aboutsummaryrefslogtreecommitdiffstats
path: root/vnfs/vIPSEC
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/vIPSEC')
-rw-r--r--vnfs/vIPSEC/pg_streams/dep.xml17
-rw-r--r--vnfs/vIPSEC/pg_streams/pom.xml83
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp112
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp1012
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp212
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp312
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp412
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp512
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp612
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp712
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp812
-rw-r--r--vnfs/vIPSEC/pg_streams/stream_ipsec_udp912
-rw-r--r--vnfs/vIPSEC/scripts/assembly.xml23
-rw-r--r--vnfs/vIPSEC/scripts/pom.xml62
-rwxr-xr-xvnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh9
-rw-r--r--vnfs/vIPSEC/scripts/update_running_streams.sh18
-rwxr-xr-xvnfs/vIPSEC/scripts/v_packetgen_init.sh87
-rwxr-xr-xvnfs/vIPSEC/scripts/v_packetgen_install.sh98
-rwxr-xr-xvnfs/vIPSEC/scripts/v_sink_init.sh17
-rwxr-xr-xvnfs/vIPSEC/scripts/v_sink_install.sh68
-rwxr-xr-xvnfs/vIPSEC/scripts/vpacketgen.sh98
-rwxr-xr-xvnfs/vIPSEC/scripts/vsink.sh98
22 files changed, 798 insertions, 0 deletions
diff --git a/vnfs/vIPSEC/pg_streams/dep.xml b/vnfs/vIPSEC/pg_streams/dep.xml
new file mode 100644
index 00000000..5355773f
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/dep.xml
@@ -0,0 +1,17 @@
+<assembly xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.2 http://maven.apache.org/xsd/assembly-1.1.2.xsd">
+ <id>demo</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <fileSets>
+ <fileSet>
+ <directory>.</directory>
+ <outputDirectory>/</outputDirectory>
+ <includes>
+ <include>stream*</include>
+ </includes>
+ </fileSet>
+ </fileSets>
+</assembly>
diff --git a/vnfs/vIPSEC/pg_streams/pom.xml b/vnfs/vIPSEC/pg_streams/pom.xml
new file mode 100644
index 00000000..724e44a7
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/pom.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ============LICENSE_START==========================================
+ ===================================================================
+ Copyright © 2019 Intel Intellectual Property. All rights reserved.
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END============================================
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <parent>
+ <groupId>org.onap.demo.vnf</groupId>
+ <artifactId>demo-aggregator</artifactId>
+ <version>1.4.0-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.onap.demo.vnf.vipsec</groupId>
+ <artifactId>vipsec_pg_streams</artifactId>
+
+ <build>
+ <plugins>
+
+ <plugin>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.3.2</version>
+ <executions>
+ <execution>
+ <id>default-jar</id>
+ <phase>never</phase>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.5.3</version>
+ <configuration>
+ <descriptor>dep.xml</descriptor>
+ </configuration>
+ <executions>
+ <execution>
+ <id>create-archive</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>none</phase>
+ </execution>
+ </executions>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+
+</project>
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1
new file mode 100644
index 00000000..da1cce06
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp1
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp1
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10
new file mode 100644
index 00000000..fd0847a1
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp10
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp10
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2
new file mode 100644
index 00000000..c6c80369
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp2
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp2
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3
new file mode 100644
index 00000000..c7c5bd4f
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp3
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp3
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4
new file mode 100644
index 00000000..4fc03372
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp4
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp4
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5
new file mode 100644
index 00000000..cdd8d8ea
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp5
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp5
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6
