1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
|
# Heat template which intstantiates an B side Perimeta SSC instance with
# 6 vNICs.
#
# This is designed to be included in a higher level template.
#
# This template puts the Perimeta configuration in place using userdata
# injected via OpenStack's ConfigDrive mechanism.
#
# Host anti-affinity is achieved using different availability zones for
# the Perimeta instance or server group anti-affinity if they are in the
# same availability zone.
#
# Template requires Juno or above and has been tested on Kilo.
#
heat_template_version: 2014-10-16
description: >
HOT template to instantiate an B side Perimeta SSC instance with 6 vNICs as part of a nested template
parameters:
vnf_name:
type: string
description: Unique name for this VNF instance
vnf_id:
type: string
description: VNF ID of this deployment
vm_role:
type: string
description: Role of these VMs
vf_module_id:
type: string
description: Unique ID for this VF Module instance
ssc_b_name_0:
type: string
description: Name of Perimeta VM B instance
perimeta_image_name:
type: string
description: Glance image for Perimeta instance
perimeta_flavor_name:
type: string
description: Flavor to use for creating VM instances
perimeta_keypair:
type: string
description: Keypair to use for accessing this Perimeta instance
availability_zone_1:
# Can be commented out along with references if always using a single availability zone
type: string
description: Availability zone for B instances. May be the same as A instance.
mgmt_net_id:
type: string
description: Management network id
ssc_mgmt_vip_0:
type: string
description: Management virtual IP address.
ssc_b_mgmt_ip_0:
type: string
description: Fixed IP address to use as management IP of B instance.
int_ha_net_id:
type: string
description: HA network id
int_ha_network_plen:
# Constraint copied from base module
type: number
description: Prefix length of subnet associated with internal HA network
constraints:
- range: { min: 0, max: 31 }
description: int_ha_network_plen must be between 0 and 31
ssc_b_int_ha_ip_0:
type: string
description: Fixed IP address to use as HA IP of B instance.
ssc_a_int_ha_ip_0:
type: string
description: Fixed IP address to use as HA IPs of A instance.
trusted_net_id:
type: string
description: Trusted/core network UUID
ssc_trusted_vip_0:
type: string
description: Trusted/core virtual IP address.
ssc_b_trusted_ip_0:
type: string
description: Fixed IP address to use as Trusted/core fixed IPs of B instance.
perimeta_sec_groups:
type: comma_delimited_list
description: List of security groups to add on trusted interfaces.
ssc_untrusted_vip_0:
type: string
description: Untrusted/access virtual IP address
ssc_untrusted_v6_vip_0:
type: string
description: Untrusted/access alternate virtual IP address
ssc_b_untrusted_ip_0:
type: string
description: Fixed IP address to use as Untrusted/access fixed IP of B instance.
ssc_b_untrusted_v6_ip_0:
type: string
description: Fixed IP address to use as Untrusted/access alternate fixed IP of B instance.
int_untrusted_parent_net_id:
type: string
description: internal Untrusted/access parent network id
ssc_untrusted_parent_vip_0:
type: string
description: Untrusted/access parent virtual IP address
ssc_b_untrusted_parent_ip_0:
type: string
description: Fixed IP address to use as Untrusted/access fixed IP of B parent instance.
perimeta_untrusted_num_vlans:
# constraint copied from parent module
type: number
description: number of VLANs to connect to the untrusted/access interface
constraints:
- range: { min: 1, max: 1001 }
description: perimeta_untrusted_num_vlans (number of VLANs to connect to the untrusted/access interface) must be between 1 and 1001
perimeta_untrusted_vlan_ids:
type: comma_delimited_list
description: List of VLAN IDs to use on the untrusted/access network
perimeta_untrusted_vlan_networks:
type: comma_delimited_list
description: List of Contrail VLAN networks to use on the untrusted/access network. The order and number of these must match the VLAN ID list.
unused_port_net_id:
type: string
description: Service network unused port network UUID
ssc_rf_vip_0:
type: string
description: RF virtual IP address to use for SSC.
ssc_b_rf_ip_0:
type: string
description: RF fixed IP address to use for SSC B.
perimeta_server_group:
type: string
description: Server group to use for these VMs
resources:
# Perimeta management ports
perimeta_ssc_b_mgmt_0_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_mgmt_0_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: mgmt_net_id }
fixed_ips:
- ip_address: { get_param: ssc_b_mgmt_ip_0 }
security_groups: { get_param: perimeta_sec_groups }
allowed_address_pairs:
- ip_address: { get_param: ssc_mgmt_vip_0 }
# Perimeta HA ports
perimeta_ssc_b_ha_0_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_ha_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: int_ha_net_id }
fixed_ips:
- ip_address: { get_param: ssc_b_int_ha_ip_0 }
security_groups: { get_param: perimeta_sec_groups }
# Perimeta Trusted/core service network ports
#
# Dual stack core network
# - if only IPv4 required comment out second entry in fixed_ips and allowed_addess_pairs parameters.
# - if only IPv6 required comment out first entry in fixed_ips and allowed_addess_pairs parameters.
perimeta_ssc_b_trusted_0_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_trusted_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: trusted_net_id }
fixed_ips:
- ip_address: { get_param: ssc_b_trusted_ip_0 }
security_groups: { get_param: perimeta_sec_groups }
allowed_address_pairs:
- ip_address: { get_param: ssc_trusted_vip_0 }
# Perimeta Untrusted/access service network ports
# VLAN being used on this service interface.
# The parent network port is used to anchor the VLANs and is not used to
# route actual traffic for the service interface. This means that we can
# create a dummy network in the base module and use that instead of the
# real untrusted network
perimeta_ssc_b_untrusted_parent_0_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_untrusted_parent_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: int_untrusted_parent_net_id }
fixed_ips:
- ip_address: { get_param: ssc_b_untrusted_parent_ip_0 }
security_groups: { get_param: perimeta_sec_groups }
allowed_address_pairs:
- ip_address: { get_param: ssc_untrusted_parent_vip_0 }
# Contrail VLAN subinterfaces
perimeta_ssc_b_untrusted_0_vlan_ports:
type: OS::Heat::ResourceGroup
properties:
count: { get_param: perimeta_untrusted_num_vlans }
resource_def:
type: vlan_subinterface_dual.yaml
properties:
perimeta_subinterface_instance_index: "%index%"
perimeta_subinterface_name_prefix:
str_replace:
template: $VNF_NAME_$VM_untrusted_port_vlan
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
perimeta_parent_interface: { get_resource: perimeta_ssc_b_untrusted_parent_0_port }
perimeta_mac_address: { get_attr: [ perimeta_ssc_b_untrusted_parent_0_port, mac_address ] }
perimeta_ip_0: { get_param: ssc_b_untrusted_ip_0 }
perimeta_v6_ip_0: { get_param: ssc_b_untrusted_v6_ip_0 }
perimeta_vip_0: { get_param: ssc_untrusted_vip_0 }
perimeta_v6_vip_0: { get_param: ssc_untrusted_v6_vip_0 }
perimeta_vlan_ids: { get_param: perimeta_untrusted_vlan_ids }
perimeta_vlan_networks: { get_param: perimeta_untrusted_vlan_networks }
# Perimeta Rf service network ports
#
# This uses the management network and is IPv4 only
perimeta_ssc_b_mgmt_1_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_mgmt_1_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: mgmt_net_id }
fixed_ips:
- ip_address: { get_param: ssc_b_rf_ip_0 }
security_groups: { get_param: perimeta_sec_groups }
allowed_address_pairs:
- ip_address: { get_param: ssc_rf_vip_0 }
# need the unused port to balance out the NICs
perimeta_ssc_b_unused_0_port:
type: OS::Neutron::Port
properties:
name:
str_replace:
template: $VNF_NAME_$VM_unused_port
params:
$VNF_NAME : { get_param: vnf_name }
$VM: { get_param: ssc_b_name_0 }
network: { get_param: unused_port_net_id }
# Add any additional service ports here.
perimeta_ssc_b_server_0:
type: OS::Nova::Server
properties:
name: { get_param: ssc_b_name_0 }
image: { get_param: perimeta_image_name }
flavor: { get_param: perimeta_flavor_name }
key_name: { get_param: perimeta_keypair }
scheduler_hints: { group: { get_param: perimeta_server_group } }
metadata:
'vnf_name': { get_param: vnf_name }
'vnf_id': { get_param: vnf_id }
'vm_role':
str_replace:
template: $ROLE_b
params:
$ROLE: { get_param: vm_role }
'vf_module_id': { get_param: vf_module_id }
'msw_template_version': '17.07.04 - 2017-09-01'
networks:
- port: { get_resource: perimeta_ssc_b_mgmt_0_port }
- port: { get_resource: perimeta_ssc_b_ha_0_port }
- port: { get_resource: perimeta_ssc_b_trusted_0_port }
- port: { get_resource: perimeta_ssc_b_untrusted_parent_0_port }
- port: { get_resource: perimeta_ssc_b_mgmt_1_port }
- port: { get_resource: perimeta_ssc_b_unused_0_port }
availability_zone: { get_param: availability_zone_1 }
config_drive: True
user_data_format: RAW
user_data:
str_replace:
template: |
{
"vnic_assignment": {
"IBG1mgmt": {"mac": "$MGMT_MACADDR"},
"IPG1": {"mac": "$HA_MACADDR"},
"RPG1": {"mac": "$TRUSTED_MACADDR"},
"RPG2": {"mac": "$UNTRUSTED_MACADDR"},
"RPG3": {"mac": "$SERV3_MACADDR"},
"RPG4": {"mac": "$SERV4_MACADDR"}
},
"ip_ha_local": "$LOCAL_HA_IP_ADDR",
"ip_ha_remote": "$REMOTE_HA_IP_ADDR",
"ip_ha_plen": "$HA_NETWORK_PLEN"
}
params:
$MGMT_MACADDR: { get_attr: [perimeta_ssc_b_mgmt_0_port, mac_address] }
$HA_MACADDR: { get_attr: [perimeta_ssc_b_ha_0_port, mac_address] }
$TRUSTED_MACADDR: { get_attr: [perimeta_ssc_b_trusted_0_port, mac_address] }
$UNTRUSTED_MACADDR: { get_attr: [perimeta_ssc_b_untrusted_parent_0_port, mac_address] }
$SERV3_MACADDR: { get_attr: [perimeta_ssc_b_mgmt_1_port, mac_address] }
$SERV4_MACADDR: { get_attr: [perimeta_ssc_b_unused_0_port, mac_address] }
$LOCAL_HA_IP_ADDR: { get_param: ssc_b_int_ha_ip_0 }
$REMOTE_HA_IP_ADDR: { get_param: ssc_a_int_ha_ip_0 }
$HA_NETWORK_PLEN: { get_param: int_ha_network_plen }
|