1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
tosca_definitions_version: tosca_simple_yaml_1_0_0
metadata:
template_name: Main
imports:
- openecomp_heat_index:
file: openecomp-heat/_index.yml
- GlobalSubstitutionTypes:
file: GlobalSubstitutionTypesServiceTemplate.yaml
topology_template:
inputs:
protected_net:
hidden: false
immutable: false
type: string
service_policy_name:
hidden: false
immutable: false
type: string
description: Policy Name
default: MNS-25180-L-02Shared_policy_direct_fw_protected_oam_1
oam_direct_net_id:
hidden: false
immutable: false
type: string
description: Name of private network to be created
st_static_routes_list:
hidden: false
immutable: false
type: string
description: List of static routes enabled-disabled
default: True,True,True,True
st_type:
hidden: false
immutable: false
type: string
description: service type
default: firewall
st_service_interface_type_list:
hidden: false
immutable: false
type: string
description: List of interface types
default: management,left,right,other
oam_protected_net_id:
hidden: false
immutable: false
type: string
description: Name of private network to be created
st_mode:
hidden: false
immutable: false
type: string
description: service mode
default: in-network-nat
static_prefix_3_1:
hidden: false
immutable: false
type: string
description: prefix for static route
default: 107.239.80.0/21
oam_hsl_net_id:
hidden: false
immutable: false
type: string
description: Name of private network to be created
start_dst_ports:
hidden: false
immutable: false
type: float
description: Start of dst port
default: -1
st_scaling:
hidden: false
immutable: false
type: string
description: Indicates whether service scaling is enabled
default: 'True'
service_instance_name:
hidden: false
immutable: false
type: string
description: service instance name
max_num_fw_instances:
hidden: false
immutable: false
type: float
description: maximum number of firewall instances for scaling
default: 8
start_src_ports:
hidden: false
immutable: false
type: float
description: Start of src port
default: -1
availability_zone:
hidden: false
immutable: false
type: string
description: availability zone in form of Zone:Host
service_policy_direction:
hidden: false
immutable: false
type: string
description: Direction of Policy
default: <>
st_flavor_name:
hidden: false
immutable: false
type: string
description: Flavor
default: lc.medium
st_name:
hidden: false
immutable: false
type: string
description: service template name or ID
default: MNS-25180-L-02Shared_oam_fw_template_1
st_availability_zone_enable_flag:
hidden: false
immutable: false
type: string
description: service template availablity_zone feature enable flag
default: 'True'
st_image:
hidden: false
immutable: false
type: string
description: Name of the image
default: NIMBUS_SRX_151X49-D303
st_shared_ip_list:
hidden: false
immutable: false
type: string
description: List of shared ip enabled-disabled
default: False,True,False,False
oam_mgmt_net_id:
hidden: false
immutable: false
type: string
description: Name of private network to be created
end_src_ports:
hidden: false
immutable: false
type: float
description: End of src port
default: -1
end_dst_ports:
hidden: false
immutable: false
type: float
description: End of dst port
default: -1
node_templates:
service_instance:
type: org.openecomp.resource.abstract.nodes.heat.service_template
directives:
- substitutable
properties:
availability_zone:
get_input: availability_zone
static_routes_list:
- token:
- false;false;false;false
- ;
- 0
- token:
- false;false;false;false
- ;
- 1
- token:
- false;false;false;false
- ;
- 2
- token:
- false;false;false;false
- ;
- 3
availability_zone_enable:
get_input: st_availability_zone_enable_flag
service_template_name:
get_input: st_name
ordered_interfaces: true
flavor:
get_input: st_flavor_name
image_name:
get_input: st_image
service_template_filter:
substitute_service_template: lcp1_mss.oam-fw_si_service_instanceServiceTemplate.yaml
count: 5
scaling_enabled:
get_input: st_scaling
mandatory: true
service_type:
get_input: st_type
service_interface_type_list:
- token:
- get_input: st_service_interface_type_list
- ','
- 0
- token:
- get_input: st_service_interface_type_list
- ','
- 1
- token:
- get_input: st_service_interface_type_list
- ','
- 2
- token:
- get_input: st_service_interface_type_list
- ','
- 3
service_instance_name:
get_input: service_instance_name
interface_list:
- virtual_network:
get_input: oam_mgmt_net_id
- virtual_network:
get_input: oam_protected_net_id
- static_routes:
- prefix:
get_input: static_prefix_3_1
virtual_network:
get_input: oam_direct_net_id
- virtual_network:
get_input: oam_hsl_net_id
service_mode:
get_input: st_mode
shared_ip_list:
- true
- true
- false
- false
service_policy:
type: org.openecomp.resource.vfc.rules.nodes.heat.network.contrail.NetworkRules
properties:
entries:
policy_rule:
- src_ports:
- start_port:
get_input: start_src_ports
end_port:
get_input: end_src_ports
protocol: any
action_list:
apply_service:
- service_instance
dst_addresses:
- virtual_network:
get_input: oam_direct_net_id
dst_ports:
- start_port:
get_input: start_dst_ports
end_port:
get_input: end_dst_ports
src_addresses:
- virtual_network:
get_input: protected_net
direction:
get_input: service_policy_direction
name:
get_input: service_policy_name
requirements:
- dependency:
capability: tosca.capabilities.Node
node: service_instance
relationship: tosca.relationships.DependsOn
groups:
lcp1_mss.oam-fw_si_group:
type: org.openecomp.groups.heat.HeatStack
properties:
heat_file: ../Artifacts/lcp1_mss.oam-fw_si.yaml
description: |
Version 2.0 10-14-2015 (Authors: Art Mishurov,am254u & Johhny Chen, jc3066) - HOT-OAM-FW-SI template that creates two OAM networks (direct and protected) with a scaled out firewall service between the two.
members:
- service_instance
- service_policy
|