diff options
Diffstat (limited to 'docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp')
14 files changed, 0 insertions, 4100 deletions
diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF Cloud Readiness Requirements for ONAP 7-3-17.docx b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF Cloud Readiness Requirements for ONAP 7-3-17.docx Binary files differdeleted file mode 100644 index 8b3a807..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF Cloud Readiness Requirements for ONAP 7-3-17.docx +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF_Cloud_Readiness_Requirements_for_ONAP.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF_Cloud_Readiness_Requirements_for_ONAP.rst deleted file mode 100644 index 5cd2eaa..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/VNF_Cloud_Readiness_Requirements_for_ONAP.rst +++ /dev/null @@ -1,956 +0,0 @@ -.. contents:: - :depth: 3 -.. - -**VNF Cloud Readiness Requirements for ONAP** - -**Revision 2017-2** - -**Revision Date 6/30/2017** - -**Document Revision History** - -+-------------+------------+-------------------------------------------------------------------------------------------------------------------------+ -| Date | Revision | Description | -+=============+============+=========================================================================================================================+ -| 2/1/2017 | 1.0 | Initial public release of VNF Cloud Readiness Requirements for ONAP | -+-------------+------------+-------------------------------------------------------------------------------------------------------------------------+ -| 3/31/2017 | 1.1 | Update to reflect change from OpenECOMP to ONAP | -+-------------+------------+-------------------------------------------------------------------------------------------------------------------------+ -| 6/30/2017 | 2017-2 | Additional operational requirements 50060 – 50110, minor edits to 30050, 32050, 36030, 44080, 44150, 50020, and 50040 | -+-------------+------------+-------------------------------------------------------------------------------------------------------------------------+ - -**Definitions** - -Throughout the document the terms have the following meaning: - -**MUST** This word, or the terms "REQUIRED" or "SHALL", mean that the -definition is an absolute requirement of the specification. - -**MUST** **NOT** This phrase, or the phrase "SHALL NOT", mean that the -definition is an absolute prohibition of the specification. - -**SHOULD** This word, or the adjective "RECOMMENDED", mean that there -may exist valid reasons in particular circumstances to ignore a -particular item, but the full implications must be understood and -carefully weighed before choosing a different course. - -**SHOULD** **NOT** This phrase, or the phrase "NOT RECOMMENDED" mean -that there may exist valid reasons in particular circumstances when the -particular behavior is acceptable or even useful, but the full -implications should be understood and the case carefully weighed before -implementing any behavior described with this label. - -**MAY** This word, or the adjective "OPTIONAL", mean that an item is -truly optional. One vendor may choose to include the item because a -particular marketplace requires it or because the vendor feels that it -enhances the product while another vendor may omit the same item. An -implementation which does not include a particular option MUST be -prepared to interoperate with another implementation which does include -the option, though perhaps with reduced functionality. In the same vein -an implementation which does include a particular option MUST be -prepared to interoperate with another implementation which does not -include the option (except, of course, for the feature the option -provides.) - -Introduction -============ - -This document is part of a hierarchy of documents that describes the -overall Requirements and Guidelines for ONAP. The diagram below -identifies where this document fits in the hierarchy. - -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| ONAP Requirements and Guidelines | -+=============================================+========================================+===========================================+==============================+=================================+ -| VNF Guidelines for Network Cloud and ONAP | Future ONAP Subject Documents | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| VNF Cloud Readiness Requirements for ONAP | VNF Management Requirements for ONAP | VNF Heat Template Requirements for ONAP | Future | Future Requirements Documents | -| | | | VNF Requirements Documents | | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ - -Document summary: - -*VNF Guidelines for Network Cloud and ONAP* - -- Describes VNF environment and overview of requirements - -**VNF Cloud Readiness Requirements for ONAP** - -- Cloud readiness requirements for VNFs (Design, Resiliency, Security, - and DevOps) - -*VNF Management Requirements for ONAP* - -- Requirements for how VNFs interact and utilize ONAP - -*VNF Heat Template Requirements for ONAP* - -- Provides recommendations and standards for building Heat templates - compatible with ONAP– initial implementations of Network Cloud are - assumed to be OpenStack based. - -Feedback on or questions about the content of this document may be sent -to the following email address: -`VNFGuidelines@list.att.com <mailto:VNFGuidelines@list.att.com?subject=VNF%20Guidelines%20Feedback>`__. - -This reference document lists the requirements that are the supporting -details for the Virtual Network Function (VNF) characteristics outlined -in the *VNF Guidelines for Network Cloud and ONAP*. These requirements -are grouped into the following categories: VNF Design, Resiliency, -Security, and DevOps. Specific requirements for ONAP can be found in the -*VNF Management Requirements for ONAP* reference document. - -This section outlines the guidelines for VNFs to be compliant with -running on a multi-tenant, Network Cloud infrastructure. VNFs must be -virtualized, software-based, execute in a multi-tenant cloud, and be -de-coupled from the cloud hardware. To achieve interoperability between -VNFs, open and standard interfaces and APIs must be used. The set of -reusable VNFs