1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
|
heat_template_version: 2015-04-30
#FIRSTNET - FW -FGI// Contrail 3.0 Version 2 Template
#AUTHORS: Rajesh Anne (ja702x)
description: >
HOT template to create SecurityGroup//ServerGroup//ServiceTemplate:
#####################
parameters:
#####################
## GLOBAL//Basic Parameters
## OPENECOMP VNF//VM Parameters
vnf_name:
type: string
description: Unique name for this VF instance
# For manual spinups, value must be in the ENV file. Must be removed from ENV before uploading to ASDC
domain:
type: string
description: domain for the ServiceTemplate
# For manual spinups, value must be in the ENV file. Must be removed from ENV before uploading to ASDC
vnf_id:
type: string
description: Unique ID for this VF instance
# For manual spinups, value must be in the ENV file. Must be removed from ENV before uploading to ASDC
vf_module_id:
type: string
description: Unique ID for this VF Module instance
# For manual spinups, value must be in the ENV file. Must be removed from ENV before uploading to ASDC
vf_module_name:
type: string
description: Unique name for this VF Module instance
# For manual spinups, value must be in the ENV file. Must be removed from ENV before uploading to ASDC
## GLOBAL//Network Parameters
sgi_protected_interface_type:
type: string
description: service_interface_type for ServiceInstance
sgi_direct_interface_type:
type: string
description: service_interface_type for ServiceInstance
oam_protected_net_fqdn:
type: string
description: fq_name for the VirtualNetwork
sgi_protected_net_dummy:
type: string
description: name for the VirtualNetwork
sgi_protected_net_dummy1:
type: string
description: name for the VirtualNetwork
sgi_protected_net_dummy_fqdn:
type: string
description: fq_name for the VirtualNetwork
sgi_direct_net_fqdn:
type: string
description: fq_name for the VirtualNetwork
nimbus_hsl_net_fqdn:
type: string
description: fq_name for the VirtualNetwork
oam_protected_interface_type:
type: string
description: service_interface_type for ServiceInstance
nimbus_hsl_interface_type:
type: string
description: service_interface_type for ServiceInstance
## PT//PortTuple Parameters
cgi_fw_pt_vlan_VM1_name_fqdn:
type: json
description: fqdn of the ServiceInstance in PortTuple Resource
cgi_fw_pt_vlan_VM2_name_fqdn:
type: json
description: fqdn of the ServiceInstance in PortTuple Resource
## ST//ServiceTemplate Parameters
cgi_fw_st_version:
type: number
description: version for the ServiceTemplate
constraints:
- range: { min: 0, max: 99 }
description: Must be a number between 0 and 99
cgi_fw_st_mode:
type: string
description: service_mode for the ServiceTemplate
cgi_fw_st_type:
type: string
description: service_type for the ServiceTemplate
cgi_fw_st_virtualization_type:
type: string
description: service_virtualization_type for the ServiceTemplate
## VMI//VirtualMachineInterface ECMP Parameters
cgi_fw_vmi_ecmp_configured:
type: boolean
description: hashing_configured for the VirtualMachineInterface
cgi_fw_vmi_ecmp_src_ip:
type: boolean
description: source_ip for the VirtualMachineInterface
cgi_fw_vmi_ecmp_dst_ip:
type: boolean
description: destination_ip for the VirtualMachineInterface
cgi_fw_vmi_ecmp_ip_protocol:
type: boolean
description: ip_protocol for the VirtualMachineInterface
cgi_fw_vmi_ecmp_src_port:
type: boolean
description: source_port for the VirtualMachineInterface
cgi_fw_vmi_ecmp_dst_port:
type: boolean
description: destination_port for the VirtualMachineInterface
## II//InstanceIp
sgi_direct_family_v6:
type: string
description: IP Family Address for InstanceIp
sgi_direct_subnet_id:
type: string
description: Subnet UUID for InstanceIp
sgi_direct_ipv6_subnet_id:
type: string
description: Subnet UUID for InstanceIp
## VM//NovaServer Parameters
cgi_fw_image_name:
type: string
