                   </from>
363 |                   <source>
364 |                     <member>any</member>
365 |                   </source>
366 |                   <destination>
367 |                     <member>any</member>
368 |                   </destination>
369 |                   <source-user>
370 |                     <member>any</member>
371 |                   </source-user>
372 |                   <category>
373 |                     <member>any</member>
374 |                   </category>
375 |                   <application>
376 |                     <member>any</member>
377 |                   </application>
378 |                   <service>
379 |                     <member>application-default</member>
380 |                   </service>
381 |                   <hip-profiles>
382 |                     <member>any</member>
383 |                   </hip-profiles>
384 |                   <action>allow</action>
385 |                   <log-start>yes</log-start>
386 |                   <log-end>no</log-end>
387 |                 </entry>
388 |               </rules>
389 |             </security>
390 |           </rulebase>
391 |           <import>
392 |             <network>
393 |               <interface>
394 |                 <member>ethernet1/1</member>
395 |                 <member>ethernet1/2</member>
396 |                 <member>ethernet1/3</member>
397 |                 <member>ethernet1/4</member>
398 |               </interface>
399 |             </network>
400 |           </import>
401 |         </entry>
402 |       </vsys>
403 |     </entry>
404 |   </devices>
405 | </config>
406 | 


--------------------------------------------------------------------------------
/Service-Scaling/Service_Scaling_bootstrap.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <config version="8.0.0" urldb="paloaltonetworks">
  3 |   <mgt-config>
  4 |     <users>
  5 |       <entry name="admin">
  6 |         <phash>fnRL/G5lXVMug</phash>
  7 |         <permissions>
  8 |           <role-based>
  9 |             <superuser>yes</superuser>
 10 |           </role-based>
 11 |         </permissions>
 12 |       </entry>
 13 |     </users>
 14 |   </mgt-config>
 15 |   <shared>
 16 |     <application/>
 17 |     <application-group/>
 18 |     <service/>
 19 |     <service-group/>
 20 |     <botnet>
 21 |       <configuration>
 22 |         <http>
 23 |           <dynamic-dns>
 24 |             <enabled>yes</enabled>
 25 |             <threshold>5</threshold>
 26 |           </dynamic-dns>
 27 |           <malware-sites>
 28 |             <enabled>yes</enabled>
 29 |             <threshold>5</threshold>
 30 |           </malware-sites>
 31 |           <recent-domains>
 32 |             <enabled>yes</enabled>
 33 |             <threshold>5</threshold>
 34 |           </recent-domains>
 35 |           <ip-domains>
 36 |             <enabled>yes</enabled>
 37 |             <threshold>10</threshold>
 38 |           </ip-domains>
 39 |           <executables-from-unknown-sites>
 40 |             <enabled>yes</enabled>
 41 |             <threshold>5</threshold>
 42 |           </executables-from-unknown-sites>
 43 |         </http>
 44 |         <other-applications>
 45 |           <irc>yes</irc>
 46 |         </other-applications>
 47 |         <unknown-applications>
 48 |           <unknown-tcp>
 49 |             <destinations-per-hour>10</destinations-per-hour>
 50 |             <sessions-per-hour>10</sessions-per-hour>
 51 |             <session-length>
 52 |               <maximum-bytes>100</maximum-bytes>
 53 |               <minimum-bytes>50</minimum-bytes>
 54 |             </session-length>
 55 |           </unknown-tcp>
 56 |           <unknown-udp>
 57 |             <destinations-per-hour>10</destinations-per-hour>
 58 |             <sessions-per-hour>10</sessions-per-hour>
 59 |             <session-length>
 60 |               <maximum-bytes>100</maximum-bytes>
 61 |               <minimum-bytes>50</minimum-bytes>
 62 |             </session-length>
 63 |           </unknown-udp>
 64 |         </unknown-applications>
 65 |       </configuration>
 66 |       <report>
 67 |         <topn>100</topn>
 68 |         <scheduled>yes</scheduled>
 69 |       </report>
 70 |     </botnet>
 71 |   </shared>
 72 |   <devices>
 73 |     <entry name="localhost.localdomain">
 74 |       <network>
 75 |         <interface>
 76 |           <ethernet>
 77 |             <entry name="ethernet1/1">
 78 |               <layer3>
 79 |                 <ipv6>
 80 |                   <neighbor-discovery>
 81 |                     <router-advertisement>
 82 |                       <enable>no</enable>
 83 |                     </router-advertisement>
 84 |                   </neighbor-discovery>
 85 |                 </ipv6>
 86 |                 <ndp-proxy>
 87 |                   <enabled>no</enabled>
 88 |                 </ndp-proxy>
 89 |                 <lldp>
 90 |                   <enable>no</enable>
 91 |                 </lldp>
 92 |                 <dhcp-client/>
 93 |                 <interface-management-profile>mgmt</interface-management-profile>
 94 |               </layer3>
 95 |             </entry>
 96 |             <entry name="ethernet1/2">
 97 |               <layer3>
 98 |                 <ipv6>
 99 |                   <neighbor-discovery>
100 |                     <router-advertisement>
101 |                       <enable>no</enable>
102 |                     </router-advertisement>
103 |                   </neighbor-discovery>
104 |                 </ipv6>
105 |                 <ndp-proxy>
106 |                   <enabled>no</enabled>
107 |                 </ndp-proxy>
108 |                 <lldp>
109 |                   <enable>no</enable>
110 |                 </lldp>
111 |                 <dhcp-client/>
112 |                 <interface-management-profile>mgmt</interface-management-profile>
113 |               </layer3>
114 |             </entry>
115 |             <entry name="ethernet1/3">
116 |               <tap/>
117 |             </entry>
118 |             <entry name="ethernet1/4">
119 |               <tap/>
120 |             </entry>
121 |           </ethernet>
122 |         </interface>
123 |         <profiles>
124 |           <monitor-profile>
125 |             <entry name="default">
126 |               <interval>3</interval>
127 |               <threshold>5</threshold>
128 |               <action>wait-recover</action>
129 |             </entry>
130 |           </monitor-profile>
131 |           <interface-management-profile>
132 |             <entry name="mgmt">
133 |               <https>yes</https>
134 |               <ssh>yes</ssh>
135 |               <ping>yes</ping>
136 |             </entry>
137 |           </interface-management-profile>
138 |         </profiles>
139 |         <ike>
140 |           <crypto-profiles>
141 |             <ike-crypto-profiles>
142 |               <entry name="default">
143 |                 <encryption>
144 |                   <member>aes-128-cbc</member>
145 |                   <member>3des</member>
146 |                 </encryption>
147 |                 <hash>
148 |                   <member>sha1</member>
149 |                 </hash>
150 |                 <dh-group>
151 |                   <member>group2</member>
152 |                 </dh-group>
153 |                 <lifetime>
154 |                   <hours>8</hours>
155 |                 </lifetime>
156 |               </entry>
157 |               <entry name="Suite-B-GCM-128">
158 |                 <encryption>
159 |                   <member>aes-128-cbc</member>
160 |                 </encryption>
161 |                 <hash>
162 |                   <member>sha256</member>
163 |                 </hash>
164 |                 <dh-group>
165 |                   <member>group19</member>
166 |                 </dh-group>
167 |                 <lifetime>
168 |                   <hours>8</hours>
169 |                 </lifetime>
170 |               </entry>
171 |               <entry name="Suite-B-GCM-256">
172 |                 <encryption>
173 |                   <member>aes-256-cbc</member>
174 |                 </encryption>
175 |                 <hash>
176 |                   <member>sha384</member>
177 |                 </hash>
178 |                 <dh-group>
179 |                   <member>group20</member>
180 |                 </dh-group>
181 |                 <lifetime>
182 |                   <hours>8</hours>
183 |                 </lifetime>
184 |               </entry>
185 |             </ike-crypto-profiles>
186 |             <ipsec-crypto-profiles>
187 |               <entry name="default">
188 |                 <esp>
189 |                   <encryption>
190 |                     <member>aes-128-cbc</member>
191 |                     <member>3des</member>
192 |                   </encryption>
193 |                   <authentication>
194 |                     <member>sha1</member>
195 |                   </authentication>
196 |                 </esp>
197 |                 <dh-group>group2</dh-group>
198 |                 <lifetime>
199 |                   <hours>1</hours>
200 |                 </lifetime>
201 |               </entry>
202 |               <entry name="Suite-B-GCM-128">
203 |                 <esp>
204 |                   <encryption>
205 |                     <member>aes-128-gcm</member>
206 |                   </encryption>
207 |                   <authentication>
208 |                     <member>none</member>
209 |                   </authentication>
210 |                 </esp>
211 |                 <dh-group>group19</dh-group>
212 |                 <lifetime>
213 |                   <hours>1</hours>
214 |                 </lifetime>
215 |               </entry>
216 |               <entry name="Suite-B-GCM-256">
217 |                 <esp>
218 |                   <encryption>
219 |                     <member>aes-256-gcm</member>
220 |                   </encryption>
221 |                   <authentication>
222 |                     <member>none</member>
223 |                   </authentication>
224 |                 </esp>
225 |                 <dh-group>group20</dh-group>
226 |                 <lifetime>
227 |                   <hours>1</hours>
228 |                 </lifetime>
229 |               </entry>
230 |             </ipsec-crypto-profiles>
231 |             <global-protect-app-crypto-profiles>
232 |               <entry name="default">
233 |                 <encryption>
234 |                   <member>aes-128-cbc</member>
235 |                 </encryption>
236 |                 <authentication>
237 |                   <member>sha1</member>
238 |                 </authentication>
239 |               </entry>
240 |             </global-protect-app-crypto-profiles>
241 |           </crypto-profiles>
242 |         </ike>
243 |         <qos>
244 |           <profile>
245 |             <entry name="default">
246 |               <class>
247 |                 <entry name="class1">
248 |                   <priority>real-time</priority>
249 |                 </entry>
250 |                 <entry name="class2">
251 |                   <priority>high</priority>
252 |                 </entry>
253 |                 <entry name="class3">
254 |                   <priority>high</priority>
255 |                 </entry>
256 |                 <entry name="class4">
257 |                   <priority>medium</priority>
258 |                 </entry>
259 |                 <entry name="class5">
260 |                   <priority>medium</priority>
261 |                 </entry>
262 |                 <entry name="class6">
263 |                   <priority>low</priority>
264 |                 </entry>
265 |                 <entry name="class7">
266 |                   <priority>low</priority>
267 |                 </entry>
268 |                 <entry name="class8">
269 |                   <priority>low</priority>
270 |                 </entry>
271 |               </class>
272 |             </entry>
273 |           </profile>
274 |         </qos>
275 |         <virtual-router>
276 |           <entry name="default">
277 |             <protocol>
278 |               <bgp>
279 |                 <enable>no</enable>
280 |                 <dampening-profile>
281 |                   <entry name="default">
282 |                     <cutoff>1.25</cutoff>
283 |                     <reuse>0.5</reuse>
284 |                     <max-hold-time>900</max-hold-time>
285 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
286 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
287 |                     <enable>yes</enable>
288 |                   </entry>
289 |                 </dampening-profile>
290 |               </bgp>
291 |             </protocol>
292 |             <interface>
293 |               <member>ethernet1/1</member>
294 |               <member>ethernet1/2</member>
295 |             </interface>
296 |           </entry>
297 |         </virtual-router>
298 |         <virtual-wire/>
299 |       </network>
300 |       <deviceconfig>
301 |         <system>
302 |           <ip-address>192.168.1.1</ip-address>
303 |           <netmask>255.255.255.0</netmask>
304 |           <update-server>updates.paloaltonetworks.com</update-server>
305 |           <update-schedule>
306 |             <threats>
307 |               <recurring>
308 |                 <weekly>
309 |                   <day-of-week>wednesday</day-of-week>
310 |                   <at>01:02</at>
311 |                   <action>download-only</action>
312 |                 </weekly>
313 |               </recurring>
314 |             </threats>
315 |           </update-schedule>
316 |           <timezone>US/Pacific</timezone>
317 |           <service>
318 |             <disable-telnet>yes</disable-telnet>
319 |             <disable-http>yes</disable-http>
320 |           </service>
321 |           <hostname>PA-VM</hostname>
322 |           <type>
323 |             <dhcp-client>
324 |               <send-hostname>yes</send-hostname>
325 |               <send-client-id>no</send-client-id>
326 |               <accept-dhcp-hostname>no</accept-dhcp-hostname>
327 |               <accept-dhcp-domain>no</accept-dhcp-domain>
328 |             </dhcp-client>
329 |           </type>
330 |         </system>
331 |         <setting>
332 |           <config>
333 |             <rematch>yes</rematch>
334 |           </config>
335 |           <management>
336 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
337 |             <initcfg>
338 |               <type>
339 |                 <dhcp-client>
340 |                   <send-hostname>yes</send-hostname>
341 |                   <send-client-id>no</send-client-id>
342 |                   <accept-dhcp-hostname>no</accept-dhcp-hostname>
343 |                   <accept-dhcp-domain>no</accept-dhcp-domain>
344 |                 </dhcp-client>
345 |               </type>
346 |             </initcfg>
347 |           </management>
348 |           <auto-mac-detect>yes</auto-mac-detect>
349 |         </setting>
350 |       </deviceconfig>
351 |       <vsys>
352 |         <entry name="vsys1">
353 |           <application/>
354 |           <application-group/>
355 |           <zone>
356 |             <entry name="trust">
357 |               <network>
358 |                 <layer3>
359 |                   <member>ethernet1/1</member>
360 |                 </layer3>
361 |               </network>
362 |             </entry>
363 |             <entry name="untrust">
364 |               <network>
365 |                 <layer3>
366 |                   <member>ethernet1/2</member>
367 |                 </layer3>
368 |               </network>
369 |             </entry>
370 |             <entry name="vwire-trust">
371 |               <network>
372 |                 <virtual-wire/>
373 |               </network>
374 |             </entry>
375 |             <entry name="vwire-untrust">
376 |               <network>
377 |                 <virtual-wire/>
378 |               </network>
379 |             </entry>
380 |           </zone>