forms the basis of a VNF catalog that is made available to -service designers to compose new (service chained) services that can -include service-specific custom parameters and QoS policies. Use of open -source technologies to leverage industry innovation is important in the -design of virtualized services. Equally important is the re-use of -common technologies (e.g., virtualized load balancers, firewalls, etc.) -that are provided by the platform. - -VNF Design -========== - -Services are composed of VNFs and common components and are designed to -be agnostic of the location to leverage capacity where it exists in the -Network Cloud. VNFs can be instantiated in any location that meets the -performance and latency requirements of the service. - -A key design principle for virtualizing services is decomposition of -network functions using NFV concepts into granular VNFs. This enables -instantiating and customizing only essential functions as needed for the -service, thereby making service delivery more nimble. It provides -flexibility of sizing and scaling and also provides flexibility with -packaging and deploying VNFs as needed for the service. It enables -grouping functions in a common cloud data center to minimize -inter-component latency. The VNFs should be designed with a goal of -being modular and reusable to enable using best-in-breed vendors - -Section 4.1.1 in *VNF Guidelines for Network Cloud and ONAP* describes -the overall guidelines for designing VNFs from VNF Components (VNFCs). -Below are more detailed requirements for composing VNFs. - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| VNF Design Requirements | Type | ID # | -+================================================================================================================================================================================================================================+==========+=========+ -| Decompose VNFs into granular re-usable VNFCs | Should | 20010 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Decompose if the functions have significantly different scaling characteristics (e.g., signaling versus media functions, control versus data plane functions). | Must | 20020 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Decomposition of the VNF must enable instantiating only the functionality that is needed for the VNF (e.g., if transcoding is not needed it should not be instantiated). | Must | 20030 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Design VNFC as a standalone, executable process. | Must | 20040 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Create a single component VNF for VNFCs that can be used by other VNFs. | Should | 20050 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Design to scale horizontally (more instances of a VNF or VNFC) and not vertically (moving the existing instances to larger VMs or increasing the resources within a VM) to achieve effective utilization of cloud resources. | Must | 20060 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize cloud provided infrastructure and VNFs (e.g., virtualized Local Load Balancer) as part of the VNF so that the cloud can manage and provide a consistent service resiliency and methods across all VNF's. | Must | 20070 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| VNFCs should be independently deployed, configured, upgraded, scaled, monitored, and administered by ONAP. | Should | 20080 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide API versioning to allow for independent upgrades of VNFC. | Must | 20090 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Minimize the use of state within a VNFC to facilitate the movement of traffic from one instance to another. | Should | 20100 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Maintain state in a geographically redundant datastore that may, in fact, be its own VNFC. | Should | 20110 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Decouple persistent data from the VNFC and keep it in its own datastore that can be reached by all instances of the VNFC requiring the data. | Should | 20120 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize virtualized, scalable open source database software that can meet the performance/latency requirements of the service for all datastores. | Must | 20130 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Failure of a VNFC instance must not terminate stable sessions. | Must | 20140 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Enable DPDK in the guest OS for VNF’s requiring high packets/sec performance. High packet throughput is defined as greater than 500K packets/sec. | Must | 20150 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| When using DPDK, use the NCSP’s supported library and compute flavor that supports DPDK to optimize network efficiency. [1]_ | Must | 20160 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Do not use technologies that bypass virtualization layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary to meet functional or performance requirements). | Must | 20170 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Limit the size of application data packets to no larger than 9000 bytes for SDN network-based tunneling when guest data packets are transported between tunnel endpoints that support guest logical networks. | Must | 20180 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Do not require the use of a dynamic routing protocol unless necessary to meet functional requirements. | Must | 20190 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Resiliency -========== - -The VNF is responsible for meeting its resiliency goals and must factor -in expected availability of the targeted virtualization environment. -This is likely to be much lower than found in a traditional data center. -Resiliency is defined as the ability of the VNF to respond to error -conditions and continue to provide the service intended. A number of -software resiliency dimensions have been identified as areas that should -be addressed to increase resiliency. As VNFs are deployed into the -Network Cloud, resiliency must be designed into the VNF software to -provide high availability versus relying on the Network Cloud to achieve -that end. - -Section 4.1.2 in *VNF Guidelines for Network Cloud and ONAP* describes -the overall guidelines for designing VNFs to meet resiliency goals. -Below are more detailed resiliency requirements for VNFs. - -All Layer Redundancy --------------------- - -Design the VNF to be resilient to the failures of the underlying -virtualized infrastructure (Network Cloud). VNF design considerations -would include techniques such as multiple vLANs, multiple local and -geographic instances, multiple local and geographic data replication, -and virtualized services such as Load Balancers. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| All Layer Redundancy Requirements | Type | ID # | -+=======================================================================================================================================================================================================================================================================================================+========+=========+ -| VNFs are responsible to meet their own resiliency goals and not rely on the Network Cloud. | Must | 30010 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Design resiliency into a VNF such that the resiliency deployment model (e.g., active-active) can be chosen at run-time. | Must | 30020 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| VNFs must survive any single points of failure within the Network Cloud (e.g., virtual NIC, VM, disk failure). | Must | 30030 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| VNFs must survive any single points of software failure internal to the VNF (e.g., in memory structures, JMS message queues). | Must | 30040 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Design, build and package VNFs to enable deployment across multiple fault zones (e.g., VNFCs deployed in different servers, racks, OpenStack regions, geographies) so that in the event of a planned/unplanned downtime of a fault zone, the overall operation/throughput of the VNF is maintained. | Must | 30050 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support the ability to failover a VNFC automatically to other geographically redundant sites if not deployed active-active to increase the overall resiliency of the VNF. | Must | 30060 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support the ability of the VNFC to be deployable in multi-zoned cloud sites to allow for site support in the event of cloud zone failure or upgrades. | Must | 30070 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ - -Minimize Cross Data-Center Traffic ----------------------------------- - -Avoid performance-sapping data center-to-data center replication delay -by applying techniques such as caching and persistent transaction paths -- Eliminate replication delay impact between data centers by using a -concept of stickiness (i.e., once a client is routed to data center "A", -the client will stay with Data center “A” until the entire session is -completed). - -+------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Minimize Cross Data-Center Traffic Requirements | Type | ID # | -+==================================================================================================================+==========+=========+ -| Minimize the propagation of state information across multiple data centers to avoid cross data center traffic. | Should | 31010 | -+------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Application Resilient Error Handling ------------------------------------- - -Ensure an application communicating with a downstream peer is equipped -to intelligently handle all error conditions. Make sure code can handle -exceptions seamlessly - implement smart retry logic and implement -multi-point entry (multiple data centers) for back-end system -applications. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Application Resilient Error Handling Requirements | Type | ID # | -+==============================================================================================================================================================================================================================================================================================================================+========+=========+ -| Detect connectivity failure for inter VNFC instance and intra/inter VNF and re-establish connectivity automatically to maintain the VNF without manual intervention to provide service continuity. | Must | 32010 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Handle the restart of a single VNFC instance without requiring all VNFC instances to be restarted. | Must | 32020 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Handle the start or restart of VNFC instances in any order with each VNFC instance establishing or re-establishing required connections or relationships with other VNFC instances and/or VNFs required to perform the VNF function/role without requiring VNFC instance(s) to be started/restarted in a particular order. | Must | 32030 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Handle errors and exceptions so that they do not interrupt processing of incoming VNF requests to maintain service continuity. | Must | 32040 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Provide the ability to modify the number of retries, the time between retries and the behavior/action taken after the retries have been exhausted for exception handling to allow the NCSP to control that behavior. | Must | 32050 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Fully exploit exception handling to the extent that resources (e.g., threads and memory) are released when no longer needed regardless of programming language. | Must | 32060 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Handle replication race conditions both locally and geo-located in the event of a data base instance failure to maintain service continuity. | Must | 32070 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Automatically retry/resubmit failed requests made by the software to its downstream system to increase the success rate. | Must | 32080 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ - -System Resource Optimization ----------------------------- - -Ensure an application is using appropriate system resources for the