description: image_name for the ServiceInstance VM
cgi_fw_flavor_name:
type: string
description: flavor for the ServiceInstance VM
availability_zone_0:
type: string
description: availability_zone for the ServiceInstance
availability_zone_1:
type: string
description: availability_zone for the ServiceInstance
cgi_fw_names:
type: comma_delimited_list
label: Firewall VM Name
description: Comma Delimited List of Names for ServiceInstance VMs
cgi_fw_oam_protected_ips:
type: comma_delimited_list
description: the ips of the management network for CGI FW
contrail_vmi_subinterface:
type: string
port_name:
type: string
subinterface_name_prefix:
type: string
#####################
resources:
#####################
## RSG//Resource:SecurityGroup
CGI_FW_RSG_SI_1:
type: OS::Neutron::SecurityGroup
properties:
description: Security Group of CGI FW ServiceInstance
name:
str_replace:
template: VNF_NAME_sg_cgi_fw
params:
VNF_NAME: { get_param: vnf_name }
rules:
- {"direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "udp", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "132", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "icmp", "ethertype": "IPv4"}
- {"direction": "egress", "remote_ip_prefix": "::/0", "protocol": "tcp", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "::/0", "protocol": "udp", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "::/0", "protocol": "132", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "egress", "remote_ip_prefix": "::/0", "protocol": "58", "ethertype": "IPv6"}
- {"direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "udp", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "132", "ethertype": "IPv4", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "icmp", "ethertype": "IPv4"}
- {"direction": "ingress", "remote_ip_prefix": "::/0", "protocol": "tcp", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "::/0", "protocol": "udp", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "::/0", "protocol": "132", "ethertype": "IPv6", "port_range_max": 65535, "port_range_min": 0}
- {"direction": "ingress", "remote_ip_prefix": "::/0", "protocol": "58", "ethertype": "IPv6"}
## RAG//Resource:Anti-Affinity Group
CGI_FW_RAG:
type: OS::Nova::ServerGroup
properties:
name:
str_replace:
template: VNF_NAME_srg_cgi_fw
params:
VNF_NAME: { get_param: vnf_name }
policies:
- anti-affinity
## RST//Resource:ServiceTemplate
CGI_FW_RST_1:
type: OS::ContrailV2::ServiceTemplate
properties:
domain: { get_param: domain }
name:
str_replace:
template: VNF_NAME_st_cgi_fw
params:
VNF_NAME: { get_param: vnf_name }
service_template_properties:
service_template_properties_version: { get_param: cgi_fw_st_version }
service_template_properties_service_mode: { get_param: cgi_fw_st_mode }
service_template_properties_service_type: { get_param: cgi_fw_st_type }
service_template_properties_service_virtualization_type: { get_param: cgi_fw_st_virtualization_type }
service_template_properties_interface_type:
- service_template_properties_interface_type_service_interface_type: { get_param: sgi_protected_interface_type }
- service_template_properties_interface_type_service_interface_type: { get_param: sgi_direct_interface_type }
## RVMI//Resource:VirtualMachineInterface
#### CGI_FW VirtualMachineInterface for 1st Interface // MGMT // oam_protected_NET_1
CGI_FW_OAM_PROTECTED_RVMI_1:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_1
params:
VM_NAME: { get_param: [ cgi_fw_names,0 ] }
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: oam_protected_interface_type }
virtual_network_refs:
- get_param: oam_protected_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
CGI_FW_OAM_PROTECTED_RVMI_2:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_1
params:
VM_NAME: { get_param: [ cgi_fw_names,1 ] }
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: oam_protected_interface_type }