381 |           <service/>
382 |           <service-group/>
383 |           <schedule/>
384 |           <rulebase>
385 |             <security>
386 |               <rules>
387 |                 <entry name="allow_any">
388 |                   <to>
389 |                     <member>any</member>
390 |                   </to>
391 |                   <from>
392 |                     <member>any</member>
393 |                   </from>
394 |                   <source>
395 |                     <member>any</member>
396 |                   </source>
397 |                   <destination>
398 |                     <member>any</member>
399 |                   </destination>
400 |                   <source-user>
401 |                     <member>any</member>
402 |                   </source-user>
403 |                   <category>
404 |                     <member>any</member>
405 |                   </category>
406 |                   <application>
407 |                     <member>any</member>
408 |                   </application>
409 |                   <service>
410 |                     <member>application-default</member>
411 |                   </service>
412 |                   <hip-profiles>
413 |                     <member>any</member>
414 |                   </hip-profiles>
415 |                   <action>allow</action>
416 |                   <rule-type>universal</rule-type>
417 |                 </entry>
418 |               </rules>
419 |             </security>
420 |           </rulebase>
421 |           <import>
422 |             <network>
423 |               <interface>
424 |                 <member>ethernet1/1</member>
425 |                 <member>ethernet1/2</member>
426 |                 <member>ethernet1/3</member>
427 |                 <member>ethernet1/4</member>
428 |               </interface>
429 |             </network>
430 |           </import>
431 |         </entry>
432 |       </vsys>
433 |     </entry>
434 |   </devices>
435 | </config>
436 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-L3/Service_Chaining_bootstrap_L3.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <config version="8.0.0" urldb="paloaltonetworks">
  3 |   <mgt-config>
  4 |     <users>
  5 |       <entry name="admin">
  6 |         <phash>fnRL/G5lXVMug</phash>
  7 |         <permissions>
  8 |           <role-based>
  9 |             <superuser>yes</superuser>
 10 |           </role-based>
 11 |         </permissions>
 12 |       </entry>
 13 |     </users>
 14 |   </mgt-config>
 15 |   <shared>
 16 |     <application/>
 17 |     <application-group/>
 18 |     <service/>
 19 |     <service-group/>
 20 |     <botnet>
 21 |       <configuration>
 22 |         <http>
 23 |           <dynamic-dns>
 24 |             <enabled>yes</enabled>
 25 |             <threshold>5</threshold>
 26 |           </dynamic-dns>
 27 |           <malware-sites>
 28 |             <enabled>yes</enabled>
 29 |             <threshold>5</threshold>
 30 |           </malware-sites>
 31 |           <recent-domains>
 32 |             <enabled>yes</enabled>
 33 |             <threshold>5</threshold>
 34 |           </recent-domains>
 35 |           <ip-domains>
 36 |             <enabled>yes</enabled>
 37 |             <threshold>10</threshold>
 38 |           </ip-domains>
 39 |           <executables-from-unknown-sites>
 40 |             <enabled>yes</enabled>
 41 |             <threshold>5</threshold>
 42 |           </executables-from-unknown-sites>
 43 |         </http>
 44 |         <other-applications>
 45 |           <irc>yes</irc>
 46 |         </other-applications>
 47 |         <unknown-applications>
 48 |           <unknown-tcp>
 49 |             <destinations-per-hour>10</destinations-per-hour>
 50 |             <sessions-per-hour>10</sessions-per-hour>
 51 |             <session-length>
 52 |               <maximum-bytes>100</maximum-bytes>
 53 |               <minimum-bytes>50</minimum-bytes>
 54 |             </session-length>
 55 |           </unknown-tcp>
 56 |           <unknown-udp>
 57 |             <destinations-per-hour>10</destinations-per-hour>
 58 |             <sessions-per-hour>10</sessions-per-hour>
 59 |             <session-length>
 60 |               <maximum-bytes>100</maximum-bytes>
 61 |               <minimum-bytes>50</minimum-bytes>
 62 |             </session-length>
 63 |           </unknown-udp>
 64 |         </unknown-applications>
 65 |       </configuration>
 66 |       <report>
 67 |         <topn>100</topn>
 68 |         <scheduled>yes</scheduled>
 69 |       </report>
 70 |     </botnet>
 71 |   </shared>
 72 |   <devices>
 73 |     <entry name="localhost.localdomain">
 74 |       <network>
 75 |         <interface>
 76 |           <ethernet>
 77 |             <entry name="ethernet1/1">
 78 |               <layer3>
 79 |                 <ipv6>
 80 |                   <neighbor-discovery>
 81 |                     <router-advertisement>
 82 |                       <enable>no</enable>
 83 |                     </router-advertisement>
 84 |                   </neighbor-discovery>
 85 |                 </ipv6>
 86 |                 <ndp-proxy>
 87 |                   <enabled>no</enabled>
 88 |                 </ndp-proxy>
 89 |                 <lldp>
 90 |                   <enable>no</enable>
 91 |                 </lldp>
 92 |                 <dhcp-client/>
 93 |                 <interface-management-profile>mgmt</interface-management-profile>
 94 |               </layer3>
 95 |             </entry>
 96 |             <entry name="ethernet1/2">
 97 |               <layer3>
 98 |                 <ipv6>
 99 |                   <neighbor-discovery>
100 |                     <router-advertisement>
101 |                       <enable>no</enable>
102 |                     </router-advertisement>
103 |                   </neighbor-discovery>
104 |                 </ipv6>
105 |                 <ndp-proxy>
106 |                   <enabled>no</enabled>
107 |                 </ndp-proxy>
108 |                 <lldp>
109 |                   <enable>no</enable>
110 |                 </lldp>
111 |                 <dhcp-client/>
112 |                 <interface-management-profile>mgmt</interface-management-profile>
113 |               </layer3>
114 |             </entry>
115 |             <entry name="ethernet1/3">
116 |               <tap/>
117 |             </entry>
118 |             <entry name="ethernet1/4">
119 |               <tap/>
120 |             </entry>
121 |           </ethernet>
122 |         </interface>
123 |         <profiles>
124 |           <monitor-profile>
125 |             <entry name="default">
126 |               <interval>3</interval>
127 |               <threshold>5</threshold>
128 |               <action>wait-recover</action>
129 |             </entry>
130 |           </monitor-profile>
131 |           <interface-management-profile>
132 |             <entry name="mgmt">
133 |               <https>yes</https>
134 |               <ssh>yes</ssh>
135 |               <ping>yes</ping>
136 |             </entry>
137 |           </interface-management-profile>
138 |         </profiles>
139 |         <ike>
140 |           <crypto-profiles>
141 |             <ike-crypto-profiles>
142 |               <entry name="default">
143 |                 <encryption>
144 |                   <member>aes-128-cbc</member>
145 |                   <member>3des</member>
146 |                 </encryption>
147 |                 <hash>
148 |                   <member>sha1</member>
149 |                 </hash>
150 |                 <dh-group>
151 |                   <member>group2</member>
152 |                 </dh-group>
153 |                 <lifetime>
154 |                   <hours>8</hours>
155 |                 </lifetime>
156 |               </entry>
157 |               <entry name="Suite-B-GCM-128">
158 |                 <encryption>
159 |                   <member>aes-128-cbc</member>
160 |                 </encryption>
161 |                 <hash>
162 |                   <member>sha256</member>
163 |                 </hash>
164 |                 <dh-group>
165 |                   <member>group19</member>
166 |                 </dh-group>
167 |                 <lifetime>
168 |                   <hours>8</hours>
169 |                 </lifetime>
170 |               </entry>
171 |               <entry name="Suite-B-GCM-256">
172 |                 <encryption>
173 |                   <member>aes-256-cbc</member>
174 |                 </encryption>
175 |                 <hash>
176 |                   <member>sha384</member>
177 |                 </hash>
178 |                 <dh-group>
179 |                   <member>group20</member>
180 |                 </dh-group>
181 |                 <lifetime>
182 |                   <hours>8</hours>
183 |                 </lifetime>
184 |               </entry>
185 |             </ike-crypto-profiles>
186 |             <ipsec-crypto-profiles>
187 |               <entry name="default">
188 |                 <esp>
189 |                   <encryption>
190 |                     <member>aes-128-cbc</member>
191 |                     <member>3des</member>
192 |                   </encryption>
193 |                   <authentication>
194 |                     <member>sha1</member>
195 |                   </authentication>
196 |                 </esp>
197 |                 <dh-group>group2</dh-group>
198 |                 <lifetime>
199 |                   <hours>1</hours>
200 |                 </lifetime>
201 |               </entry>
202 |               <entry name="Suite-B-GCM-128">
203 |                 <esp>
204 |                   <encryption>
205 |                     <member>aes-128-gcm</member>
206 |                   </encryption>
207 |                   <authentication>
208 |                     <member>none</member>
209 |                   </authentication>
210 |                 </esp>
211 |                 <dh-group>group19</dh-group>
212 |                 <lifetime>
213 |                   <hours>1</hours>
214 |                 </lifetime>
215 |               </entry>
216 |               <entry name="Suite-B-GCM-256">
217 |                 <esp>
218 |                   <encryption>
219 |                     <member>aes-256-gcm</member>
220 |                   </encryption>
221 |                   <authentication>
222 |                     <member>none</member>
223 |                   </authentication>
224 |                 </esp>
225 |                 <dh-group>group20</dh-group>
226 |                 <lifetime>
227 |                   <hours>1</hours>
228 |                 </lifetime>
229 |               </entry>
230 |             </ipsec-crypto-profiles>
231 |             <global-protect-app-crypto-profiles>
232 |               <entry name="default">
233 |                 <encryption>
234 |                   <member>aes-128-cbc</member>
235 |                 </encryption>
236 |                 <authentication>
237 |                   <member>sha1</member>
238 |                 </authentication>
239 |               </entry>
240 |             </global-protect-app-crypto-profiles>
241 |           </crypto-profiles>
242 |         </ike>
243 |         <qos>
244 |           <profile>
245 |             <entry name="default">
246 |               <class>
247 |                 <entry name="class1">
248 |                   <priority>real-time</priority>
249 |                 </entry>
250 |                 <entry name="class2">
251 |                   <priority>high</priority>
252 |                 </entry>
253 |                 <entry name="class3">
254 |                   <priority>high</priority>
255 |                 </entry>
256 |                 <entry name="class4">
257 |                   <priority>medium</priority>
258 |                 </entry>
259 |                 <entry name="class5">
260 |                   <priority>medium</priority>
261 |                 </entry>
262 |                 <entry name="class6">
263 |                   <priority>low</priority>
264 |                 </entry>
265 |                 <entry name="class7">
266 |                   <priority>low</priority>
267 |                 </entry>
268 |                 <entry name="class8">
269 |                   <priority>low</priority>
270 |                 </entry>
271 |               </class>
272 |             </entry>
273 |           </profile>
274 |         </qos>
275 |         <virtual-router>
276 |           <entry name="default">
277 |             <protocol>
278 |               <bgp>
279 |                 <enable>no</enable>
280 |                 <dampening-profile>
281 |                   <entry name="default">
282 |                     <cutoff>1.25</cutoff>
283 |                     <reuse>0.5</reuse>
284 |                     <max-hold-time>900</max-hold-time>
285 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
286 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
287 |                     <enable>yes</enable>
288 |                   </entry>
289 |                 </dampening-profile>
290 |               </bgp>
291 |             </protocol>
292 |             <interface>
293 |               <member>ethernet1/1</member>
294 |               <member>ethernet1/2</member>
295 |             </interface>
296 |           </entry>
297 |         </virtual-router>
298 |         <virtual-wire/>
299 |       </network>
300 |       <deviceconfig>
301 |         <system>
302 |           <ip-address>192.168.1.1</ip-address>
303 |           <netmask>255.255.255.0</netmask>
304 |           <update-server>updates.paloaltonetworks.com</update-server>
305 |           <update-schedule>
306 |             <threats>
307 |               <recurring>
308 |                 <weekly>
309 |                   <day-of-week>wednesday</day-of-week>
310 |                   <at>01:02</at>
311 |                   <action>download-only</action>
312 |                 </weekly>
313 |               </recurring>
314 |             </threats>
315 |           </update-schedule>
316 |           <timezone>US/Pacific</timezone>
317 |           <service>
318 |             <disable-telnet>yes</disable-telnet>
319 |             <disable-http>yes</disable-http>
320 |           </service>
321 |           <hostname>PA-VM</hostname>
322 |           <type>
323 |             <dhcp-client>
324 |               <send-hostname>yes</send-hostname>
325 |               <send-client-id>no</send-client-id>
326 |               <accept-dhcp-hostname>no</accept-dhcp-hostname>
327 |               <accept-dhcp-domain>no</accept-dhcp-domain>
328 |             </dhcp-client>
329 |           </type>
330 |         </system>
331 |         <setting>
332 |           <config>
333 |             <rematch>yes</rematch>
334 |           </config>
335 |           <management>
336 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
337 |             <initcfg>
338 |               <type>
339 |                 <dhcp-client>
340 |                   <send-hostname>yes</send-hostname>
341 |                   <send-client-id>no</send-client-id>
342 |                   <accept-dhcp-hostname>no</accept-dhcp-hostname>
343 |                   <accept-dhcp-domain>no</accept-dhcp-domain>
344 |                 </dhcp-client>
345 |               </type>
346 |             </initcfg>
347 |           </management>
348 |           <auto-mac-detect>yes</auto-mac-detect>
349 |         </setting>
350 |       </deviceconfig>
351 |       <vsys>
352 |         <entry name="vsys1">
353 |           <application/>
354 |           <application-group/>
355 |           <zone>
356 |             <entry name="trust">
357 |               <network>
358 |                 <layer3>
359 |                   <member>ethernet1/1</member>
360 |                 </layer3>
361 |               </network>
362 |             </entry>
363 |             <entry name="untrust">
364 |               <network>
365 |                 <layer3>
366 |                   <member>ethernet1/2</member>
367 |                 </layer3>
368 |               </network>
369 |             </entry>
370 |             <entry name="vwire-trust">