new file mode 100644
index 00000000..731a0df2
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp6
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp6
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7
new file mode 100644
index 00000000..7afb478e
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp7
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp7
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8
new file mode 100644
index 00000000..feaa5d45
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp8
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp8
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9 b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9
new file mode 100644
index 00000000..8f8bd742
--- /dev/null
+++ b/vnfs/vIPSEC/pg_streams/stream_ipsec_udp9
@@ -0,0 +1,12 @@
+packet-generator new {
+ name ipsec_udp9
+ rate 10
+ node ip4-input
+ size 64-64
+ no-recycle
+ data {
+ UDP: 192.168.10.31 -> 192.168.20.32
+ UDP: 15320 -> 8080
+ length 128 checksum 0 incrementing 1
+ }
+}
diff --git a/vnfs/vIPSEC/scripts/assembly.xml b/vnfs/vIPSEC/scripts/assembly.xml
new file mode 100644
index 00000000..cbdb5680
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/assembly.xml
@@ -0,0 +1,23 @@
+<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
+ <id>scripts</id>
+ <formats>
+ <format>zip</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <fileSets>
+ <fileSet>
+ <directory>${basedir}</directory>
+ <includes>
+ <include>*</include>
+ </includes>
+ <excludes>
+ <exclude>assembly.xml</exclude>
+ <exclude>pom.xml</exclude>
+ <exclude>target</exclude>
+ <exclude>.*</exclude>
+ </excludes>
+ </fileSet>
+ </fileSets>
+</assembly>
diff --git a/vnfs/vIPSEC/scripts/pom.xml b/vnfs/vIPSEC/scripts/pom.xml
new file mode 100644
index 00000000..4c0e9e15
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/pom.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ============LICENSE_START==========================================
+ ===================================================================
+ Copyright © 2019 Intel Intellectual Property. All rights reserved.
+ ===================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END============================================
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <parent>
+ <groupId>org.onap.demo.vnf</groupId>
+ <artifactId>demo-aggregator</artifactId>
+ <version>1.4.0-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.onap.demo.vnf.vipsec</groupId>
+ <artifactId>vipsec-scripts</artifactId>
+ <packaging>pom</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>3.1.0</version>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ <executions>
+ <execution>
+ <id>make-assembly</id> <!-- this is used for inheritance merges -->
+ <phase>package</phase> <!-- bind to the packaging phase -->
+ <goals>
+ <goal>single</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh b/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh
new file mode 100755
index 00000000..e8f1bcf2
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/run_traffic_ipsec_demo.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+while [ 1 ]
+do
+curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"streams": {"active-streams": 10}}' http://localhost:8183/restconf/config/stream-count:stream-count/streams
+sleep 300
+curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"streams": {"active-streams": 1}}' http://localhost:8183/restconf/config/stream-count:stream-count/streams
+sleep 300
+done \ No newline at end of file
diff --git a/vnfs/vIPSEC/scripts/update_running_streams.sh b/vnfs/vIPSEC/scripts/update_running_streams.sh
new file mode 100644
index 00000000..e21a6ba1
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/update_running_streams.sh
@@ -0,0 +1,18 @@
+#/bin/bash
+
+if [ ! "$#" -eq 1 ]
+then
+ echo "Usage: ./update_running_streams.sh [number of active streams]"
+ exit
+fi
+
+STREAMS=$1
+BODY=""
+
+for((i=1; $i<= $STREAMS; i++)); do
+ BODY+="{\"id\":\"ipsec_udp$i\", \"is-enabled\":\"true\"},"
+done
+
+BODY='{"pg-streams":{"pg-stream": ['${BODY%?}']}}'
+
+curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d "$BODY" "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams"
diff --git a/vnfs/vIPSEC/scripts/v_packetgen_init.sh b/vnfs/vIPSEC/scripts/v_packetgen_init.sh
new file mode 100755
index 00000000..324df0b6
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/v_packetgen_init.sh
@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# Convert Network CIDR to Netmask
+mask2cidr() {
+ nbits=0
+ IFS=.