virtual_network_refs:
- get_param: oam_protected_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
#### CGI_FW VirtualMachineInterface for 2nd Interface // LEFT // PROTECTED_NET_1 (ServiceChain)
CGI_FW_SGI_PROTECTED_RVMI_DUMMY_1:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_dummy
params:
VM_NAME: { get_param: [ cgi_fw_names,0 ] }
virtual_network_refs:
- get_param: sgi_protected_net_dummy_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
CGI_FW_SGI_PROTECTED_RVMI_DUMMY_2:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_dummy
params:
VM_NAME: { get_param: [ cgi_fw_names,1 ] }
virtual_network_refs:
- get_param: sgi_protected_net_dummy_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
#### CGI_FW VirtualMachineInterface for 3rd Interface // RIGHT // DIRECT_NET_1 (ServiceChain)
CGI_FW_SGI_DIRECT_RVMI_1:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_3
params:
VM_NAME: { get_param: [ cgi_fw_names,0 ] }
ecmp_hashing_include_fields:
ecmp_hashing_include_fields_hashing_configured:
get_param: cgi_fw_vmi_ecmp_configured
ecmp_hashing_include_fields_source_ip:
get_param: cgi_fw_vmi_ecmp_src_ip
ecmp_hashing_include_fields_destination_ip:
get_param: cgi_fw_vmi_ecmp_dst_ip
ecmp_hashing_include_fields_ip_protocol:
get_param: cgi_fw_vmi_ecmp_ip_protocol
ecmp_hashing_include_fields_source_port:
get_param: cgi_fw_vmi_ecmp_src_port
ecmp_hashing_include_fields_destination_port:
get_param: cgi_fw_vmi_ecmp_dst_port
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: sgi_direct_interface_type }
port_tuple_refs: { get_param: cgi_fw_pt_vlan_VM1_name_fqdn }
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
CGI_FW_SGI_DIRECT_RVMI_2:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_3
params:
VM_NAME: { get_param: [ cgi_fw_names,1 ] }
ecmp_hashing_include_fields:
ecmp_hashing_include_fields_hashing_configured:
get_param: cgi_fw_vmi_ecmp_configured
ecmp_hashing_include_fields_source_ip:
get_param: cgi_fw_vmi_ecmp_src_ip
ecmp_hashing_include_fields_destination_ip:
get_param: cgi_fw_vmi_ecmp_dst_ip
ecmp_hashing_include_fields_ip_protocol:
get_param: cgi_fw_vmi_ecmp_ip_protocol
ecmp_hashing_include_fields_source_port:
get_param: cgi_fw_vmi_ecmp_src_port
ecmp_hashing_include_fields_destination_port:
get_param: cgi_fw_vmi_ecmp_dst_port
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: sgi_direct_interface_type }
port_tuple_refs: { get_param: cgi_fw_pt_vlan_VM2_name_fqdn }
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
#### CGI_FW VirtualMachineInterface for 4th Interface // OTHER // HSL_NET_1
CGI_FW_NIMBUS_HSL_RVMI_1:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_4
params:
VM_NAME: { get_param: [ cgi_fw_names,0 ] }
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: nimbus_hsl_interface_type }
virtual_network_refs:
- get_param: nimbus_hsl_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
CGI_FW_NIMBUS_HSL_RVMI_2:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_vmi_4
params:
VM_NAME: { get_param: [ cgi_fw_names,1 ] }
virtual_machine_interface_properties:
virtual_machine_interface_properties_service_interface_type: { get_param: nimbus_hsl_interface_type }
virtual_network_refs:
- get_param: nimbus_hsl_net_fqdn
security_group_refs:
- get_resource: CGI_FW_RSG_SI_1
## RII//Resource:InstanceIp
#### CGI_FW InstanceIp for 1st Interface // MGMT // oam_protected_NET_1
CGI_FW_OAM_PROTECTED_RII_1:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_OAM_PROTECTED_RVMI_1
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_OAM_PROTECTED_RVMI_1
virtual_network_refs:
- get_param: oam_protected_net_fqdn
instance_ip_address: { get_param: [cgi_fw_oam_protected_ips,0 ] }
CGI_FW_OAM_PROTECTED_RII_2:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_OAM_PROTECTED_RVMI_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_OAM_PROTECTED_RVMI_2