371 |               <network>
372 |                 <virtual-wire/>
373 |               </network>
374 |             </entry>
375 |             <entry name="vwire-untrust">
376 |               <network>
377 |                 <virtual-wire/>
378 |               </network>
379 |             </entry>
380 |           </zone>
381 |           <service/>
382 |           <service-group/>
383 |           <schedule/>
384 |           <rulebase>
385 |             <security>
386 |               <rules>
387 |                 <entry name="allow_any">
388 |                   <to>
389 |                     <member>any</member>
390 |                   </to>
391 |                   <from>
392 |                     <member>any</member>
393 |                   </from>
394 |                   <source>
395 |                     <member>any</member>
396 |                   </source>
397 |                   <destination>
398 |                     <member>any</member>
399 |                   </destination>
400 |                   <source-user>
401 |                     <member>any</member>
402 |                   </source-user>
403 |                   <category>
404 |                     <member>any</member>
405 |                   </category>
406 |                   <application>
407 |                     <member>any</member>
408 |                   </application>
409 |                   <service>
410 |                     <member>application-default</member>
411 |                   </service>
412 |                   <hip-profiles>
413 |                     <member>any</member>
414 |                   </hip-profiles>
415 |                   <action>allow</action>
416 |                   <rule-type>universal</rule-type>
417 |                 </entry>
418 |               </rules>
419 |             </security>
420 |           </rulebase>
421 |           <import>
422 |             <network>
423 |               <interface>
424 |                 <member>ethernet1/1</member>
425 |                 <member>ethernet1/2</member>
426 |                 <member>ethernet1/3</member>
427 |                 <member>ethernet1/4</member>
428 |               </interface>
429 |             </network>
430 |           </import>
431 |         </entry>
432 |       </vsys>
433 |     </entry>
434 |   </devices>
435 | </config>
436 | 


--------------------------------------------------------------------------------
/basic-gateway/bootstrap.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <config version="7.1.0" urldb="paloaltonetworks">
  3 |   <mgt-config>
  4 |     <users>
  5 |       <entry name="admin">
  6 |         <phash>fnRL/G5lXVMug</phash>
  7 |         <permissions>
  8 |           <role-based>
  9 |             <superuser>yes</superuser>
 10 |           </role-based>
 11 |         </permissions>
 12 |       </entry>
 13 |     </users>
 14 |   </mgt-config>
 15 |   <shared>
 16 |     <application/>
 17 |     <application-group/>
 18 |     <service/>
 19 |     <service-group/>
 20 |     <botnet>
 21 |       <configuration>
 22 |         <http>
 23 |           <dynamic-dns>
 24 |             <enabled>yes</enabled>
 25 |             <threshold>5</threshold>
 26 |           </dynamic-dns>
 27 |           <malware-sites>
 28 |             <enabled>yes</enabled>
 29 |             <threshold>5</threshold>
 30 |           </malware-sites>
 31 |           <recent-domains>
 32 |             <enabled>yes</enabled>
 33 |             <threshold>5</threshold>
 34 |           </recent-domains>
 35 |           <ip-domains>
 36 |             <enabled>yes</enabled>
 37 |             <threshold>10</threshold>
 38 |           </ip-domains>
 39 |           <executables-from-unknown-sites>
 40 |             <enabled>yes</enabled>
 41 |             <threshold>5</threshold>
 42 |           </executables-from-unknown-sites>
 43 |         </http>
 44 |         <other-applications>
 45 |           <irc>yes</irc>
 46 |         </other-applications>
 47 |         <unknown-applications>
 48 |           <unknown-tcp>
 49 |             <destinations-per-hour>10</destinations-per-hour>
 50 |             <sessions-per-hour>10</sessions-per-hour>
 51 |             <session-length>
 52 |               <maximum-bytes>100</maximum-bytes>
 53 |               <minimum-bytes>50</minimum-bytes>
 54 |             </session-length>
 55 |           </unknown-tcp>
 56 |           <unknown-udp>
 57 |             <destinations-per-hour>10</destinations-per-hour>
 58 |             <sessions-per-hour>10</sessions-per-hour>
 59 |             <session-length>
 60 |               <maximum-bytes>100</maximum-bytes>
 61 |               <minimum-bytes>50</minimum-bytes>
 62 |             </session-length>
 63 |           </unknown-udp>
 64 |         </unknown-applications>
 65 |       </configuration>
 66 |       <report>
 67 |         <topn>100</topn>
 68 |         <scheduled>yes</scheduled>
 69 |       </report>
 70 |     </botnet>
 71 |   </shared>
 72 |   <devices>
 73 |     <entry name="localhost.localdomain">
 74 |       <network>
 75 |         <interface>
 76 |           <ethernet>
 77 |             <entry name="ethernet1/1">
 78 |               <layer3>
 79 |                 <ipv6>
 80 |                   <neighbor-discovery>
 81 |                     <router-advertisement>
 82 |                       <enable>no</enable>
 83 |                     </router-advertisement>
 84 |                   </neighbor-discovery>
 85 |                 </ipv6>
 86 |                 <ndp-proxy>
 87 |                   <enabled>no</enabled>
 88 |                 </ndp-proxy>
 89 |                 <interface-management-profile>allow-ping</interface-management-profile>
 90 |                 <lldp>
 91 |                   <enable>no</enable>
 92 |                 </lldp>
 93 |                 <dhcp-client>
 94 |                   <create-default-route>yes</create-default-route>
 95 |                 </dhcp-client>
 96 |               </layer3>
 97 |             </entry>
 98 |             <entry name="ethernet1/2">
 99 |               <layer3>
100 |                 <ipv6>
101 |                   <neighbor-discovery>
102 |                     <router-advertisement>
103 |                       <enable>no</enable>
104 |                     </router-advertisement>
105 |                   </neighbor-discovery>
106 |                 </ipv6>
107 |                 <ndp-proxy>
108 |                   <enabled>no</enabled>
109 |                 </ndp-proxy>
110 |                 <interface-management-profile>allow-ping</interface-management-profile>
111 |                 <lldp>
112 |                   <enable>no</enable>
113 |                 </lldp>
114 |                 <dhcp-client>
115 |                   <create-default-route>no</create-default-route>
116 |                 </dhcp-client>
117 |               </layer3>
118 |             </entry>
119 |           </ethernet>
120 |         </interface>
121 |         <profiles>
122 |           <monitor-profile>
123 |             <entry name="default">
124 |               <interval>3</interval>
125 |               <threshold>5</threshold>
126 |               <action>wait-recover</action>
127 |             </entry>
128 |           </monitor-profile>
129 |           <interface-management-profile>
130 |             <entry name="allow-ping">
131 |               <ping>yes</ping>
132 |             </entry>
133 |           </interface-management-profile>
134 |         </profiles>
135 |         <ike>
136 |           <crypto-profiles>
137 |             <ike-crypto-profiles>
138 |               <entry name="default">
139 |                 <encryption>
140 |                   <member>aes-128-cbc</member>
141 |                   <member>3des</member>
142 |                 </encryption>
143 |                 <hash>
144 |                   <member>sha1</member>
145 |                 </hash>
146 |                 <dh-group>
147 |                   <member>group2</member>
148 |                 </dh-group>
149 |                 <lifetime>
150 |                   <hours>8</hours>
151 |                 </lifetime>
152 |               </entry>
153 |               <entry name="Suite-B-GCM-128">
154 |                 <encryption>
155 |                   <member>aes-128-cbc</member>
156 |                 </encryption>
157 |                 <hash>
158 |                   <member>sha256</member>
159 |                 </hash>
160 |                 <dh-group>
161 |                   <member>group19</member>
162 |                 </dh-group>
163 |                 <lifetime>
164 |                   <hours>8</hours>
165 |                 </lifetime>
166 |               </entry>
167 |               <entry name="Suite-B-GCM-256">
168 |                 <encryption>
169 |                   <member>aes-256-cbc</member>
170 |                 </encryption>
171 |                 <hash>
172 |                   <member>sha384</member>
173 |                 </hash>
174 |                 <dh-group>
175 |                   <member>group20</member>
176 |                 </dh-group>
177 |                 <lifetime>
178 |                   <hours>8</hours>
179 |                 </lifetime>
180 |               </entry>
181 |             </ike-crypto-profiles>
182 |             <ipsec-crypto-profiles>
183 |               <entry name="default">
184 |                 <esp>
185 |                   <encryption>
186 |                     <member>aes-128-cbc</member>
187 |                     <member>3des</member>
188 |                   </encryption>
189 |                   <authentication>
190 |                     <member>sha1</member>
191 |                   </authentication>
192 |                 </esp>
193 |                 <dh-group>group2</dh-group>
194 |                 <lifetime>
195 |                   <hours>1</hours>
196 |                 </lifetime>
197 |               </entry>
198 |               <entry name="Suite-B-GCM-128">
199 |                 <esp>
200 |                   <encryption>
201 |                     <member>aes-128-gcm</member>
202 |                   </encryption>
203 |                   <authentication>
204 |                     <member>none</member>
205 |                   </authentication>
206 |                 </esp>
207 |                 <dh-group>group19</dh-group>
208 |                 <lifetime>
209 |                   <hours>1</hours>
210 |                 </lifetime>
211 |               </entry>
212 |               <entry name="Suite-B-GCM-256">
213 |                 <esp>
214 |                   <encryption>
215 |                     <member>aes-256-gcm</member>
216 |                   </encryption>
217 |                   <authentication>
218 |                     <member>none</member>
219 |                   </authentication>
220 |                 </esp>
221 |                 <dh-group>group20</dh-group>
222 |                 <lifetime>
223 |                   <hours>1</hours>
224 |                 </lifetime>
225 |               </entry>
226 |             </ipsec-crypto-profiles>
227 |             <global-protect-app-crypto-profiles>
228 |               <entry name="default">
229 |                 <encryption>
230 |                   <member>aes-128-cbc</member>
231 |                 </encryption>
232 |                 <authentication>
233 |                   <member>sha1</member>
234 |                 </authentication>
235 |               </entry>
236 |             </global-protect-app-crypto-profiles>
237 |           </crypto-profiles>
238 |         </ike>
239 |         <qos>
240 |           <profile>
241 |             <entry name="default">
242 |               <class>
243 |                 <entry name="class1">
244 |                   <priority>real-time</priority>
245 |                 </entry>
246 |                 <entry name="class2">
247 |                   <priority>high</priority>
248 |                 </entry>
249 |                 <entry name="class3">
250 |                   <priority>high</priority>
251 |                 </entry>
252 |                 <entry name="class4">
253 |                   <priority>medium</priority>
254 |                 </entry>
255 |                 <entry name="class5">
256 |                   <priority>medium</priority>
257 |                 </entry>
258 |                 <entry name="class6">
259 |                   <priority>low</priority>
260 |                 </entry>
261 |                 <entry name="class7">
262 |                   <priority>low</priority>
263 |                 </entry>
264 |                 <entry name="class8">
265 |                   <priority>low</priority>
266 |                 </entry>
267 |               </class>
268 |             </entry>
269 |           </profile>
270 |         </qos>
271 |         <virtual-router>
272 |           <entry name="default">
273 |             <protocol>
274 |               <bgp>
275 |                 <enable>no</enable>
276 |                 <dampening-profile>
277 |                   <entry name="default">
278 |                     <cutoff>1.25</cutoff>
279 |                     <reuse>0.5</reuse>
280 |                     <max-hold-time>900</max-hold-time>
281 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
282 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
283 |                     <enable>yes</enable>
284 |                   </entry>
285 |                 </dampening-profile>
286 |               </bgp>
287 |             </protocol>
288 |             <interface>
289 |               <member>ethernet1/1</member>
290 |               <member>ethernet1/2</member>
291 |             </interface>
292 |           </entry>
293 |         </virtual-router>
294 |       </network>
295 |       <deviceconfig>
296 |         <system>
297 |           <ip-address>192.168.1.1</ip-address>
298 |           <netmask>255.255.255.0</netmask>
299 |           <update-server>updates.paloaltonetworks.com</update-server>
300 |           <update-schedule>
301 |             <threats>
302 |               <recurring>
303 |                 <weekly>
304 |                   <day-of-week>wednesday</day-of-week>
305 |                   <at>01:02</at>
306 |                   <action>download-only</action>
307 |                 </weekly>
308 |               </recurring>
309 |             </threats>
310 |           </update-schedule>
311 |           <timezone>US/Pacific</timezone>
312 |           <service>
313 |             <disable-telnet>yes</disable-telnet>
314 |             <disable-http>yes</disable-http>
315 |           </service>
316 |           <hostname>PA-VM</hostname>
317 |           <type>
318 |             <dhcp-client>
319 |               <send-hostname>yes</send-hostname>
320 |               <send-client-id>no</send-client-id>
321 |               <accept-dhcp-hostname>no</accept-dhcp-hostname>
322 |               <accept-dhcp-domain>no</accept-dhcp-domain>
323 |             </dhcp-client>
324 |           </type>
325 |         </system>
326 |         <setting>
327 |           <config>
328 |             <rematch>yes</rematch>
329 |           </config>
330 |           <management>
331 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
332 |             <initcfg>
333 |               <type>
334 |                 <dhcp-client>
335 |                   <send-hostname>yes</send-hostname>
336 |                   <send-client-id>no</send-client-id>
337 |                   <accept-dhcp-hostname>no</accept-dhcp-hostname>
338 |                   <accept-dhcp-domain>no</accept-dhcp-domain>
339 |                 </dhcp-client>
340 |               </type>
341 |             </initcfg>
342 |           </management>
343 |           <auto-mac-detect>yes</auto-mac-detect>
344 |         </setting>
345 |       </deviceconfig>
346 |       <vsys>
347 |         <entry name="vsys1">
348 |           <application/>
349 |           <application-group/>
350 |           <zone>
351 |             <entry name="trust">
352 |               <network>
353 |                 <layer3>
354 |                   <member>ethernet1/2</member>
355 |                 </layer3>
356 |               </network>
357 |             </entry>
358 |             <entry name="untrust">
