diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/docs_vfw.rst | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/docs/docs_vfw.rst b/docs/docs_vfw.rst index 87658a3cc..010fb4ac3 100644 --- a/docs/docs_vfw.rst +++ b/docs/docs_vfw.rst @@ -22,18 +22,18 @@ VVP Report Description ~~~~~~~~~~~ -The use case is composed of three virtual functions (VFs): packet generator, firewall, and traffic sink. -These VFs run in three separate VMs. The packet generator sends packets to the packet sink through the firewall. -The firewall reports the volume of traffic passing though to the ONAP DCAE collector. To check the traffic volume -that lands at the sink VM, you can access the link http://sink_ip_address:667 through your browser and enable +The use case is composed of three virtual functions (VFs): packet generator, firewall, and traffic sink. +These VFs run in three separate VMs. The packet generator sends packets to the packet sink through the firewall. +The firewall reports the volume of traffic passing though to the ONAP DCAE collector. To check the traffic volume +that lands at the sink VM, you can access the link http://sink_ip_address:667 through your browser and enable automatic page refresh by clicking the "Off" button. You can see the traffic volume in the charts. -The packet generator includes a script that periodically generates different volumes of traffic. The closed-loop +The packet generator includes a script that periodically generates different volumes of traffic. The closed-loop policy has been configured to re-adjust the traffic volume when high-water or low-water marks are crossed. -Since Casablanca, we have used a vFWCL service tag for this testing instead of the vFW service tag. vFW servic tag -is a regression for onboard and instantiation of a single VNF service (all three VMs in the same VNF) where as the -vFWCL is a two VNF service (vFW+ vSNK and separeate vPKG) +Since Casablanca, we have used a vFWCL service tag for this testing instead of the vFW service tag. vFW servic tag +is a regression for onboard and instantiation of a single VNF service (all three VMs in the same VNF) where as the +vFWCL is a two VNF service (vFW+ vSNK and separeate vPKG) ./demo-k8s.sh onap instantiateVFWCL can be used to onboard and instantiate a vFWCL via robot scripts or follow the procedure to use the GUI that is available in the documentation. @@ -41,23 +41,23 @@ vFWCL is a two VNF service (vFW+ vSNK and separeate vPKG) Closed-Loop for vFirewall Use Case ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Through the ONAP Portal's Policy Portal, we can find the configuration and operation policies that are currently +Through the ONAP Portal's Policy Portal, we can find the configuration and operation policies that are currently enabled for the vFirewall use case: - The configuration policy sets the thresholds for generating an onset event from DCAE to the Policy engine. Currently, the high-water mark is set to 700 packets while the low-water mark is set to 300 packets. The measurement interval is set to 10 seconds. - When a threshold is crossed (i.e. the number of received packets is below 300 packets or above 700 packets per 10 seconds), the Policy engine executes the operational policy to request APPC to adjust the traffic volume to 500 packets per 10 seconds. -- APPC sends a request to the packet generator to adjust the traffic volume. +- APPC sends a request to the packet generator to adjust the traffic volume. - Changes to the traffic volume can be observed through the link http://sink_ip_address:667. Adjust packet generator ~~~~~~~~~~~~~~~~~~~~~~~ -The packet generator contains 10 streams: fw_udp1, fw_udp2, fw_udp3, ..., fw_udp10. Each stream generates 100 packets -per 10 seconds. A script in /opt/run_traffic_fw_demo.sh on the packet generator VM starts automatically and alternates high +The packet generator contains 10 streams: fw_udp1, fw_udp2, fw_udp3, ..., fw_udp10. Each stream generates 100 packets +per 10 seconds. A script in /opt/run_traffic_fw_demo.sh on the packet generator VM starts automatically and alternates high traffic (i.e. 10 active streams at the same time) and low traffic (1 active stream) every 5 minutes. -To adjust the traffic volume produced by the packet generator, run the following command in a shell, replacing PacketGen_IP in +To adjust the traffic volume produced by the packet generator, run the following command in a shell, replacing PacketGen_IP in the HTTP argument with localhost (if you run it in the packet generator VM) or the packet generator IP address: :: @@ -79,20 +79,20 @@ The command above enables 5 streams. Preconditions -~~~~~~~~~~~~ +~~~~~~~~~~~~~ -The control loop name in DCAE's TCA micro-service needs to match the Operational Policy control loop name. +The control loop name in DCAE's TCA micro-service needs to match the Operational Policy control loop name. Due to timing robot scripts that setup the operational policy do not change the control loop name in DCAE. Do the following to update DCAE's consul entry for TCA to match the name assigned by robot to the operational -policy. The control loop name generated by policy can be viewed in the log.html page on robot from the +policy. The control loop name generated by policy can be viewed in the log.html page on robot from the instantiateVFWCL. -- Connect to Consul: http://<k8s_host_ip>/ui/#/dc1/services (change the IP based on the K8S cluster IP assignment) +- Connect to Consul: http://<k8s_host_ip>:30270/ui/#/dc1/services (change the IP based on the K8S cluster IP assignment) - Click Key/Value on the bar at the top of the Consul menu -- Select “dcaegen2-analytics-tca” microservice from the list on the left +- Select "dcae-tca-analytics" microservice from the list on the left - Search for "closedLoopControlName" key in the configuration policy JSON object -- Replace the standard closed loop name with the one generated by robot -- Click “Update” button to update the configuration policy +- Replace the standard ControlLoop-vFirewall-* closed loop names with the one generated by robot +- Click "Update" button to update the configuration policy Running the Use Case ~~~~~~~~~~~~~~~~~~~~ @@ -119,4 +119,3 @@ Policy can lock the target VNF if there are too many failed attempts due to mis- :: http://<k8s-host>:30227/events/unauthenticated.DCAE_CL_OUTPUT/g1/c3?timeout=5000 - |