task -at hand; for example, do not use network or IO operations inside -critical sections, which could end up blocking other threads or -processes or eating memory if they are unable to complete. Critical -sections should only contain memory operation, and should not contain -any network or IO operation. - -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| System Resource Optimization Requirements | Type | ID # | -+=================================================================================================================================================================================================================================================+==========+=========+ -| Do not execute long running tasks (e.g., IO, database, network operations, service calls) in a critical section of code, so as to minimize blocking of other operations and increase concurrent throughput. | Must | 33010 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Automatically advertise newly scaled components so there is no manual intervention required. | Must | 33020 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize FQDNs (and not IP address) for both Service Chaining and scaling. | Must | 33030 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Deliver any and all functionality from any VNFC in the pool. The VNFC pool member should be transparent to the client. Upstream and downstream clients should only recognize the function being performed, not the member performing it. | Must | 33040 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Automatically enable/disable added/removed sub-components or component so there is no manual intervention required. | Should | 33050 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support the ability to scale down a VNFC pool without jeopardizing active sessions. Ideally, an active session should not be tied to any particular VNFC instance. | Should | 33060 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support load balancing and discovery mechanisms in resource pools containing VNFC instances. | Should | 33070 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize resource pooling (threads, connections, etc.) within the VNF application so that resources are not being created and destroyed resulting in resource management overhead. | Should | 33080 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use techniques such as “lazy loading” when initialization includes loading catalogues and/or lists which can grow over time, so that the VNF startup time does not grow at a rate proportional to that of the list. | Should | 33090 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Release and clear all shared assets (memory, database operations, connections, locks, etc.) as soon as possible, especially before long running sync and asynchronous operations, so as to not prevent use of these assets by other entities. | Should | 33100 | -+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Application Configuration Management ------------------------------------- - -Leverage configuration management audit capability to drive conformity -to develop gold configurations for technologies like Java, Python, etc. - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Application Configuration Management Requirements | Type | ID # | -+===================================================================================================================================================================================+========+=========+ -| Allow configurations and configuration parameters to be managed under version control to ensure consistent configuration deployment, traceability and rollback. | Must | 34010 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Allow configurations and configuration parameters to be managed under version control to ensure the ability to rollback to a known valid configuration. | Must | 34020 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Allow changes of configuration parameters to be consumed by the VNF without requiring the VNF or its sub-components to be bounced so that the VNF availability is not effected. | Must | 34030 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ - -Intelligent Transaction Distribution & Management -------------------------------------------------- - -Leverage Intelligent Load Balancing and redundant components (hardware -and modules) for all transactions, such that at any point in the -transaction: front end, middleware, back end -- a failure in any one -component does not result in a failure of the application or system; -i.e., transactions will continue to flow, albeit at a possibly reduced -capacity until the failed component restores itself. Create redundancy -in all layers (software and hardware) at local and remote data centers; -minimizing interdependencies of components (i.e. data replication, -deploying non-related elements in the same container). - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Intelligent Transaction Distribution & Management Requirements | Type | ID # | -+==================================================================================================================================================================================================================================+==========+=========+ -| Use intelligent routing by having knowledge of multiple downstream/upstream endpoints that are exposed to it, to ensure there is no dependency on external services (such as load balancers) to switch to alternate endpoints. | Should | 35010 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use redundant connection pooling to connect to any backend data source that can be switched between pools in an automated/scripted fashion to ensure high availability of the connection to the data source. | Should | 35020 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Include control loop mechanisms to notify the consumer of the VNF of their exceeding SLA thresholds so the consumer is able to control its load against the VNF. | Should | 35030 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Deployment Optimization ------------------------ - -Reduce opportunity for failure, by human or by machine, through smarter -deployment practices and automation. This can