359 |               <network>
360 |                 <layer3>
361 |                   <member>ethernet1/1</member>
362 |                 </layer3>
363 |               </network>
364 |             </entry>
365 |           </zone>
366 |           <service/>
367 |           <service-group/>
368 |           <schedule/>
369 |           <rulebase>
370 |             <security>
371 |               <rules>
372 |                 <entry name="allow_all">
373 |                   <to>
374 |                     <member>any</member>
375 |                   </to>
376 |                   <from>
377 |                     <member>any</member>
378 |                   </from>
379 |                   <source>
380 |                     <member>any</member>
381 |                   </source>
382 |                   <destination>
383 |                     <member>any</member>
384 |                   </destination>
385 |                   <source-user>
386 |                     <member>any</member>
387 |                   </source-user>
388 |                   <category>
389 |                     <member>any</member>
390 |                   </category>
391 |                   <application>
392 |                     <member>any</member>
393 |                   </application>
394 |                   <service>
395 |                     <member>any</member>
396 |                   </service>
397 |                   <hip-profiles>
398 |                     <member>any</member>
399 |                   </hip-profiles>
400 |                   <action>allow</action>
401 |                   <rule-type>universal</rule-type>
402 |                 </entry>
403 |               </rules>
404 |             </security>
405 |             <nat>
406 |               <rules>
407 |                 <entry name="untrust2trust">
408 |                   <source-translation>
409 |                     <dynamic-ip-and-port>
410 |                       <interface-address>
411 |                         <interface>ethernet1/2</interface>
412 |                       </interface-address>
413 |                     </dynamic-ip-and-port>
414 |                   </source-translation>
415 |                   <to>
416 |                     <member>untrust</member>
417 |                   </to>
418 |                   <from>
419 |                     <member>any</member>
420 |                   </from>
421 |                   <source>
422 |                     <member>any</member>
423 |                   </source>
424 |                   <destination>
425 |                     <member>pa-vm-static-untrust</member>
426 |                   </destination>
427 |                   <service>any</service>
428 |                   <to-interface>ethernet1/1</to-interface>
429 |                   <destination-translation>
430 |                     <translated-address>server-static-trust</translated-address>
431 |                   </destination-translation>
432 |                 </entry>
433 |               </rules>
434 |             </nat>
435 |           </rulebase>
436 |           <import>
437 |             <network>
438 |               <interface>
439 |                 <member>ethernet1/1</member>
440 |                 <member>ethernet1/2</member>
441 |               </interface>
442 |             </network>
443 |           </import>
444 |           <address>
445 |             <entry name="server-static-trust">
446 |               <ip-netmask>192.168.100.10</ip-netmask>
447 |             </entry>
448 |             <entry name="pa-vm-static-untrust">
449 |               <ip-netmask>192.168.200.10</ip-netmask>
450 |             </entry>
451 |           </address>
452 |         </entry>
453 |       </vsys>
454 |     </entry>
455 |   </devices>
456 | </config>
457 | 


--------------------------------------------------------------------------------
/redhat-queens/basic-gateway/bootstrap.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0"?>
  2 | <config version="7.1.0" urldb="paloaltonetworks">
  3 |   <mgt-config>
  4 |     <users>
  5 |       <entry name="admin">
  6 |         <phash>fnRL/G5lXVMug</phash>
  7 |         <permissions>
  8 |           <role-based>
  9 |             <superuser>yes</superuser>
 10 |           </role-based>
 11 |         </permissions>
 12 |       </entry>
 13 |     </users>
 14 |   </mgt-config>
 15 |   <shared>
 16 |     <application/>
 17 |     <application-group/>
 18 |     <service/>
 19 |     <service-group/>
 20 |     <botnet>
 21 |       <configuration>
 22 |         <http>
 23 |           <dynamic-dns>
 24 |             <enabled>yes</enabled>
 25 |             <threshold>5</threshold>
 26 |           </dynamic-dns>
 27 |           <malware-sites>
 28 |             <enabled>yes</enabled>
 29 |             <threshold>5</threshold>
 30 |           </malware-sites>
 31 |           <recent-domains>
 32 |             <enabled>yes</enabled>
 33 |             <threshold>5</threshold>
 34 |           </recent-domains>
 35 |           <ip-domains>
 36 |             <enabled>yes</enabled>
 37 |             <threshold>10</threshold>
 38 |           </ip-domains>
 39 |           <executables-from-unknown-sites>
 40 |             <enabled>yes</enabled>
 41 |             <threshold>5</threshold>
 42 |           </executables-from-unknown-sites>
 43 |         </http>
 44 |         <other-applications>
 45 |           <irc>yes</irc>
 46 |         </other-applications>
 47 |         <unknown-applications>
 48 |           <unknown-tcp>
 49 |             <destinations-per-hour>10</destinations-per-hour>
 50 |             <sessions-per-hour>10</sessions-per-hour>
 51 |             <session-length>
 52 |               <maximum-bytes>100</maximum-bytes>
 53 |               <minimum-bytes>50</minimum-bytes>
 54 |             </session-length>
 55 |           </unknown-tcp>
 56 |           <unknown-udp>
 57 |             <destinations-per-hour>10</destinations-per-hour>
 58 |             <sessions-per-hour>10</sessions-per-hour>
 59 |             <session-length>
 60 |               <maximum-bytes>100</maximum-bytes>
 61 |               <minimum-bytes>50</minimum-bytes>
 62 |             </session-length>
 63 |           </unknown-udp>
 64 |         </unknown-applications>
 65 |       </configuration>
 66 |       <report>
 67 |         <topn>100</topn>
 68 |         <scheduled>yes</scheduled>
 69 |       </report>
 70 |     </botnet>
 71 |   </shared>
 72 |   <devices>
 73 |     <entry name="localhost.localdomain">
 74 |       <network>
 75 |         <interface>
 76 |           <ethernet>
 77 |             <entry name="ethernet1/1">
 78 |               <layer3>
 79 |                 <ipv6>
 80 |                   <neighbor-discovery>
 81 |                     <router-advertisement>
 82 |                       <enable>no</enable>
 83 |                     </router-advertisement>
 84 |                   </neighbor-discovery>
 85 |                 </ipv6>
 86 |                 <ndp-proxy>
 87 |                   <enabled>no</enabled>
 88 |                 </ndp-proxy>
 89 |                 <interface-management-profile>allow-ping</interface-management-profile>
 90 |                 <lldp>
 91 |                   <enable>no</enable>
 92 |                 </lldp>
 93 |                 <dhcp-client>
 94 |                   <create-default-route>yes</create-default-route>
 95 |                 </dhcp-client>
 96 |               </layer3>
 97 |             </entry>
 98 |             <entry name="ethernet1/2">
 99 |               <layer3>
100 |                 <ipv6>
101 |                   <neighbor-discovery>
102 |                     <router-advertisement>
103 |                       <enable>no</enable>
104 |                     </router-advertisement>
105 |                   </neighbor-discovery>
106 |                 </ipv6>
107 |                 <ndp-proxy>
108 |                   <enabled>no</enabled>
109 |                 </ndp-proxy>
110 |                 <interface-management-profile>allow-ping</interface-management-profile>
111 |                 <lldp>
112 |                   <enable>no</enable>
113 |                 </lldp>
114 |                 <dhcp-client>
115 |                   <create-default-route>no</create-default-route>
116 |                 </dhcp-client>
117 |               </layer3>
118 |             </entry>
119 |           </ethernet>
120 |         </interface>
121 |         <profiles>
122 |           <monitor-profile>
123 |             <entry name="default">
124 |               <interval>3</interval>
125 |               <threshold>5</threshold>
126 |               <action>wait-recover</action>
127 |             </entry>
128 |           </monitor-profile>
129 |           <interface-management-profile>
130 |             <entry name="allow-ping">
131 |               <ping>yes</ping>
132 |             </entry>
133 |           </interface-management-profile>
134 |         </profiles>
135 |         <ike>
136 |           <crypto-profiles>
137 |             <ike-crypto-profiles>
138 |               <entry name="default">
139 |                 <encryption>
140 |                   <member>aes-128-cbc</member>
141 |                   <member>3des</member>
142 |                 </encryption>
143 |                 <hash>
144 |                   <member>sha1</member>
145 |                 </hash>
146 |                 <dh-group>
147 |                   <member>group2</member>
148 |                 </dh-group>
149 |                 <lifetime>
150 |                   <hours>8</hours>
151 |                 </lifetime>
152 |               </entry>
153 |               <entry name="Suite-B-GCM-128">
154 |                 <encryption>
155 |                   <member>aes-128-cbc</member>
156 |                 </encryption>
157 |                 <hash>
158 |                   <member>sha256</member>
159 |                 </hash>
160 |                 <dh-group>
161 |                   <member>group19</member>
162 |                 </dh-group>
163 |                 <lifetime>
164 |                   <hours>8</hours>
165 |                 </lifetime>
166 |               </entry>
167 |               <entry name="Suite-B-GCM-256">
168 |                 <encryption>
169 |                   <member>aes-256-cbc</member>
170 |                 </encryption>
171 |                 <hash>
172 |                   <member>sha384</member>
173 |                 </hash>
174 |                 <dh-group>
175 |                   <member>group20</member>
176 |                 </dh-group>
177 |                 <lifetime>
178 |                   <hours>8</hours>
179 |                 </lifetime>
180 |               </entry>
181 |             </ike-crypto-profiles>
182 |             <ipsec-crypto-profiles>
183 |               <entry name="default">
184 |                 <esp>
185 |                   <encryption>
186 |                     <member>aes-128-cbc</member>
187 |                     <member>3des</member>
188 |                   </encryption>
189 |                   <authentication>
190 |                     <member>sha1</member>
191 |                   </authentication>
192 |                 </esp>
193 |                 <dh-group>group2</dh-group>
194 |                 <lifetime>
195 |                   <hours>1</hours>
196 |                 </lifetime>
197 |               </entry>
198 |               <entry name="Suite-B-GCM-128">
199 |                 <esp>
200 |                   <encryption>
201 |                     <member>aes-128-gcm</member>
202 |                   </encryption>
203 |                   <authentication>
204 |                     <member>none</member>
205 |                   </authentication>
206 |                 </esp>
207 |                 <dh-group>group19</dh-group>
208 |                 <lifetime>
209 |                   <hours>1</hours>
210 |                 </lifetime>
211 |               </entry>
212 |               <entry name="Suite-B-GCM-256">
213 |                 <esp>
214 |                   <encryption>
215 |                     <member>aes-256-gcm</member>
216 |                   </encryption>
217 |                   <authentication>
218 |                     <member>none</member>
219 |                   </authentication>
220 |                 </esp>
221 |                 <dh-group>group20</dh-group>
222 |                 <lifetime>
223 |                   <hours>1</hours>
224 |                 </lifetime>
225 |               </entry>
226 |             </ipsec-crypto-profiles>
227 |             <global-protect-app-crypto-profiles>
228 |               <entry name="default">
229 |                 <encryption>
230 |                   <member>aes-128-cbc</member>
231 |                 </encryption>
232 |                 <authentication>
233 |                   <member>sha1</member>
234 |                 </authentication>
235 |               </entry>
236 |             </global-protect-app-crypto-profiles>
237 |           </crypto-profiles>
238 |         </ike>
239 |         <qos>
240 |           <profile>
241 |             <entry name="default">
242 |               <class>
243 |                 <entry name="class1">
244 |                   <priority>real-time</priority>
245 |                 </entry>
246 |                 <entry name="class2">
247 |                   <priority>high</priority>
248 |                 </entry>
249 |                 <entry name="class3">
250 |                   <priority>high</priority>
251 |                 </entry>
252 |                 <entry name="class4">
253 |                   <priority>medium</priority>
254 |                 </entry>
255 |                 <entry name="class5">
256 |                   <priority>medium</priority>
257 |                 </entry>
258 |                 <entry name="class6">
259 |                   <priority>low</priority>
260 |                 </entry>
261 |                 <entry name="class7">
262 |                   <priority>low</priority>
263 |                 </entry>
264 |                 <entry name="class8">
265 |                   <priority>low</priority>
266 |                 </entry>
267 |               </class>
268 |             </entry>
269 |           </profile>
270 |         </qos>
271 |         <virtual-router>
272 |           <entry name="default">
273 |             <protocol>
274 |               <bgp>
275 |                 <enable>no</enable>
276 |                 <dampening-profile>
277 |                   <entry name="default">
278 |                     <cutoff>1.25</cutoff>
279 |                     <reuse>0.5</reuse>
280 |                     <max-hold-time>900</max-hold-time>
281 |                     <decay-half-life-reachable>300</decay-half-life-reachable>
282 |                     <decay-half-life-unreachable>900</decay-half-life-unreachable>
283 |                     <enable>yes</enable>
284 |                   </entry>
285 |                 </dampening-profile>
286 |               </bgp>
287 |             </protocol>
288 |             <interface>
289 |               <member>ethernet1/1</member>
290 |               <member>ethernet1/2</member>
291 |             </interface>
292 |           </entry>
293 |         </virtual-router>
294 |       </network>
295 |       <deviceconfig>
296 |         <system>
297 |           <ip-address>192.168.1.1</ip-address>
298 |           <netmask>255.255.255.0</netmask>
299 |           <update-server>updates.paloaltonetworks.com</update-server>
300 |           <update-schedule>
301 |             <threats>
302 |               <recurring>
303 |                 <weekly>
304 |                   <day-of-week>wednesday</day-of-week>
305 |                   <at>01:02</at>
306 |                   <action>download-only</action>
307 |                 </weekly>
308 |               </recurring>
309 |             </threats>
310 |           </update-schedule>
311 |           <timezone>US/Pacific</timezone>
312 |           <service>
313 |             <disable-telnet>yes</disable-telnet>
314 |             <disable-http>yes</disable-http>
315 |           </service>
316 |           <hostname>PA-VM</hostname>
317 |           <type>