+ for dec in $1 ; do
+ case $dec in
+ 255) let nbits+=8;;
+ 254) let nbits+=7;;
+ 252) let nbits+=6;;
+ 248) let nbits+=5;;
+ 240) let nbits+=4;;
+ 224) let nbits+=3;;
+ 192) let nbits+=2;;
+ 128) let nbits+=1;;
+ 0);;
+ *) echo "Error: $dec is not recognized"; exit 1
+ esac
+ done
+ echo "$nbits"
+}
+
+# Start VPP
+start vpp
+sleep 1
+
+# Configure VPP for vPacketGenerator
+IPADDR1=$(ifconfig eth1 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2)
+HWADDR1=$(ifconfig eth1 | grep HWaddr | tr -s ' ' | cut -d' ' -f5)
+FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"')
+PROTECTED_NET_CIDR=$(cat /opt/config/protected_clientA_private_net_cidr.txt)
+IPSEC_IPADDR=$(cat /opt/config/ipsec_ipaddr.txt)
+SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt)
+
+IPADDR1_MASK=$(ifconfig eth1 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}')
+IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK)
+
+ifconfig eth1 down
+ifconfig eth1 hw ether $FAKE_HWADDR1
+ip addr flush dev eth1
+ifconfig eth1 up
+vppctl tap connect tap111 hwaddr $HWADDR1
+vppctl set int ip address tap-0 $IPADDR1"/"$IPADDR1_CIDR
+vppctl set int state tap-0 up
+brctl addbr br0
+brctl addif br0 tap111
+brctl addif br0 eth1
+ifconfig br0 up
+vppctl ip route add $PROTECTED_NET_CIDR via $IPSEC_IPADDR
+sleep 1
+
+# Install packet streams
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp1
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp2
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp3
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp4
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp5
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp6
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp7
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp8
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp9
+sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_ipsec_udp10
+vppctl exec /opt/pg_streams/stream_ipsec_udp1
+vppctl exec /opt/pg_streams/stream_ipsec_udp2
+vppctl exec /opt/pg_streams/stream_ipsec_udp3
+vppctl exec /opt/pg_streams/stream_ipsec_udp4
+vppctl exec /opt/pg_streams/stream_ipsec_udp5
+vppctl exec /opt/pg_streams/stream_ipsec_udp6
+vppctl exec /opt/pg_streams/stream_ipsec_udp7
+vppctl exec /opt/pg_streams/stream_ipsec_udp8
+vppctl exec /opt/pg_streams/stream_ipsec_udp9
+vppctl exec /opt/pg_streams/stream_ipsec_udp10
+sleep 1
+
+# Start HoneyComb
+VERSION=$(cat /opt/config/demo_artifacts_version.txt)
+mkdir -p /var/lib/honeycomb/persist/{config,context}/
+echo "" > /var/lib/honeycomb/persist/context/data.json
+echo "" > /var/lib/honeycomb/persist/config/data.json
+/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown
+sleep 20
+
+# Enable traffic flows
+cd /opt
+chmod +x run_traffic_ipsec_demo.sh
+./run_traffic_ipsec_demo.sh &>/dev/null &disown
diff --git a/vnfs/vIPSEC/scripts/v_packetgen_install.sh b/vnfs/vIPSEC/scripts/v_packetgen_install.sh
new file mode 100755
index 00000000..1e35b768
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/v_packetgen_install.sh
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+NEXUS_ARTIFACT_REPO=$(cat /opt/config/nexus_artifact_repo.txt)
+DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt)
+if [[ "$DEMO_ARTIFACTS_VERSION" =~ "SNAPSHOT" ]]; then REPO=snapshots; else REPO=releases; fi
+INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt)
+CLOUD_ENV=$(cat /opt/config/cloud_env.txt)
+
+# Convert Network CIDR to Netmask
+cdr2mask () {
+ # Number of args to shift, 255..255, first non-255 byte, zeroes
+ set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
+ [ $1 -gt 1 ] && shift $1 || shift
+ echo ${1-0}.${2-0}.${3-0}.${4-0}
+}
+
+# OpenStack network configuration
+if [[ $CLOUD_ENV == "openstack" ]]