include rolling code -deployments, additional testing strategies, and smarter deployment -automation (remove the human from the mix). - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Deployment Optimization Requirements | Type | ID # | -+=====================================================================================================================================================================================================================================================+==========+=========+ -| Support at least two major versions of the VNF software and/or sub-components to co-exist within production environments at any time so that upgrades can be applied across multiple systems in a staggered manner. | Must | 36010 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support the existence of multiple major/minor versions of the VNF software and/or sub-components and interfaces that support both forward and backward compatibility to be transparent to the Service Provider usage. | Must | 36020 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support hitless staggered/rolling deployments between its redundant instances to allow "soak-time/burn in/slow roll" which can enable the support of low traffic loads to validate the deployment prior to supporting full traffic loads. | Must | 36030 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support the ability of a requestor of the service to determine the version (and therefore capabilities) of the service so that Network Cloud Service Provider can understand the capabilities of the service. | Must | 36040 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Test for adherence to the defined performance budgets at each layer, during each delivery cycle with delivered results, so that the performance budget is measured and the code is adjusted to meet performance budget. | Must | 36050 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Test for adherence to the defined performance budget at each layer, during each delivery cycle so that the performance budget is measured and feedback is provided where the performance budget is not met. | Must | 36060 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle with delivered results, so that the resiliency rating is measured and the code is adjusted to meet software resiliency requirements. | Should | 36070 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle so that the resiliency rating is measured and feedback is provided where software resiliency requirements are not met. | Should | 36080 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Monitoring & Dashboard ----------------------- - -Promote dashboarding as a tool to monitor and support the general -operational health of a system. It is critical to the support of the -implementation of many resiliency patterns essential to the maintenance -of the system. It can help identify unusual conditions that might -indicate failure or the potential for failure. This would contribute to -improve Mean Time to Identify (MTTI), Mean Time to Repair (MTTR), and -post-incident diagnostics. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Monitoring & Dashboard Requirements | Type | ID # | -+================================================================================================================================================================================================================================================+==========+=========+ -| Provide a method of metrics gathering for each layer's performance to identify/document variances in the allocations so they can be addressed. | Must | 37010 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide unique traceability of a transaction through its life cycle to ensure quick and efficient troubleshooting. | Must | 37020 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide a method of metrics gathering and analysis to evaluate the resiliency of the software from both a granular as well as a holistic standpoint. This includes, but is not limited to thread utilization, errors, timeouts, and retries. | Must | 37030 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide operational instrumentation such as logging, so as to facilitate quick resolution of issues with the VNF to provide service continuity. | Must | 37040 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Monitor for and alert on (both sender and receiver) errant, running longer than expected and missing file transfers, so as to minimize the impact due to file transfer errors. | Must | 37050 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use an appropriately configured logging level that can be changed dynamically, so as to not cause performance degradation of the VNF due to excessive logging. | Should | 37060 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize Cloud health checks, when available from the Network Cloud, from inside the application through APIs to check the network connectivity, dropped packets rate, injection, and auto failover to alternate sites if needed. | Should | 37070 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Conduct a resiliency impact assessment for all inter/intra-connectivity points in the VNF to provide an overall resiliency rating for the VNF to be incorporated into the software design and development of the VNF. | Must | 37080 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -Security -======== - -The objective of this section is to provide the key security -requirements that need to be met by VNFs. The security requirements are -grouped into five areas as listed below. Other security areas will be -addressed in future updates. These security requirements are applicable -to all VNFs. Additional security requirements for specific types of VNFs -will be applicable and are outside the scope of these general -requirements. - -Section 4.1.3 in *VNF Guidelines for Network Cloud and ONAP* outlines -the five broad security areas for VNFs that are detailed in the -following sections: - -- **VNF General Security**: This section addresses general security - requirements for the VNFs that the vendors will need to address. - -- **VNF Identity and Access Management**: This section addresses - security requirements with respect to Identity and Access Management - as these pertain to generic VNFs. - -- **VNF API Security**: This section addresses the generic security - requirements associated with APIs. These requirements are applicable - to those VNFs that use standard APIs for communication and data - exchange. - -- **VNF Security Analytics**: This section addresses the security - requirements associated with analytics for VNFs that deal with - monitoring, data collection and analysis. - -- **VNF Data Protection**: This section addresses the security - requirements associated with data protection. - -VNF General Security Requirements ---------------------------------- - -This section provides details on the VNF general security requirements -on various security areas such as user access control, network security, -ACLs, infrastructure security, and vulnerability management. These -requirements cover topics associated with compliance, security patching, -logging/accounting, authentication, encryption, role-based access -control, least privilege access/authorization. The following security -requirements need to be met by the solution in a virtual environment: - -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| General Security Requirements | Type | ID # | -+=================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+========================================================================================================================================================================================================================================================================================================================================================================================================================================+=========+=========+ -| Integration and operation within a robust security environment is necessary and expected. The security architecture will include one or more of the following: IDAM (Identity and Access Management) for all system and applications access, Code scanning, network vulnerability scans, OS, Database and application patching, malware detection and cleaning, DDOS prevention, network security gateways (internal and external) operating at various layers, host and application based tools for security compliance validation, aggressive security patch application, tightly controlled software distribution and change control processes and other state of the art security solutions. The VNF is expected to function reliably within such an environment and the developer is expected to understand and accommodate such controls and can expected to supply responsive interoperability support and testing throughout the product’s lifecycle. | Informational | 40010 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| The VNF must accommodate the security principle of “least privilege” during development, implementation and operation. The importance of “least privilege” cannot be overstated and must be observed in all aspects of VNF development and not limited to security. This is applicable to all sections of this document. | Must | 40020 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Implement access control list for OA&M services (e.g., restricting access to certain ports or applications). | Must | 40030 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Implement Data Storage Encryption (database/disk encryption) for Sensitive Personal Information (SPI) and other subscriber identifiable data. Note: subscriber’s SPI/data must be encrypted at rest, and other subscriber identifiable data should be encrypted at rest. Other data protection requirements exist and should be well understood by the developer. | Must | 40040 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Implement a mechanism for automated and frequent "system configuration (automated provisioning / closed loop)" auditing. | Should | 40050 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Use both network scanning and application scanning security tools on all code, including underlying OS and related configuration. Scan reports shall be provided. Remediation roadmaps shall be made available for any findings. | Should | 40060 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Perform source code to scanning tools (e.g., Fortify) and provide reports. | Should | 40070 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Production code shall be distributed from NCSP internal sources only. No production code, libraries, OS images, etc. shall be distributed from publically accessible depots. | Must | 40080 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Provide all code/configuration files in a “Locked down” or hardened state or with documented recommendations for such hardening. All unnecessary services will be disabled. Vendor default credentials, community strings and other such artifacts will be removed or disclosed so that they can be modified or removed during provisioning. | Must | 40090 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Support L3 VPNs that enable segregation of traffic by application (dropping packets not belonging to the VPN) (i.e., AVPN, IPSec VPN for Internet routes). | Should | 40100 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Interoperate with various access control mechanisms for the Network Cloud execution environment (e.g., Hypervisors, containers). | Should | 40110 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| VNF should support the use of virtual trusted platform module, hypervisor security testing and standards scanning tools. | Should | 40120 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Interoperate with the ONAP (SDN) Controller so that it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual routing and forwarding rules. | Must | 40130 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Support the ability to work with aliases (e.g., gateways, proxies) to protect and encapsulate resources. | Should | 40140 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| All access to applications (Bearer, signaling and OA&M) will pass through various security tools and platforms from ACLs, stateful firewalls and application layer gateways depending on manner of deployment. The application is expected to function (and in some cases, interwork) with these security