virtual_network_refs:
- get_param: oam_protected_net_fqdn
instance_ip_address: { get_param: [cgi_fw_oam_protected_ips,1 ] }
#### CGI_FW InstanceIp for 2nd Interface // DUMMY // PROTECTED_NET_1
CGI_FW_SGI_PROTECTED_RII_DUMMY_1:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_PROTECTED_RVMI_DUMMY_1
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_1
virtual_network_refs:
- get_param: sgi_protected_net_dummy_fqdn
CGI_FW_SGI_PROTECTED_RII_DUMMY_2:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_PROTECTED_RVMI_DUMMY_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_2
virtual_network_refs:
- get_param: sgi_protected_net_dummy_fqdn
#### CGI_FW InstanceIp for 3rd Interface // RIGHT // DIRECT_NET_1
CGI_FW_SGI_DIRECT_RII_1:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_DIRECT_RVMI_1
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_DIRECT_RVMI_1
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
subnet_uuid: { get_param: sgi_direct_subnet_id }
CGI_FW_SGI_DIRECT_RII_2:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_DIRECT_RVMI_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_DIRECT_RVMI_2
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
subnet_uuid: { get_param: sgi_direct_subnet_id }
#### CGI_FW InstanceIp for 3rd Interface v6 // RIGHT // DIRECT_NET_1
CGI_FW_SGI_DIRECT_V6_RII_1:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_DIRECT_RVMI_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_DIRECT_RVMI_1
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
subnet_uuid: { get_param: sgi_direct_ipv6_subnet_id }
instance_ip_family: { get_param: sgi_direct_family_v6 }
CGI_FW_SGI_DIRECT_V6_RII_2:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_SGI_DIRECT_RVMI_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_SGI_DIRECT_RVMI_2
virtual_network_refs:
- get_param: sgi_direct_net_fqdn
subnet_uuid: { get_param: sgi_direct_ipv6_subnet_id }
instance_ip_family: { get_param: sgi_direct_family_v6 }
#### CGI_FW InstanceIp for 4th Interface // OTHER // HSL_NET_1
CGI_FW_NIMBUS_HSL_RII_1:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_NIMBUS_HSL_RVMI_1
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_NIMBUS_HSL_RVMI_1
virtual_network_refs:
- get_param: nimbus_hsl_net_fqdn
CGI_FW_NIMBUS_HSL_RII_2:
type: OS::ContrailV2::InstanceIp
depends_on:
- CGI_FW_NIMBUS_HSL_RVMI_2
properties:
virtual_machine_interface_refs:
- get_resource: CGI_FW_NIMBUS_HSL_RVMI_2
virtual_network_refs:
- get_param: nimbus_hsl_net_fqdn
## RNS//Resource:NovaServer
#### CGI_FW ServiceInstance OS::Nova::Server VM 1
CGI_FW_SERVER_1:
type: OS::Nova::Server
depends_on:
- CGI_FW_OAM_PROTECTED_RII_1
- CGI_FW_SGI_PROTECTED_RII_DUMMY_1
- CGI_FW_SGI_DIRECT_RII_1
- CGI_FW_SGI_DIRECT_V6_RII_1
- CGI_FW_NIMBUS_HSL_RII_1
properties:
name: { get_param: [ cgi_fw_names,0 ] }
image: { get_param: cgi_fw_image_name }
flavor: { get_param: cgi_fw_flavor_name }
availability_zone: { get_param: availability_zone_0 }
scheduler_hints: { group: {get_resource: CGI_FW_RAG } }
networks:
- port: { get_resource: CGI_FW_OAM_PROTECTED_RVMI_1 }
- port: { get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_1 }
- port: { get_resource: CGI_FW_SGI_DIRECT_RVMI_1 }
- port: { get_resource: CGI_FW_NIMBUS_HSL_RVMI_1 }
metadata:
vf_module_name: { get_param: vf_module_name }
vnf_name: { get_param: vnf_name }
vnf_id: { get_param: vnf_id }
vf_module_id: { get_param: vf_module_id }
CGI_FW_SERVER_2:
type: OS::Nova::Server
depends_on:
- CGI_FW_OAM_PROTECTED_RII_2
- CGI_FW_SGI_PROTECTED_RII_DUMMY_2
- CGI_FW_SGI_DIRECT_RII_2
- CGI_FW_SGI_DIRECT_V6_RII_2
- CGI_FW_NIMBUS_HSL_RII_2
properties:
name: { get_param: [ cgi_fw_names,1 ] }
image: { get_param: cgi_fw_image_name }
flavor: { get_param: cgi_fw_flavor_name }