+then
+ echo 127.0.0.1 $(hostname) >> /etc/hosts
+
+ # Allow remote login as root
+ mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk
+ cp /home/ubuntu/.ssh/authorized_keys /root/.ssh
+
+ MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
+
+ IP=$(cat /opt/config/vpg_private_ip_0.txt)
+ BITS=$(cat /opt/config/protected_clientA_net_cidr.txt | cut -d"/" -f2)
+ NETMASK=$(cdr2mask $BITS)
+ echo "auto eth1" >> /etc/network/interfaces
+ echo "iface eth1 inet static" >> /etc/network/interfaces
+ echo " address $IP" >> /etc/network/interfaces
+ echo " netmask $NETMASK" >> /etc/network/interfaces
+ echo " mtu $MTU" >> /etc/network/interfaces
+
+ IP=$(cat /opt/config/vpg_private_ip_1.txt)
+ BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2)
+ NETMASK=$(cdr2mask $BITS)
+ echo "auto eth2" >> /etc/network/interfaces
+ echo "iface eth2 inet static" >> /etc/network/interfaces
+ echo " address $IP" >> /etc/network/interfaces
+ echo " netmask $NETMASK" >> /etc/network/interfaces
+ echo " mtu $MTU" >> /etc/network/interfaces
+
+ ifup eth1
+ ifup eth2
+fi
+
+# Download required dependencies
+echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
+echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
+apt-get update
+apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk gcc libcurl4-openssl-dev python-pip bridge-utils apt-transport-https ca-certificates
+pip install jsonschema
+
+# Download code for packet generator
+mkdir /opt/honeycomb
+cd /opt
+
+unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip v_packetgen_init.sh > /opt/v_packetgen_init.sh
+unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip vpacketgen.sh > /opt/vpacketgen.sh
+unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip run_traffic_ipsec_demo.sh > /opt/run_traffic_ipsec_demo.sh
+wget -O sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf&a=sample-distribution&c=hc&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION"
+wget -O vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz "${NEXUS_ARTIFACT_REPO}/service/local/artifact/maven/redirect?r=${REPO}&g=org.onap.demo.vnf.vipsec&a=vipsec_pg_streams&c=demo&e=tar.gz&v=$DEMO_ARTIFACTS_VERSION"
+
+tar -zmxvf sample-distribution-$DEMO_ARTIFACTS_VERSION-hc.tar.gz
+tar -zmxvf vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION-demo.tar.gz
+mv vipsec_pg_streams-$DEMO_ARTIFACTS_VERSION pg_streams
+mv sample-distribution-$DEMO_ARTIFACTS_VERSION honeycomb
+sed -i 's/"restconf-binding-address": "127.0.0.1",/"restconf-binding-address": "0.0.0.0",/g' honeycomb/sample-distribution-$DEMO_ARTIFACTS_VERSION/config/honeycomb.json
+rm *.tar.gz
+chmod +x v_packetgen_init.sh
+chmod +x vpacketgen.sh
+
+# Install VPP
+export UBUNTU="trusty"
+export RELEASE=".stable.1609"
+rm /etc/apt/sources.list.d/99fd.io.list
+echo "deb [trusted=yes] https://nexus.fd.io/content/repositories/fd.io$RELEASE.ubuntu.$UBUNTU.main/ ./" | sudo tee -a /etc/apt/sources.list.d/99fd.io.list
+apt-get update
+apt-get install -y vpp vpp-dpdk-dkms vpp-lib vpp-dbg vpp-plugins vpp-dev
+sleep 1
+
+# Install honeycomb restart script (workaround due to honeycomb file handle leak)
+cat > /etc/cron.hourly/honeycomb <<EOF
+#!/bin/bash
+VERSION=$(cat /opt/config/demo_artifacts_version.txt)
+pkill java
+/opt/honeycomb/sample-distribution-$VERSION/honeycomb &>/dev/null &disown
+EOF
+chmod +x /etc/cron.hourly/honeycomb
+
+# Run instantiation script
+cd /opt
+mv vpacketgen.sh /etc/init.d
+update-rc.d vpacketgen.sh defaults
+./v_packetgen_init.sh
diff --git a/vnfs/vIPSEC/scripts/v_sink_init.sh b/vnfs/vIPSEC/scripts/v_sink_init.sh
new file mode 100755
index 00000000..85c9073b
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/v_sink_init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Convert Network CIDR to Netmask