318 |             <dhcp-client>
319 |               <send-hostname>yes</send-hostname>
320 |               <send-client-id>no</send-client-id>
321 |               <accept-dhcp-hostname>no</accept-dhcp-hostname>
322 |               <accept-dhcp-domain>no</accept-dhcp-domain>
323 |             </dhcp-client>
324 |           </type>
325 |         </system>
326 |         <setting>
327 |           <config>
328 |             <rematch>yes</rematch>
329 |           </config>
330 |           <management>
331 |             <hostname-type-in-syslog>FQDN</hostname-type-in-syslog>
332 |             <initcfg>
333 |               <type>
334 |                 <dhcp-client>
335 |                   <send-hostname>yes</send-hostname>
336 |                   <send-client-id>no</send-client-id>
337 |                   <accept-dhcp-hostname>no</accept-dhcp-hostname>
338 |                   <accept-dhcp-domain>no</accept-dhcp-domain>
339 |                 </dhcp-client>
340 |               </type>
341 |             </initcfg>
342 |           </management>
343 |           <auto-mac-detect>yes</auto-mac-detect>
344 |         </setting>
345 |       </deviceconfig>
346 |       <vsys>
347 |         <entry name="vsys1">
348 |           <application/>
349 |           <application-group/>
350 |           <zone>
351 |             <entry name="trust">
352 |               <network>
353 |                 <layer3>
354 |                   <member>ethernet1/2</member>
355 |                 </layer3>
356 |               </network>
357 |             </entry>
358 |             <entry name="untrust">
359 |               <network>
360 |                 <layer3>
361 |                   <member>ethernet1/1</member>
362 |                 </layer3>
363 |               </network>
364 |             </entry>
365 |           </zone>
366 |           <service/>
367 |           <service-group/>
368 |           <schedule/>
369 |           <rulebase>
370 |             <security>
371 |               <rules>
372 |                 <entry name="allow_all">
373 |                   <to>
374 |                     <member>any</member>
375 |                   </to>
376 |                   <from>
377 |                     <member>any</member>
378 |                   </from>
379 |                   <source>
380 |                     <member>any</member>
381 |                   </source>
382 |                   <destination>
383 |                     <member>any</member>
384 |                   </destination>
385 |                   <source-user>
386 |                     <member>any</member>
387 |                   </source-user>
388 |                   <category>
389 |                     <member>any</member>
390 |                   </category>
391 |                   <application>
392 |                     <member>any</member>
393 |                   </application>
394 |                   <service>
395 |                     <member>any</member>
396 |                   </service>
397 |                   <hip-profiles>
398 |                     <member>any</member>
399 |                   </hip-profiles>
400 |                   <action>allow</action>
401 |                   <rule-type>universal</rule-type>
402 |                 </entry>
403 |               </rules>
404 |             </security>
405 |             <nat>
406 |               <rules>
407 |                 <entry name="untrust2trust">
408 |                   <source-translation>
409 |                     <dynamic-ip-and-port>
410 |                       <interface-address>
411 |                         <interface>ethernet1/2</interface>
412 |                       </interface-address>
413 |                     </dynamic-ip-and-port>
414 |                   </source-translation>
415 |                   <to>
416 |                     <member>untrust</member>
417 |                   </to>
418 |                   <from>
419 |                     <member>any</member>
420 |                   </from>
421 |                   <source>
422 |                     <member>any</member>
423 |                   </source>
424 |                   <destination>
425 |                     <member>pa-vm-static-untrust</member>
426 |                   </destination>
427 |                   <service>any</service>
428 |                   <to-interface>ethernet1/1</to-interface>
429 |                   <destination-translation>
430 |                     <translated-address>server-static-trust</translated-address>
431 |                   </destination-translation>
432 |                 </entry>
433 |               </rules>
434 |             </nat>
435 |           </rulebase>
436 |           <import>
437 |             <network>
438 |               <interface>
439 |                 <member>ethernet1/1</member>
440 |                 <member>ethernet1/2</member>
441 |               </interface>
442 |             </network>
443 |           </import>
444 |           <address>
445 |             <entry name="server-static-trust">
446 |               <ip-netmask>192.168.100.10</ip-netmask>
447 |             </entry>
448 |             <entry name="pa-vm-static-untrust">
449 |               <ip-netmask>192.168.200.10</ip-netmask>
450 |             </entry>
451 |           </address>
452 |         </entry>
453 |       </vsys>
454 |     </entry>
455 |   </devices>
456 | </config>
457 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-vw/Service_Chaining_template_vw.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | parameters:
  4 |   management_network:
  5 |     type: string
  6 |     description: Name of management network to be created
  7 |   left_vn:
  8 |     type: string
  9 |     description: Name of left network to be created
 10 |   right_vn:
 11 |     type: string
 12 |     description: Name of right network to be created
 13 |   left_vn_fqdn:
 14 |     type: string
 15 |     description: FQ Name of the left network
 16 |   right_vn_fqdn:
 17 |     type: string
 18 |     description: FQ Name of the right network
 19 |   domain:
 20 |     type: string
 21 |     description: Name of the Domain
 22 |   S_Tmp_name:
 23 |     type: string
 24 |     label: Service template fq name
 25 |     description: Service template for port tuple
 26 |   S_Tmp_version:
 27 |     type: string
 28 |     description: Indicates service version
 29 |   S_Tmp_service_mode:
 30 |     type: string
 31 |     description: service mode
 32 |   S_Tmp_service_type:
 33 |     type: string
 34 |     description: service type
 35 |   S_Tmp_image_name:
 36 |     type: string
 37 |     description: Name of the image
 38 |   S_Tmp_flavor:
 39 |     type: string
 40 |     description: Flavor
 41 |   S_Tmp_interface_type_mgmt:
 42 |     type: string
 43 |     description: service_interface_type for the ServiceTemplate
 44 |   S_Tmp_interface_type_left:
 45 |     type: string
 46 |     description: service_interface_type for the ServiceTemplate
 47 |   S_Tmp_interface_type_right:
 48 |     type: string
 49 |     description: service_interface_type for the ServiceTemplate
 50 |   S_Ins_name:
 51 |     type: string
 52 |     label: Service instance name
 53 |     description: Service instance for port tuple
 54 |   S_Ins_fq_name:
 55 |     type: string
 56 |     label: Service instance fq name
 57 |     description: Service instance FQDN for port tuple
 58 |   NetIPam_ip_prefix_mgmt:
 59 |     type: string
 60 |     description: subnet prefix for mgmt network
 61 |   NetIPam_ip_prefix_len_mgmt:
 62 |     type: string
 63 |     description: subnet prefix len for mgmt network
 64 |   NetIPam_ip_prefix_left:
 65 |     type: string
 66 |     description: subnet prefix for left network
 67 |   NetIPam_ip_prefix_len_left:
 68 |     type: string
 69 |     description: subnet prefix len for left network
 70 |   NetIPam_ip_prefix_right:
 71 |     type: string
 72 |     description: subnet prefix for right network
 73 |   NetIPam_ip_prefix_len_right:
 74 |     type: string
 75 |     description: subnet prefix len for right network
 76 |   NetIPam_addr_from_start_true:
 77 |     type: boolean
 78 |     description: Address allocation from start of the pool
 79 |   svm_name: 
 80 |     type: string
 81 |     description: Name of the SVM
 82 |   flavor: 
 83 |     type: string
 84 |     description: Flavor of the end VMs
 85 |   left_vm_image:
 86 |     type: string
 87 |     description: Name of the left VM image
 88 |   right_vm_image:
 89 |     type: string
 90 |     description: Name of the right VM image
 91 |   left_vm_name:
 92 |     type: string
 93 |     description: Name of the left VM
 94 |   right_vm_name: 
 95 |     type: string
 96 |     description: Name of the right VM
 97 |   port_tuple_name:
 98 |     type: string
 99 |     description: Name of the port tuple
100 |   policy_name:
101 |     type: string
102 |     description: Name of the Policy
103 |   policy_fq_name:
104 |     type: string
105 |     description: FQDN of the Policy 
106 |   simple_action:
107 |     type: string
108 |     description: Pass or Deny
109 |   protocol:
110 |     type: string
111 |     description: Protocol
112 |   src_port_end:
113 |     type: number
114 |     description: End of the Source Port Range
115 |   src_port_start:
116 |     type: number
117 |     description: Start of the Source Port Range
118 |   direction:
119 |     type: string
120 |     description: Direction of the Policy
121 |   dst_port_end:
122 |     type: number
123 |     description: End of the Destination Port Range
124 |   dst_port_start:
125 |     type: number
126 |     description: Start of the Destination Port Range
127 |   route_target:
128 |     type: string
129 |     description: route targets associated with the virtual network
130 | 
131 | resources:
132 |   mgmt_NetworkIPam:
133 |     type: OS::ContrailV2::NetworkIpam
134 |     properties:
135 |      name: { get_param: management_network }
136 | 
137 |   left_NetworkIPam:
138 |     type: OS::ContrailV2::NetworkIpam
139 |     properties:
140 |       name: { get_param: left_vn }
141 | 
142 |   right_NetworkIPam:
143 |     type: OS::ContrailV2::NetworkIpam
144 |     properties:
145 |       name: { get_param: right_vn }
146 | 
147 |   mgmt_VirtualNetwork:
148 |     type: OS::ContrailV2::VirtualNetwork
149 |     depends_on: [ mgmt_NetworkIPam ]
150 |     properties:
151 |       name: { get_param: management_network }
152 |       route_target_list:
153 |         {
154 |           route_target_list_route_target: [{ get_param: route_target }],
155 |         }
156 |       network_ipam_refs: [{ get_resource: mgmt_NetworkIPam }]
157 |       network_ipam_refs_data:
158 |         [{
159 |           network_ipam_refs_data_ipam_subnets:
160 |             [{
161 |               network_ipam_refs_data_ipam_subnets_subnet:
162 |                 {
163 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_mgmt },
164 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_mgmt },
165 |                 },
166 |            network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
167 |             }]
168 |          }]
169 | 
170 |   left_VirtualNetwork:
171 |     type: OS::ContrailV2::VirtualNetwork
172 |     depends_on: [ left_NetworkIPam, NetworkPolicy ]
173 |     properties:
174 |       name: { get_param: left_vn }
175 |       network_ipam_refs: [{ get_resource: left_NetworkIPam }]
176 |       network_ipam_refs_data:
177 |         [{
178 |           network_ipam_refs_data_ipam_subnets:
179 |             [{
180 |               network_ipam_refs_data_ipam_subnets_subnet:
181 |                 {
182 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_left },
183 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_left },
184 |                 },
185 |                network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
186 |              }]
187 |          }]
188 |       network_policy_refs: [{ get_param: policy_fq_name }]
189 |       network_policy_refs_data:
190 |         [{
191 |           network_policy_refs_data_sequence:
192 |             {
193 |               network_policy_refs_data_sequence_major: 0,
194 |               network_policy_refs_data_sequence_minor: 0,
195 |             },
196 |         }]
197 |         
198 |   right_VirtualNetwork:
199 |     type: OS::ContrailV2::VirtualNetwork
200 |     depends_on: [ right_NetworkIPam, NetworkPolicy ]
201 |     properties:
202 |       name: { get_param: right_vn }
203 |       network_ipam_refs: [{ get_resource: right_NetworkIPam }]
204 |       network_ipam_refs_data:
205 |         [{
206 |           network_ipam_refs_data_ipam_subnets:
207 |             [{
208 |               network_ipam_refs_data_ipam_subnets_subnet:
209 |                 {
210 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_right },
211 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_right },
212 |                 },
213 |               network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
214 |             }]
215 |          }]
216 |       network_policy_refs: [{ get_param: policy_fq_name }]
217 |       network_policy_refs_data:
218 |         [{
219 |           network_policy_refs_data_sequence:
220 |             {
221 |               network_policy_refs_data_sequence_major: 0,
222 |               network_policy_refs_data_sequence_minor: 0,
223 |             },
224 |         }]
225 | 
226 |   ServiceTemplate:
227 |     type: OS::ContrailV2::ServiceTemplate
228 |     properties:
229 |       name: { get_param: S_Tmp_name }
230 |       service_template_properties:
231 |         {
232 |           service_template_properties_version: { get_param: S_Tmp_version },
233 |           service_template_properties_service_mode: { get_param: S_Tmp_service_mode },
234 |           service_template_properties_service_type: { get_param: S_Tmp_service_type },
235 |           service_template_properties_image_name: { get_param: S_Tmp_image_name },
236 | 
237 |           service_template_properties_interface_type:
238 |             [
239 |               {
240 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_mgmt },
241 |               },
242 |               {
243 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_left },
244 |               },
245 |               {
246 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_right },
247 |               }
248 |             ],
249 |           service_template_properties_flavor: { get_param: S_Tmp_flavor },
250 |           service_template_properties_service_virtualization_type: virtual-machine,
251 |           }
252 |       domain: { get_param: domain }
253 | 
254 |   ServiceInstance:
255 |     type: OS::ContrailV2::ServiceInstance
256 |     depends_on: [ ServiceTemplate ]
257 |     properties:
258 |       name: { get_param: S_Ins_name }
259 |       service_instance_properties:
260 |         {
261 |           service_instance_properties_interface_list:
262 |             [
263 |               {
264 |                 service_instance_properties_interface_list_virtual_network:
265 |                  {
266 |                    list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ]
267 |                  },
268 |               },
269 |               {
270 |               service_instance_properties_interface_list_virtual_network:
271 |                 {
272 |                    list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ]
273 |                 },
274 |               },
275 |               {
276 |               service_instance_properties_interface_list_virtual_network:
277 |                 {
278 |                    list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ]
279 |                 },
280 |               }
281 |             ],
282 |         }
283 |       service_template_refs: [{ get_resource: ServiceTemplate }]
284 | 
285 |   Pan_Svm_PortTuple:
286 |     type: OS::ContrailV2::PortTuple
287 |     depends_on: [ ServiceInstance ]
288 |     properties:
289 |       name: { get_param: port_tuple_name }
290 |       service_instance: { list_join: [':', { get_attr: [ ServiceInstance, fq_name ] } ] }
291 | 
292 |   mgmt_VirtualMachineInterface:
293 |     type: OS::ContrailV2::VirtualMachineInterface