availability_zone: { get_attr: [CGI_FW_SERVER_2, addresses, get_param: [sgi_protected_net_dummy, 0], 0, "OS-EXT-IPS-MAC:mac_addr"] }
scheduler_hints: { group: {get_resource: CGI_FW_RAG } }
networks:
- port: { get_resource: CGI_FW_OAM_PROTECTED_RVMI_2 }
- port: { get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_2 }
- port: { get_resource: CGI_FW_SGI_DIRECT_RVMI_2 }
- port: { get_resource: CGI_FW_NIMBUS_HSL_RVMI_2 }
metadata:
vf_module_name: { get_param: vf_module_name }
vnf_name: { get_param: vnf_name }
vnf_id: { get_param: vnf_id }
vf_module_id: { get_param: vf_module_id }
contrail_vmi_subinterface:
type: OS::ContrailV2::VirtualMachineInterface
properties:
name:
str_replace:
template: VM_NAME_PORT_3
params:
VM_NAME: { get_param: vipr_atm_name_0 }
virtual_machine_interface_properties:
{
virtual_machine_interface_properties_service_interface_type: 'left'
}
port_tuple_refs: [{ get_param: port_name }]
virtual_network_refs: [{ get_param: oam_protected_net_fqdn }]
outputs:
cgi_fw_left_vmi_id_1:
description: uuid of the right dummy interface
value: {get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_1 }
cgi_fw_01_left_mac_1:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_1, addresses, get_param: sgi_protected_net_dummy, 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_left_vmi_id_2:
description: uuid of the right dummy interface
value: {get_resource: CGI_FW_SGI_PROTECTED_RVMI_DUMMY_2 }
cgi_fw_01_left_mac_2:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses, get_param: sgi_protected_net_dummy, 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_st_name_fqdn:
description: FQDN of the FW_CGI ServiceTemplate
value: {list_join: [':', { get_attr: [ CGI_FW_RST_1, fq_name ] } ] }
cgi_fw_sec_grp_id:
description: uuid of the security group
value: {get_resource: CGI_FW_RSG_SI_1 }
cgi_fw_01_left_mac_3:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses, get_param: [sgi_protected_net_dummy, 0], 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_01_left_mac_4:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses, get_param: [sgi_protected_net_dummy, 0, get_param: [sgi_protected_net_dummy1,1] ], 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_01_left_mac_5:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses, get_attr: [CGI_FW_SERVER_2, addresses, get_param: [sgi_protected_net_dummy, 0], 0, "OS-EXT-IPS-MAC:mac_addr"], 0,
"OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_01_left_mac_6:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses,str_split: [',', 'string,to,split'], 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_01_left_mac_7:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [contrail_vmi_subinterface, virtual_machine_interface_properties ] }
cgi_fw_01_left_mac_8:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [contrail_vmi_subinterface, virtual_machine_interface_allowed_address_pairs, virtual_machine_interface_allowed_address_pairs_allowed_address_pair ] }
cgi_fw_01_left_mac_9:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses,str_split: [',', get_param: sgi_protected_net_dummy ], 0, "OS-EXT-IPS-MAC:mac_addr"] }
cgi_fw_01_left_mac_10:
description: cgi fw01 left interface Mac-Address
value: { get_attr: [CGI_FW_SERVER_2, addresses,str_split: [',', get_attr: [contrail_vmi_subinterface,
virtual_machine_interface_allowed_address_pairs,
virtual_machine_interface_allowed_address_pairs_allowed_address_pair ]], 0, "OS-EXT-IPS-MAC:mac_addr"] }
VMA-EXT_IPS:
description: IP addresses assigned to the first external network.
value: { get_attr: [CGI_FW_SERVER_2, {get_param: [vnf_id, {get_param: sgi_protected_interface_type}]}, ASSIGNED_IPS]}
VMA-DynamicResource:
description: IP addresses assigned to the first external network.
value: { get_attr: [{get_param: vnf_id}, {get_param: [vnf_id, {get_param: sgi_protected_interface_type}]}, ASSIGNED_IPS]}
|