+cdr2mask () {
+ # Number of args to shift, 255..255, first non-255 byte, zeroes
+ set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
+ [ $1 -gt 1 ] && shift $1 || shift
+ echo ${1-0}.${2-0}.${3-0}.${4-0}
+}
+
+# Set the IP address of the protected network interface of the vIPsec as a default gateway to the unprotected network
+PROTECTED_NET_GW=$(cat /opt/config/protected_net_gw.txt)
+PROTECTED_NET_A=$(cat /opt/config/protected_net_A.txt | cut -d'/' -f1)
+BITS=$(cat /opt/config/protected_net_A.txt | cut -d"/" -f2)
+NETMASK=$(cdr2mask $BITS)
+
+route add -net $PROTECTED_NET_A netmask $NETMASK gw $PROTECTED_NET_GW
diff --git a/vnfs/vIPSEC/scripts/v_sink_install.sh b/vnfs/vIPSEC/scripts/v_sink_install.sh
new file mode 100755
index 00000000..a6f18790
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/v_sink_install.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt)
+CLOUD_ENV=$(cat /opt/config/cloud_env.txt)
+
+# Convert Network CIDR to Netmask
+cdr2mask () {
+ # Number of args to shift, 255..255, first non-255 byte, zeroes
+ set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
+ [ $1 -gt 1 ] && shift $1 || shift
+ echo ${1-0}.${2-0}.${3-0}.${4-0}
+}
+
+# OpenStack network configuration
+if [[ $CLOUD_ENV == "openstack" ]]
+then
+ echo 127.0.0.1 $(hostname) >> /etc/hosts
+
+ # Allow remote login as root
+ mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.bk
+ cp /home/ubuntu/.ssh/authorized_keys /root/.ssh
+
+ MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1)
+
+ IP=$(cat /opt/config/vsn_private_ip_0.txt)
+ BITS=$(cat /opt/config/protected_clientB_private_net_cidr.txt | cut -d"/" -f2)
+ NETMASK=$(cdr2mask $BITS)
+ echo "auto eth1" >> /etc/network/interfaces
+ echo "iface eth1 inet static" >> /etc/network/interfaces
+ echo " address $IP" >> /etc/network/interfaces
+ echo " netmask $NETMASK" >> /etc/network/interfaces
+ echo " mtu $MTU" >> /etc/network/interfaces
+
+ IP=$(cat /opt/config/vsn_private_ip_1.txt)
+ BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2)
+ NETMASK=$(cdr2mask $BITS)
+ echo "auto eth2" >> /etc/network/interfaces
+ echo "iface eth2 inet static" >> /etc/network/interfaces
+ echo " address $IP" >> /etc/network/interfaces
+ echo " netmask $NETMASK" >> /etc/network/interfaces
+ echo " mtu $MTU" >> /etc/network/interfaces
+
+ ifup eth1
+ ifup eth2
+fi
+
+# Download required dependencies
+echo "deb http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
+echo "deb-src http://ppa.launchpad.net/openjdk-r/ppa/ubuntu $(lsb_release -c -s) main" >> /etc/apt/sources.list.d/java.list
+apt-get update
+apt-get install --allow-unauthenticated -y make wget openjdk-8-jdk apt-transport-https ca-certificates darkstat
+
+# Configure and run Darkstat
+sed -i "s/START_DARKSTAT=.*/START_DARKSTAT=yes/g" /etc/darkstat/init.cfg
+sed -i "s/INTERFACE=.*/INTERFACE=\"-i eth1\"/g" /etc/darkstat/init.cfg
+/etc/init.d/darkstat start
+
+# Download scripts for virtual sink
+cd /opt
+unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip v_sink_init.sh > /opt/v_sink_init.sh
+unzip -p -j /opt/vipsec-scripts-$INSTALL_SCRIPT_VERSION.zip vsink.sh > /opt/vsink.sh
+chmod +x v_sink_init.sh
+chmod +x vsink.sh
+
+# Run instantiation script
+mv vsink.sh /etc/init.d
+update-rc.d vsink.sh defaults
+./v_sink_init.sh
diff --git a/vnfs/vIPSEC/scripts/vpacketgen.sh b/vnfs/vIPSEC/scripts/vpacketgen.sh
new file mode 100755
index 00000000..38770310
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/vpacketgen.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: packetgen
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start daemon at boot time
+# Description: Enable service provided by daemon.