294 |     depends_on: [ Pan_Svm_PortTuple ]
295 |     properties:
296 |       virtual_machine_interface_properties:
297 |         {
298 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_mgmt },
299 |         }
300 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
301 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ] }]
302 |   
303 |   left_VirtualMachineInterface:
304 |     type: OS::ContrailV2::VirtualMachineInterface
305 |     depends_on: [ Pan_Svm_PortTuple ]
306 |     properties:
307 |       virtual_machine_interface_properties:
308 |         {
309 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_left },
310 |         }
311 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
312 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
313 | 
314 |   right_VirtualMachineInterface:
315 |     type: OS::ContrailV2::VirtualMachineInterface
316 |     depends_on: [ Pan_Svm_PortTuple ]
317 |     properties:
318 |       virtual_machine_interface_properties:
319 |         {
320 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_right },
321 |         }
322 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
323 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
324 | 
325 |   mgmt_InstanceIp:
326 |     type: OS::ContrailV2::InstanceIp
327 |     depends_on: [ mgmt_VirtualMachineInterface, mgmt_VirtualNetwork ]
328 |     properties:
329 |       virtual_machine_interface_refs: [{ get_resource: mgmt_VirtualMachineInterface }]
330 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ] }]
331 | 
332 |   left_InstanceIp:
333 |     type: OS::ContrailV2::InstanceIp
334 |     depends_on: [ left_VirtualMachineInterface, left_VirtualNetwork ]
335 |     properties:
336 |       virtual_machine_interface_refs: [{ get_resource: left_VirtualMachineInterface }]
337 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
338 | 
339 |   right_InstanceIp:
340 |     type: OS::ContrailV2::InstanceIp
341 |     depends_on: [ right_VirtualMachineInterface, right_VirtualNetwork ]
342 |     properties:
343 |       virtual_machine_interface_refs: [{ get_resource: right_VirtualMachineInterface }]
344 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
345 | 
346 |   left_VM_InstanceIp:
347 |     type: OS::ContrailV2::InstanceIp
348 |     depends_on: [ left_VM_VirtualMachineInterface, left_VirtualNetwork ]
349 |     properties:
350 |       virtual_machine_interface_refs: [{ get_resource: left_VM_VirtualMachineInterface }]
351 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
352 | 
353 |   right_VM_InstanceIp:
354 |     type: OS::ContrailV2::InstanceIp
355 |     depends_on: [ right_VM_VirtualMachineInterface, right_VirtualNetwork ]
356 |     properties:
357 |       virtual_machine_interface_refs: [{ get_resource: right_VM_VirtualMachineInterface }]
358 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
359 | 
360 |   Pan_Svm_instance:
361 |     type: OS::Nova::Server
362 |     depends_on: [ mgmt_InstanceIp, left_InstanceIp, right_InstanceIp ]
363 |     properties:
364 |       name: {get_param: svm_name }
365 |       image: { get_param:  S_Tmp_image_name }
366 |       flavor: { get_param: S_Tmp_flavor }
367 |       networks:
368 |         - port: { get_resource: mgmt_VirtualMachineInterface }
369 |         - port: { get_resource: left_VirtualMachineInterface }
370 |         - port: { get_resource: right_VirtualMachineInterface }
371 |       user_data_format: RAW
372 |       config_drive: true
373 |       personality:
374 |         /config/init-cfg.txt: {get_file: "/root/bootstrap/config/init-cfg.txt"}
375 | #        /config/init-cfg.txt: { get_file: "http://10.4.1.21/op_test/config/init-cfg.txt" }
376 |         /config/bootstrap.xml: {get_file: "/root/bootstrap/config/Service_Chaining_bootstrap_vw.xml"}
377 | #        /config/bootstrap.xml: { get_file: "http://10.4.1.21/op_test/config/Service_Chaining_bootstrap_vw.xml" }
378 | #        /license/authcodes: {get_file: "/root/bootstrap/license/authcodes"}
379 | #        /license/authcodes: {get_file: "http://10.4.1.21/op_test/license/authcodes"}
380 | 
381 | 
382 | 
383 |   left_VM_VirtualMachineInterface:
384 |     type: OS::ContrailV2::VirtualMachineInterface
385 |     properties:
386 |       name: { get_param: left_vm_name }
387 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
388 |   
389 |   right_VM_VirtualMachineInterface:
390 |     type: OS::ContrailV2::VirtualMachineInterface
391 |     properties:
392 |       name: { get_param: right_vm_name }
393 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
394 |   
395 |   left_VM:
396 |     type: OS::Nova::Server
397 |     depends_on: [ left_VM_InstanceIp ]
398 |     properties:
399 |       name: {get_param: left_vm_name }
400 |       image: { get_param:  left_vm_image }
401 |       flavor: { get_param: flavor }
402 |       networks:
403 |         - port: { get_resource: left_VM_VirtualMachineInterface }
404 | 
405 |   right_VM:
406 |     type: OS::Nova::Server
407 |     depends_on: [ right_VM_InstanceIp ]
408 |     properties:
409 |       name: {get_param: right_vm_name }
410 |       image: { get_param:  right_vm_image }
411 |       flavor: { get_param: flavor }
412 |       networks:
413 |         - port: { get_resource: right_VM_VirtualMachineInterface }
414 | 
415 |   NetworkPolicy:
416 |     type: OS::ContrailV2::NetworkPolicy
417 |     properties:
418 |       name: { get_param: policy_name }
419 |       network_policy_entries: { network_policy_entries_policy_rule: [{ 
420 | 		network_policy_entries_policy_rule_direction: { get_param: direction },
421 | 		network_policy_entries_policy_rule_protocol: { get_param: protocol },
422 | 		network_policy_entries_policy_rule_src_ports: [{
423 | 			network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
424 | 			network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
425 | 								}],
426 |  		network_policy_entries_policy_rule_dst_ports: [{
427 | 			network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
428 | 			network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
429 | 								}],
430 | 		network_policy_entries_policy_rule_dst_addresses: [{
431 | 			network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
432 | 								}],
433 | 		network_policy_entries_policy_rule_src_addresses: [{
434 | 			network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
435 | 								}],
436 | 		network_policy_entries_policy_rule_action_list: { 
437 | 			network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
438 | 			network_policy_entries_policy_rule_action_list_apply_service: 
439 | 									[{ get_param: S_Ins_fq_name }]
440 | 								},
441 | 									}]
442 | 	}
443 | outputs:
444 |   Pan_Svm_instance_name:
445 |     description: Name of the PAN Sevice instance
446 |     value: { get_attr: [Pan_Svm_instance, name] }
447 |   Pan_Svm_instance_networks:
448 |     description:  IP address of the network interfaces on Pan_Svm_instance
449 |     value: { get_attr: [Pan_Svm_instance,networks] }
450 |   Left_VM_name:
451 |     description: Name of the Left VM instance
452 |     value: { get_attr: [left_VM, name] }
453 |   Left_VM_ip:
454 |     description: IP address of the Left VM instance
455 |     value: { get_attr: [left_VM, first_address] }
456 |   Right_VM_name:
457 |     description: Name of the Right VM instance
458 |     value: { get_attr: [right_VM, name] }
459 |   Right_VM_ip:
460 |     description: IP address of the Right VM instance
461 |     value: { get_attr: [right_VM, first_address] }
462 |  
463 | 


--------------------------------------------------------------------------------
/Service-Chaining/Service-Chaining-L3/Service_Chaining_template_L3.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | parameters:
  4 |   management_network:
  5 |     type: string
  6 |     description: Name of management network to be created
  7 |   left_vn:
  8 |     type: string
  9 |     description: Name of left network to be created
 10 |   right_vn:
 11 |     type: string
 12 |     description: Name of right network to be created
 13 |   left_vn_fqdn:
 14 |     type: string
 15 |     description: FQ Name of the left network
 16 |   right_vn_fqdn:
 17 |     type: string
 18 |     description: FQ Name of the right network
 19 |   domain:
 20 |     type: string
 21 |     description: Name of the Domain
 22 |   S_Tmp_name:
 23 |     type: string
 24 |     label: Service template fq name
 25 |     description: Service template for port tuple
 26 |   S_Tmp_version:
 27 |     type: string
 28 |     description: Indicates service version
 29 |   S_Tmp_service_mode:
 30 |     type: string
 31 |     description: service mode
 32 |   S_Tmp_service_type:
 33 |     type: string
 34 |     description: service type
 35 |   S_Tmp_image_name:
 36 |     type: string
 37 |     description: Name of the image
 38 |   S_Tmp_flavor:
 39 |     type: string
 40 |     description: Flavor
 41 |   S_Tmp_interface_type_mgmt:
 42 |     type: string
 43 |     description: service_interface_type for the ServiceTemplate
 44 |   S_Tmp_interface_type_left:
 45 |     type: string
 46 |     description: service_interface_type for the ServiceTemplate
 47 |   S_Tmp_interface_type_right:
 48 |     type: string
 49 |     description: service_interface_type for the ServiceTemplate
 50 |   S_Ins_name:
 51 |     type: string
 52 |     label: Service instance name
 53 |     description: Service instance for port tuple
 54 |   S_Ins_fq_name:
 55 |     type: string
 56 |     label: Service instance fq name
 57 |     description: Service instance FQDN for port tuple
 58 |   NetIPam_ip_prefix_mgmt:
 59 |     type: string
 60 |     description: subnet prefix for mgmt network
 61 |   NetIPam_ip_prefix_len_mgmt:
 62 |     type: string
 63 |     description: subnet prefix len for mgmt network
 64 |   NetIPam_ip_prefix_left:
 65 |     type: string
 66 |     description: subnet prefix for left network
 67 |   NetIPam_ip_prefix_len_left:
 68 |     type: string
 69 |     description: subnet prefix len for left network
 70 |   NetIPam_ip_prefix_right:
 71 |     type: string
 72 |     description: subnet prefix for right network
 73 |   NetIPam_ip_prefix_len_right:
 74 |     type: string
 75 |     description: subnet prefix len for right network
 76 |   NetIPam_addr_from_start_true:
 77 |     type: boolean
 78 |     description: Address allocation from start of the pool
 79 |   svm_name: 
 80 |     type: string
 81 |     description: Name of the SVM
 82 |   flavor: 
 83 |     type: string
 84 |     description: Flavor of the end VMs
 85 |   left_vm_image: 
 86 |     type: string
 87 |     description: Name of the left VM image
 88 |   right_vm_image:
 89 |     type: string
 90 |     description: Name of the right VM image 
 91 |   left_vm_name:
 92 |     type: string
 93 |     description: Name of the left VM
 94 |   right_vm_name: 
 95 |     type: string
 96 |     description: Name of the right VM
 97 |   port_tuple_name:
 98 |     type: string
 99 |     description: Name of the port tuple
100 |   policy_name:
101 |     type: string
102 |     description: Name of the Policy
103 |   policy_fq_name:
104 |     type: string
105 |     description: FQDN of the Policy 
106 |   simple_action:
107 |     type: string
108 |     description: Pass or Deny
109 |   protocol:
110 |     type: string
111 |     description: Protocol
112 |   src_port_end:
113 |     type: number
114 |     description: End of the Source Port Range
115 |   src_port_start:
116 |     type: number
117 |     description: Start of the Source Port Range
118 |   direction:
119 |     type: string
120 |     description: Direction of the Policy
121 |   dst_port_end:
122 |     type: number
123 |     description: End of the Destination Port Range
124 |   dst_port_start:
125 |     type: number
126 |     description: Start of the Destination Port Range
127 |   route_target:
128 |     type: string
129 |     description: route targets associated with the virtual network
130 | 
131 | resources:
132 |   mgmt_NetworkIPam:
133 |     type: OS::ContrailV2::NetworkIpam
134 |     properties:
135 |      name: { get_param: management_network }
136 | 
137 |   left_NetworkIPam:
138 |     type: OS::ContrailV2::NetworkIpam
139 |     properties:
140 |       name: { get_param: left_vn }
141 | 
142 |   right_NetworkIPam:
143 |     type: OS::ContrailV2::NetworkIpam
144 |     properties:
145 |       name: { get_param: right_vn }
146 | 
147 |   mgmt_VirtualNetwork:
148 |     type: OS::ContrailV2::VirtualNetwork
149 |     depends_on: [ mgmt_NetworkIPam ]
150 |     properties:
151 |       name: { get_param: management_network }
152 |       route_target_list:
153 |         {
154 |           route_target_list_route_target: [{ get_param: route_target }],
155 |         }
156 |       network_ipam_refs: [{ get_resource: mgmt_NetworkIPam }]
157 |       network_ipam_refs_data:
158 |         [{
159 |           network_ipam_refs_data_ipam_subnets:
160 |             [{
161 |               network_ipam_refs_data_ipam_subnets_subnet:
162 |                 {
163 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_mgmt },
164 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_mgmt },
165 |                 },
166 |            network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
167 |             }]
168 |          }]
169 | 
170 |   left_VirtualNetwork:
171 |     type: OS::ContrailV2::VirtualNetwork
172 |     depends_on: [ left_NetworkIPam, NetworkPolicy ]
173 |     properties:
174 |       name: { get_param: left_vn }
175 |       network_ipam_refs: [{ get_resource: left_NetworkIPam }]
176 |       network_ipam_refs_data:
177 |         [{
178 |           network_ipam_refs_data_ipam_subnets:
179 |             [{
180 |               network_ipam_refs_data_ipam_subnets_subnet:
181 |                 {
182 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_left },
183 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_left },
184 |                 },
185 |                network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
186 |               }]
187 |           }]
188 |       network_policy_refs: [{ get_param: policy_fq_name }]
189 |       network_policy_refs_data:
190 |         [{
191 |           network_policy_refs_data_sequence:
192 |             {
193 |               network_policy_refs_data_sequence_major: 0,
194 |               network_policy_refs_data_sequence_minor: 0,
195 |             },
196 |         }]
197 |         
198 |   right_VirtualNetwork:
199 |     type: OS::ContrailV2::VirtualNetwork
200 |     depends_on: [ right_NetworkIPam, NetworkPolicy ]
201 |     properties:
202 |       name: { get_param: right_vn }
203 |       network_ipam_refs: [{ get_resource: right_NetworkIPam }]
204 |       network_ipam_refs_data:
205 |         [{
206 |           network_ipam_refs_data_ipam_subnets:
207 |             [{
208 |               network_ipam_refs_data_ipam_subnets_subnet:
209 |                 {
210 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_right },
211 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_right },
212 |                 },
213 |               network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
214 |             }]
215 |          }]
216 |       network_policy_refs: [{ get_param: policy_fq_name }]
217 |       network_policy_refs_data:
218 |         [{
219 |           network_policy_refs_data_sequence:
220 |             {
221 |               network_policy_refs_data_sequence_major: 0,
222 |               network_policy_refs_data_sequence_minor: 0,
223 |             },
224 |         }]
225 | 
226 |   ServiceTemplate:
227 |     type: OS::ContrailV2::ServiceTemplate
228 |     properties:
229 |       name: { get_param: S_Tmp_name }
230 |       service_template_properties:
231 |         {
232 |           service_template_properties_version: { get_param: S_Tmp_version },
233 |           service_template_properties_service_mode: { get_param: S_Tmp_service_mode },
234 |           service_template_properties_service_type: { get_param: S_Tmp_service_type },
235 |           service_template_properties_image_name: { get_param: S_Tmp_image_name },