+### END INIT INFO
+
+dir="/opt"
+cmd="./v_packetgen_init.sh"
+user="root"
+
+name=`basename $0`
+pid_file="/var/run/$name.pid"
+stdout_log="/var/log/$name.log"
+stderr_log="/var/log/$name.err"
+
+get_pid() {
+ cat "$pid_file"
+}
+
+is_running() {
+ [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ if is_running; then
+ echo "Already started"
+ else
+ echo "Starting $name"
+ cd "$dir"
+ if [ -z "$user" ]; then
+ sudo $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ else
+ sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ fi
+ echo $! > "$pid_file"
+ if ! is_running; then
+ echo "Unable to start, see $stdout_log and $stderr_log"
+ exit 1
+ fi
+ fi
+ ;;
+ stop)
+ if is_running; then
+ echo -n "Stopping $name.."
+ kill `get_pid`
+ for i in {1..10}
+ do
+ if ! is_running; then
+ break
+ fi
+
+ echo -n "."
+ sleep 1
+ done
+ echo
+
+ if is_running; then
+ echo "Not stopped; may still be shutting down or shutdown may have failed"
+ exit 1
+ else
+ echo "Stopped"
+ if [ -f "$pid_file" ]; then
+ rm "$pid_file"
+ fi
+ fi
+ else
+ echo "Not running"
+ fi
+ ;;
+ restart)
+ $0 stop
+ if is_running; then
+ echo "Unable to stop, will not attempt to start"
+ exit 1
+ fi
+ $0 start
+ ;;
+ status)
+ if is_running; then
+ echo "Running"
+ else
+ echo "Stopped"
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/vnfs/vIPSEC/scripts/vsink.sh b/vnfs/vIPSEC/scripts/vsink.sh
new file mode 100755
index 00000000..047f1df8
--- /dev/null
+++ b/vnfs/vIPSEC/scripts/vsink.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: sink
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start daemon at boot time
+# Description: Enable service provided by daemon.
+### END INIT INFO
+
+dir="/opt"
+cmd="./v_sink_init.sh"
+user="root"
+
+name=`basename $0`
+pid_file="/var/run/$name.pid"
+stdout_log="/var/log/$name.log"
+stderr_log="/var/log/$name.err"
+
+get_pid() {
+ cat "$pid_file"
+}
+
+is_running() {
+ [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ if is_running; then
+ echo "Already started"
+ else
+ echo "Starting $name"
+ cd "$dir"
+ if [ -z "$user" ]; then
+ sudo $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ else
+ sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" &
+ fi
+ echo $! > "$pid_file"
+ if ! is_running; then
+ echo "Unable to start, see $stdout_log and $stderr_log"
+ exit 1
+ fi
+ fi
+ ;;
+ stop)
+ if is_running; then
+ echo -n "Stopping $name.."
+ kill `get_pid`
+ for i in {1..10}
+ do
+ if ! is_running; then
+ break
+ fi
+
+ echo -n "."
+ sleep 1
+ done
+ echo
+
+ if is_running; then
+ echo "Not stopped; may still be shutting down or shutdown may have failed"
+ exit 1
+ else
+ echo "Stopped"
+ if [ -f "$pid_file" ]; then
+ rm "$pid_file"
+ fi
+ fi
+ else
+ echo "Not running"
+ fi
+ ;;
+ restart)
+ $0 stop
+ if is_running; then
+ echo "Unable to stop, will not attempt to start"
+ exit 1
+ fi
+ $0 start
+ ;;
+ status)
+ if is_running; then
+ echo "Running"
+ else
+ echo "Stopped"
+ exit 1
+ fi
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit 0