236 | 
237 |           service_template_properties_interface_type:
238 |             [
239 |               {
240 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_mgmt },
241 |               },
242 |               {
243 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_left },
244 |               },
245 |               {
246 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_right },
247 |               }
248 |             ],
249 |           service_template_properties_flavor: { get_param: S_Tmp_flavor },
250 |           service_template_properties_service_virtualization_type: virtual-machine,
251 |           }
252 |       domain: { get_param: domain }
253 | 
254 |   ServiceInstance:
255 |     type: OS::ContrailV2::ServiceInstance
256 |     depends_on: [ ServiceTemplate ]
257 |     properties:
258 |       name: { get_param: S_Ins_name }
259 |       service_instance_properties:
260 |         {
261 |           service_instance_properties_interface_list:
262 |             [
263 |               {
264 |                 service_instance_properties_interface_list_virtual_network:
265 |                  {
266 |                    list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ]
267 |                  },
268 |               },
269 |               {
270 |               service_instance_properties_interface_list_virtual_network:
271 |                 {
272 |                    list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ]
273 |                 },
274 |               },
275 |               {
276 |               service_instance_properties_interface_list_virtual_network:
277 |                 {
278 |                    list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ]
279 |                 },
280 |               }
281 |             ],
282 |         }
283 |       service_template_refs: [{ get_resource: ServiceTemplate }]
284 | 
285 |   Pan_Svm_PortTuple:
286 |     type: OS::ContrailV2::PortTuple
287 |     depends_on: [ ServiceInstance ]
288 |     properties:
289 |       name: { get_param: port_tuple_name }
290 |       service_instance: { list_join: [':', { get_attr: [ ServiceInstance, fq_name ] } ] }
291 | 
292 |   mgmt_VirtualMachineInterface:
293 |     type: OS::ContrailV2::VirtualMachineInterface
294 |     depends_on: [ Pan_Svm_PortTuple ]
295 |     properties:
296 |       virtual_machine_interface_properties:
297 |         {
298 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_mgmt },
299 |         }
300 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
301 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ] }]
302 |   
303 |   left_VirtualMachineInterface:
304 |     type: OS::ContrailV2::VirtualMachineInterface
305 |     depends_on: [ Pan_Svm_PortTuple ]
306 |     properties:
307 |       virtual_machine_interface_properties:
308 |         {
309 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_left },
310 |         }
311 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
312 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
313 | 
314 |   right_VirtualMachineInterface:
315 |     type: OS::ContrailV2::VirtualMachineInterface
316 |     depends_on: [ Pan_Svm_PortTuple ]
317 |     properties:
318 |       virtual_machine_interface_properties:
319 |         {
320 |           virtual_machine_interface_properties_service_interface_type: { get_param: S_Tmp_interface_type_right },
321 |         }
322 |       port_tuple_refs: [{ get_resource: Pan_Svm_PortTuple }]
323 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
324 | 
325 |   mgmt_InstanceIp:
326 |     type: OS::ContrailV2::InstanceIp
327 |     depends_on: [ mgmt_VirtualMachineInterface, mgmt_VirtualNetwork ]
328 |     properties:
329 |       virtual_machine_interface_refs: [{ get_resource: mgmt_VirtualMachineInterface }]
330 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ mgmt_VirtualNetwork, fq_name ] } ] }]
331 | 
332 |   left_InstanceIp:
333 |     type: OS::ContrailV2::InstanceIp
334 |     depends_on: [ left_VirtualMachineInterface, left_VirtualNetwork ]
335 |     properties:
336 |       virtual_machine_interface_refs: [{ get_resource: left_VirtualMachineInterface }]
337 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
338 | 
339 |   right_InstanceIp:
340 |     type: OS::ContrailV2::InstanceIp
341 |     depends_on: [ right_VirtualMachineInterface, right_VirtualNetwork ]
342 |     properties:
343 |       virtual_machine_interface_refs: [{ get_resource: right_VirtualMachineInterface }]
344 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
345 | 
346 |   left_VM_InstanceIp:
347 |     type: OS::ContrailV2::InstanceIp
348 |     depends_on: [ left_VM_VirtualMachineInterface, left_VirtualNetwork ]
349 |     properties:
350 |       virtual_machine_interface_refs: [{ get_resource: left_VM_VirtualMachineInterface }]
351 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
352 | 
353 |   right_VM_InstanceIp:
354 |     type: OS::ContrailV2::InstanceIp
355 |     depends_on: [ right_VM_VirtualMachineInterface, right_VirtualNetwork ]
356 |     properties:
357 |       virtual_machine_interface_refs: [{ get_resource: right_VM_VirtualMachineInterface }]
358 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
359 | 
360 |   Pan_Svm_instance:
361 |     type: OS::Nova::Server
362 |     depends_on: [ mgmt_InstanceIp, left_InstanceIp, right_InstanceIp ]
363 |     properties:
364 |       name: {get_param: svm_name }
365 |       image: { get_param:  S_Tmp_image_name }
366 |       flavor: { get_param: S_Tmp_flavor }
367 |       networks:
368 |         - port: { get_resource: mgmt_VirtualMachineInterface }
369 |         - port: { get_resource: left_VirtualMachineInterface }
370 |         - port: { get_resource: right_VirtualMachineInterface }
371 |       user_data_format: RAW
372 |       config_drive: true
373 |       personality:
374 |         /config/init-cfg.txt: {get_file: "/root/bootstrap/config/init-cfg.txt"}
375 | #        /config/init-cfg.txt: { get_file: "http://10.4.1.21/op_test/config/init-cfg.txt" }
376 |         /config/bootstrap.xml: {get_file: "/root/bootstrap/config/Service_Chaining_bootstrap_L3.xml"}
377 | #        /config/bootstrap.xml: { get_file: "http://10.4.1.21/op_test/config/Service_Chaining_bootstrap_L3.xml" }
378 | #        /license/authcodes: {get_file: "/root/bootstrap/license/authcodes"}
379 | #        /license/authcodes: {get_file: "http://10.4.1.21/op_test/license/authcodes"}
380 | 
381 |   
382 | 
383 |   left_VM_VirtualMachineInterface:
384 |     type: OS::ContrailV2::VirtualMachineInterface
385 |     properties:
386 |       name: { get_param: left_vm_name }
387 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
388 |   
389 |   right_VM_VirtualMachineInterface:
390 |     type: OS::ContrailV2::VirtualMachineInterface
391 |     properties:
392 |       name: { get_param: right_vm_name }
393 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
394 |   
395 |   left_VM:
396 |     type: OS::Nova::Server
397 |     depends_on: [ left_VM_InstanceIp ]
398 |     properties:
399 |       name: {get_param: left_vm_name }
400 |       image: { get_param:  left_vm_image }
401 |       flavor: { get_param: flavor }
402 |       networks:
403 |         - port: { get_resource: left_VM_VirtualMachineInterface }
404 | 
405 |   right_VM:
406 |     type: OS::Nova::Server
407 |     depends_on: [ right_VM_InstanceIp ]
408 |     properties:
409 |       name: {get_param: right_vm_name }
410 |       image: { get_param:  right_vm_image }
411 |       flavor: { get_param: flavor }
412 |       networks:
413 |         - port: { get_resource: right_VM_VirtualMachineInterface }
414 | 
415 |   NetworkPolicy:
416 |     type: OS::ContrailV2::NetworkPolicy
417 |     properties:
418 |       name: { get_param: policy_name }
419 |       network_policy_entries: { network_policy_entries_policy_rule: [{ 
420 | 		network_policy_entries_policy_rule_direction: { get_param: direction },
421 | 		network_policy_entries_policy_rule_protocol: { get_param: protocol },
422 | 		network_policy_entries_policy_rule_src_ports: [{
423 | 			network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
424 | 			network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
425 | 								}],
426 |  		network_policy_entries_policy_rule_dst_ports: [{
427 | 			network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
428 | 			network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
429 | 								}],
430 | 		network_policy_entries_policy_rule_dst_addresses: [{
431 | 			network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
432 | 								}],
433 | 		network_policy_entries_policy_rule_src_addresses: [{
434 | 			network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
435 | 								}],
436 | 		network_policy_entries_policy_rule_action_list: { 
437 | 			network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
438 | 			network_policy_entries_policy_rule_action_list_apply_service: 
439 | 									[{ get_param: S_Ins_fq_name }]
440 | 								},
441 | 									}]
442 | 	}
443 | outputs:
444 |   Pan_Svm_instance_name:
445 |     description: Name of the PAN Sevice instance
446 |     value: { get_attr: [Pan_Svm_instance, name] }
447 |   Pan_Svm_instance_networks:
448 |     description:  IP address of the network interfaces on Pan_Svm_instance
449 |     value: { get_attr: [Pan_Svm_instance,networks] }
450 |   Left_VM_name:
451 |     description: Name of the Left VM instance
452 |     value: { get_attr: [left_VM, name] }
453 |   Left_VM_ip:
454 |     description: IP address of the Left VM instance
455 |     value: { get_attr: [left_VM, first_address] }
456 |   Right_VM_name:
457 |     description: Name of the Right VM instance
458 |     value: { get_attr: [right_VM, name] }
459 |   Right_VM_ip:
460 |     description: IP address of the Right VM instance
461 |     value: { get_attr: [right_VM, first_address] }
462 |  
463 | 
464 | 


--------------------------------------------------------------------------------
/Service-Scaling/Service_Scaling_template.yaml:
--------------------------------------------------------------------------------
  1 | heat_template_version: 2015-04-30
  2 | 
  3 | parameters:
  4 |   S_Tmp_name:
  5 |     type: string
  6 |     label: Service template fq name
  7 |     description: Service template for port tuple
  8 |   S_Tmp_version:
  9 |     type: string
 10 |     description: Indicates service version
 11 |   S_Tmp_service_mode:
 12 |     type: string
 13 |     description: service mode
 14 |   S_Tmp_service_type:
 15 |     type: string
 16 |     description: service type
 17 |   S_Tmp_image_name:
 18 |     type: string
 19 |     description: Name of the image
 20 |   S_Tmp_flavor:
 21 |     type: string
 22 |     description: Flavor
 23 |   S_Tmp_interface_type_mgmt:
 24 |     type: string
 25 |     description: service_interface_type for the ServiceTemplate
 26 |   S_Tmp_interface_type_left:
 27 |     type: string
 28 |     description: service_interface_type for the ServiceTemplate
 29 |   S_Tmp_interface_type_right:
 30 |     type: string
 31 |     description: service_interface_type for the ServiceTemplate
 32 |   S_Tmp_service_scaling:
 33 |     type: string
 34 |     description: Indicates whether service scaling is enabled
 35 |   svm_name: 
 36 |     type: string
 37 |     description: Name of the SVM
 38 |   S_Ins_name:
 39 |     type: string
 40 |     label: Service instance fq name
 41 |     description: Service instance for port tuple
 42 |   management_network:
 43 |     type: string
 44 |     description: Name of management network to be created
 45 |   left_network:
 46 |     type: string
 47 |     description: Name of left network to be created
 48 |   right_network:
 49 |     type: string
 50 |     description: Name of right network to be created
 51 |   NetIPam_ip_prefix_mgmt:
 52 |     type: string
 53 |     description: subnet prefix for mgmt network
 54 |   NetIPam_ip_prefix_len_mgmt:
 55 |     type: string
 56 |     description: subnet prefix len for mgmt network
 57 |   NetIPam_ip_prefix_left:
 58 |     type: string
 59 |     description: subnet prefix for left network
 60 |   NetIPam_ip_prefix_len_left:
 61 |     type: string
 62 |     description: subnet prefix len for left network
 63 |   NetIPam_ip_prefix_right:
 64 |     type: string
 65 |     description: subnet prefix for right network
 66 |   NetIPam_ip_prefix_len_right:
 67 |     type: string
 68 |     description: subnet prefix len for right network
 69 |   domain:
 70 |     type: string
 71 |     description: Name of the Domain
 72 |   NetIPam_ip_prefix_mgmt:
 73 |     type: string
 74 |     description: subnet prefix for mgmt network
 75 |   NetIPam_ip_prefix_len_mgmt:
 76 |     type: string
 77 |     description: subnet prefix len for mgmt network
 78 |   NetIPam_ip_prefix_left:
 79 |     type: string
 80 |     description: subnet prefix for left network
 81 |   NetIPam_ip_prefix_len_left:
 82 |     type: string
 83 |     description: subnet prefix len for left network
 84 |   NetIPam_ip_prefix_right:
 85 |     type: string
 86 |     description: subnet prefix for right network
 87 |   NetIPam_ip_prefix_len_right:
 88 |     type: string
 89 |     description: subnet prefix len for right network
 90 |   NetIPam_ip_prefix_mgmt:
 91 |     type: string
 92 |     description: subnet prefix for mgmt network
 93 |   NetIPam_ip_prefix_len_mgmt:
 94 |     type: string
 95 |     description: subnet prefix len for mgmt network
 96 |   NetIPam_ip_prefix_left:
 97 |     type: string
 98 |     description: subnet prefix for left network
 99 |   NetIPam_ip_prefix_len_left:
100 |     type: string
101 |     description: subnet prefix len for left network
102 |   NetIPam_ip_prefix_right:
103 |     type: string
104 |     description: subnet prefix for right network
105 |   NetIPam_ip_prefix_len_right:
106 |     type: string
107 |     description: subnet prefix len for right network
108 |   NetIPam_addr_from_start_true:
109 |     type: boolean
110 |     description: Address allocation from start of the pool
111 |   port_tuple_name:
112 |     type: string
113 |     description: name of Port Tuple
114 |   flavor:
115 |     type: string
116 |     description: Flavor of the end VMs
117 |   left_vm_image:
118 |     type: string
119 |     description: Name of the left VM image
120 |   right_vm_image:
121 |     type: string
122 |     description: Name of the right VM image
123 |   left_vm_name:
124 |     type: string
125 |     description: Name of the left VM
126 |   right_vm_name:
127 |     type: string
128 |     description: Name of the right VM
129 |   policy_name:
130 |     type: string
131 |     description: Name of the Policy
132 |   policy_fq_name:
133 |     type: string
134 |     description: FQDN of the Policy 
135 |   simple_action:
136 |     type: string
137 |     description: Pass or Deny
138 |   protocol:
139 |     type: string
140 |     description: Protocol
141 |   src_port_end:
142 |     type: number
143 |     description: End of the Source Port Range
144 |   src_port_start:
145 |     type: number
146 |     description: Start of the Source Port Range
147 |   direction:
148 |     type: string
149 |     description: Direction of the Policy
150 |   dst_port_end:
151 |     type: number
152 |     description: End of the Destination Port Range
153 |   dst_port_start:
154 |     type: number
155 |     description: Start of the Destination Port Range
156 |   left_vn_fqdn:
157 |     type: string
158 |     description: FQ Name of the left network
159 |   right_vn_fqdn:
160 |     type: string
161 |     description: FQ Name of the right network
162 |   S_Ins_fq_name:
163 |     type: string
164 |     label: Service instance fq name
165 |     description: Service instance FQDN for port tuple
166 |   route_target:
167 |     type: string
168 |     description: route targets associated with the virtual network
169 |   server_key:
170 |     type: string
171 |     description: Name of key-pair to be used for server instance
172 |   cooldown_initial:
173 |     type: number
174 |     description: Initial wait time; when the first instance is launched.  
175 |   cooldown_scaleup:
176 |     type: number
177 |     description: Wait time interval between scaleup policies.
178 |   cooldown_scaledown: 
179 |     type: number
180 |     description: Wait time interval between scaledown policies.
181 |   period_high: 
182 |     type: number
183 |     description: Interval during which the average cpu load is caluclated before triggering an alarm.
184 |   period_low:
185 |     type: number
186 |     description: Interval during which the average cpu load is caluclated before triggering an alarm.
187 |   threshold_high: 
188 |     type: number
189 |     description: Value of CPU in %; which is compared with, before calling the scaleup policy.
190 |   threshold_low:
191 |     type: number
192 |     description: Value of CPU in %; which is compared with, before calling the scaledown policy.
193 |   meter_name:
194 |     type: string 
195 |     description: Type of meter polled to decide on scaling.
196 | 
197 | 
198 | resources:
199 |   mgmt_NetworkIPam:
200 |     type: OS::ContrailV2::NetworkIpam
201 |     properties:
202 |       name: { get_param: management_network }
203 | 
204 |   left_NetworkIPam:
205 |     type: OS::ContrailV2::NetworkIpam
206 |     properties:
207 |       name: { get_param: left_network }
208 | 
209 |   right_NetworkIPam:
210 |     type: OS::ContrailV2::NetworkIpam
211 |     properties:
212 |       name: { get_param: right_network }
213 | 
214 |   mgmt_VirtualNetwork:
215 |     type: OS::ContrailV2::VirtualNetwork
216 |     depends_on: [ mgmt_NetworkIPam ]
217 |     properties:
218 |       name: { get_param: management_network }
219 |       route_target_list:
220 |         {
221 |           route_target_list_route_target: [{ get_param: route_target }],
222 |         }    
223 |       network_ipam_refs: [{ get_resource: mgmt_NetworkIPam }]
224 |       network_ipam_refs_data:
225 |         [{
226 |           network_ipam_refs_data_ipam_subnets:
227 |             [{
228 |               network_ipam_refs_data_ipam_subnets_subnet:
229 |                 {
230 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_mgmt },
231 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_mgmt },
232 |                 },
233 |                network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
234 |             }]
235 |          }]
236 | 
237 |   left_VirtualNetwork:
238 |     type: OS::ContrailV2::VirtualNetwork
239 |     depends_on: [ left_NetworkIPam,  NetworkPolicy ] 
240 |     properties:
241 |       name: { get_param: left_network }
242 |       network_ipam_refs: [{ get_resource: left_NetworkIPam }]
243 |       network_ipam_refs_data:
244 |         [{
245 |           network_ipam_refs_data_ipam_subnets:
246 |             [{
247 |               network_ipam_refs_data_ipam_subnets_subnet:
248 |                 {
249 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_left },
250 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_left },
251 |                 },
252 |                network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
253 |             }]
254 |          }]
255 |       network_policy_refs: [{ get_param: policy_fq_name }]
256 |       network_policy_refs_data:
257 |         [{
258 |           network_policy_refs_data_sequence:
259 |             {
260 |               network_policy_refs_data_sequence_major: 0,
261 |               network_policy_refs_data_sequence_minor: 0,
262 |             },
263 |         }]
264 | 
265 |   right_VirtualNetwork:
266 |     type: OS::ContrailV2::VirtualNetwork
267 |     depends_on: [ right_NetworkIPam,  NetworkPolicy ]
268 |     properties:
269 |       name: { get_param: right_network }
270 |       network_ipam_refs: [{ get_resource: right_NetworkIPam }]
271 |       network_ipam_refs_data:
272 |         [{
273 |           network_ipam_refs_data_ipam_subnets:
274 |             [{
275 |               network_ipam_refs_data_ipam_subnets_subnet:
276 |                 {
277 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix: { get_param: NetIPam_ip_prefix_right },
278 |                   network_ipam_refs_data_ipam_subnets_subnet_ip_prefix_len: { get_param: NetIPam_ip_prefix_len_right },
279 |                 },
280 |                network_ipam_refs_data_ipam_subnets_addr_from_start: { get_param: NetIPam_addr_from_start_true },
281 |             }] 
282 |          }]
283 |       network_policy_refs: [{ get_param: policy_fq_name }]
284 |       network_policy_refs_data:
285 |         [{
286 |           network_policy_refs_data_sequence:
287 |             {
288 |               network_policy_refs_data_sequence_major: 0,
289 |               network_policy_refs_data_sequence_minor: 0,
290 |             },
291 |         }]
292 | 
293 |   ServiceTemplate:
294 |     type: OS::ContrailV2::ServiceTemplate
295 |     properties:
296 |       name: { get_param: S_Tmp_name }
297 |       service_template_properties:
298 |         {          
299 |           service_template_properties_version: { get_param: S_Tmp_version },
300 |           service_template_properties_service_mode: { get_param: S_Tmp_service_mode },
301 |           service_template_properties_service_type: { get_param: S_Tmp_service_type },
302 |           service_template_properties_image_name: { get_param: S_Tmp_image_name },
303 |           service_template_properties_service_scaling: { get_param: S_Tmp_service_scaling },
304 | 
305 |           service_template_properties_interface_type:
306 |             [
307 |               {
308 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_mgmt },
309 |               },
310 |               {
311 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_left },
312 |              },
313 |               {
314 |               service_template_properties_interface_type_service_interface_type: { get_param: S_Tmp_interface_type_right },
315 |               }
316 |             ],
317 |           service_template_properties_flavor: { get_param: S_Tmp_flavor },
318 |           service_template_properties_service_virtualization_type: virtual-machine ,
319 |         }
320 |       domain: { get_param: domain }
321 | 
322 |   ServiceInstance:
323 |     type: OS::ContrailV2::ServiceInstance
324 |     depends_on: [ ServiceTemplate ]
325 |     properties:
326 |       name: { get_param: S_Ins_name }
327 |       service_instance_properties:
328 |         {
329 |           service_instance_properties_interface_list:
330 |             [
331 |               {
332 |                 service_instance_properties_interface_list_virtual_network:
333 |                  {
334 |                    list_join: [':', { get_attr: [mgmt_VirtualNetwork, fq_name ] } ]
335 |                  },
336 |               },
337 |               {
338 |               service_instance_properties_interface_list_virtual_network:
339 |                 {
340 |                    list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ]
341 |                 },
342 |               },
343 |               {
344 |               service_instance_properties_interface_list_virtual_network:
345 |                 {
346 |                    list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ]
347 |                 },
348 |               }
349 |             ],
350 |         }
351 |       service_template_refs: [{ get_resource: ServiceTemplate }]
352 |   Instance_Group:
353 |     type: OS::Heat::AutoScalingGroup
354 |     properties:
355 |       cooldown: { get_param: cooldown_initial }
356 |       desired_capacity: 1
357 |       max_size: 5
358 |       min_size: 1
359 |       resource:
360 |         type: service_instance.yaml
361 |         properties:
362 |           image: { get_param: S_Tmp_image_name }
363 |           flavor: { get_param: S_Tmp_flavor }
364 |           virtual_network_M: { get_param: management_network }
365 |           virtual_network_M_fqdn: { list_join: [':', { get_attr: [mgmt_VirtualNetwork, fq_name ] } ] }
366 |           virtual_network_L: { get_param: left_network }
367 |           virtual_network_L_fqdn: { list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }
368 |           virtual_network_R: { get_param: right_network }
369 |           virtual_network_R_fqdn: { list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }
370 |           service_instance_name: { list_join: [':', { get_attr: [ ServiceInstance, fq_name ] } ] }
371 |           service_interface_type_M: 'management'
372 |           service_interface_type_L: 'left'
373 |           service_interface_type_R: 'right'
374 |           port_tuple_name: port_tuple_name
375 | 
376 |   scaleup_policy:
377 |     type: OS::Heat::ScalingPolicy
378 |     properties:
379 |       adjustment_type: change_in_capacity
380 |       auto_scaling_group_id: { get_resource: Instance_Group }
381 |       cooldown: { get_param: cooldown_scaleup }
382 |       scaling_adjustment: 1
383 | 
384 |   high_alarm:
385 |     type: OS::Ceilometer::Alarm
386 |     properties:
387 |       description: Alarm-trigger when threshold high
388 |       meter_name: { get_param: meter_name} 
389 |       statistic: avg
390 |       period: { get_param: period_high }
391 |       evaluation_periods: 1
392 |       threshold: { get_param: threshold_high }
393 |       alarm_actions:
394 |         - {get_attr: [scaleup_policy, alarm_url]}
395 |       comparison_operator: ge
396 | 
397 |   scaledown_policy:
398 |     type: OS::Heat::ScalingPolicy
399 |     properties:
400 |       adjustment_type: change_in_capacity
401 |       auto_scaling_group_id: { get_resource: Instance_Group }
402 |       cooldown: { get_param: cooldown_scaledown }
403 |       scaling_adjustment: -1 
404 |       
405 |   low_alarm:
406 |     type: OS::Ceilometer::Alarm
407 |     properties:
408 |       meter_name: { get_param: meter_name}
409 |       description: Alarm-trigger when threshold low
410 |       statistic: avg
411 |       period: { get_param: period_low }
412 |       evaluation_periods: 1
413 |       threshold: { get_param: threshold_low }
414 |       alarm_actions:
415 |         - {get_attr: [scaledown_policy, alarm_url]}
416 |       comparison_operator: le
417 | 
418 |   left_VM_InstanceIp:
419 |     type: OS::ContrailV2::InstanceIp
420 |     depends_on: [  left_VM_VirtualMachineInterface, left_VirtualNetwork ]
421 |     properties:
422 |       virtual_machine_interface_refs: [{ get_resource:  left_VM_VirtualMachineInterface }]
423 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
424 | 
425 |   right_VM_InstanceIp:
426 |     type: OS::ContrailV2::InstanceIp
427 |     depends_on: [ right_VM_VirtualMachineInterface, right_VirtualNetwork ]
428 |     properties:
429 |       virtual_machine_interface_refs: [{ get_resource: right_VM_VirtualMachineInterface }]
430 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
431 |       
432 |       
433 |   left_VM_VirtualMachineInterface:
434 |     type: OS::ContrailV2::VirtualMachineInterface
435 |     properties:
436 |       name: { get_param: left_vm_name }
437 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ left_VirtualNetwork, fq_name ] } ] }]
438 |       
439 |   
440 |   right_VM_VirtualMachineInterface:
441 |     type: OS::ContrailV2::VirtualMachineInterface
442 |     properties:
443 |       name: { get_param: right_vm_name }
444 |       virtual_network_refs: [{ list_join: [':', { get_attr: [ right_VirtualNetwork, fq_name ] } ] }]
445 |       
446 |   
447 |   left_VM:
448 |     type: OS::Nova::Server
449 |     depends_on: [ left_VM_InstanceIp ]
450 |     properties:
451 |       name: {get_param: left_vm_name }
452 |       image: { get_param:  left_vm_image }
453 |       key_name: { get_param: server_key }
454 |       flavor: { get_param: flavor }
455 |       networks:
456 |         - port: { get_resource:  left_VM_VirtualMachineInterface }
457 |        
458 | 
459 |   right_VM:
460 |     type: OS::Nova::Server
461 |     depends_on: [ right_VM_InstanceIp  ]
462 |     properties:
463 |       name: {get_param: right_vm_name }
464 |       image: { get_param:  right_vm_image }
465 |       key_name: { get_param: server_key }
466 |       flavor: { get_param: flavor }
467 |       networks:
468 |         - port: { get_resource: right_VM_VirtualMachineInterface }
469 |   
470 |   NetworkPolicy:
471 |     type: OS::ContrailV2::NetworkPolicy
472 |     properties:
473 |       name: { get_param: policy_name }
474 |       network_policy_entries: { network_policy_entries_policy_rule: [{ 
475 | 		network_policy_entries_policy_rule_direction: { get_param: direction },
476 | 		network_policy_entries_policy_rule_protocol: { get_param: protocol },
477 | 		network_policy_entries_policy_rule_src_ports: [{
478 | 			network_policy_entries_policy_rule_src_ports_start_port: { get_param: src_port_start },
479 | 			network_policy_entries_policy_rule_src_ports_end_port: { get_param: src_port_end }
480 | 								}],
481 |  		network_policy_entries_policy_rule_dst_ports: [{
482 | 			network_policy_entries_policy_rule_dst_ports_start_port: { get_param: dst_port_start },
483 | 			network_policy_entries_policy_rule_dst_ports_end_port: { get_param: dst_port_end }
484 | 								}],
485 | 		network_policy_entries_policy_rule_dst_addresses: [{
486 | 			network_policy_entries_policy_rule_dst_addresses_virtual_network: { get_param: right_vn_fqdn }
487 | 								}],
488 | 		network_policy_entries_policy_rule_src_addresses: [{
489 | 			network_policy_entries_policy_rule_src_addresses_virtual_network: { get_param: left_vn_fqdn }
490 | 								}],
491 | 		network_policy_entries_policy_rule_action_list: { 
492 | 			network_policy_entries_policy_rule_action_list_simple_action: { get_param: simple_action },
493 | 			network_policy_entries_policy_rule_action_list_apply_service: 
494 | 									[{ get_param: S_Ins_fq_name }]
495 | 								},
496 | 									}]
497 | 	}
498 | 
499 | 
500 | 
501 |  
502 | 
503 | 


--------------------------------------------------------------------------------