tools. | Must | 40150 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Patch vulnerabilities in VNFs as soon as possible. Patching shall be controlled via change control process with vulnerabilities disclosed along with mitigation recommendations. | Must | 40160 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Identification, authentication and access control of **customer** or **VNF application users** must be performed by utilizing the NCSP’s IDAM API. | Must | 40170 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| Identification, authentication and access control of **OA&M** and other system level functions must use the NCSP’s IDAM API or comply with the following is expected. | Must | 40180 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Support User-IDs and passwords to uniquely identify the user/application. VNF needs to have appropriate connectors to the Identity, Authentication and Authorization systems that enables access at OS, Database and Application levels as appropriate. | Must | 40190 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Provide the ability to support Multi-Factor Authentication (e.g., 1st factor = Software token on device (RSA SecureID); 2nd factor = User Name+Password, etc.) for the users. | Must | 40200 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Support Role-Based Access Control to permit/limit the user/application to performing specific activities. | Must | 40210 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Support logging via ONAP for a historical view of “who did what and when”. | Must | 40220 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Encrypt OA&M access (e.g., SSH, SFTP). | Must | 40230 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Enforce a configurable maximum number of Login attempts policy for the users. VNF vendor must comply with "terminate idle sessions" policy. Interactive sessions must be terminated, or a secure, locking screensaver must be activated requiring authentication, after a configurable period of inactivity. The system-based inactivity timeout for the enterprise identity and access management system must also be configurable. | Must | 40240 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Comply with the NCSP’s credential management policy. | Must | 40250 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Password expiration must be required at regular configurable intervals. | Must | 40260 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Comply with "password complexity" policy. When passwords are used, they shall be complex and shall at least meet the following password construction requirements: | Must | 40270 | -| | | | | -| | - Be a minimum configurable number of characters in length. | | | -| | | | | -| | - Include 3 of the 4 following types of characters: upper-case alphabetic, lower-case alphabetic, numeric, and special. | | | -| | | | | -| | - Not be the same as the UserID with which they are associated or other common strings as specified by the environment. | | | -| | | | | -| | - Not contain repeating or sequential characters or numbers. | | | -| | | | | -| | - Not to use special characters that may have command functions. | | | -| | | | | -| | - New passwords must not contain sequences of three (3) or more characters from the previous password. | | | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Comply with "password changes (includes default passwords)" policy. Products will support password aging, syntax and other credential management practices on a configurable basis. | Must | 40280 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Support use of common third party authentication and authorization tools such as TACACS+, RADIUS. | Must | 40290 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Comply with "No Self-Signed Certificates" policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as LS 1.1 or higher or equivalent security protocols such as IPSec, AES. | Must | 40300 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ -| | Authenticate system to system communications where one system accesses the resources of another system, and must never conceal individual accountability. | Must | 40310 | -+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+---------+ - -VNF Identity and Access Management Requirements ------------------------------------------------ - -The following security requirements for logging, identity, and access -management need to be met by the solution in a virtual environment: - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Identity and Access Management Requirements | Type | ID # | -+================================================================================================================================================================================================================================================================================================================================================================================================+==========+=========+ -| Access to VNFs will be required at several layers. Hence, VNF vendor needs to be able to host connectors for access to the following layers: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Application | Must | 41010 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. OS (Operating System) | Must | 41020 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Database | Must | 41030 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Manage access to VNF, its OS, or Database by an enterprise access request process. | Must | 41040 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Comply with the following when persons or non-person entities access VNFs: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Individual Accountability (each person must be assigned a unique ID) | Must | 41050 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Least Privilege (no more privilege than required to perform job functions) | Must | 41060 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Segregation of Duties (access to a single layer and no developer may access production without special oversight) | Must | 41070 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Vendors will not be allowed to access VNFs remotely, e.g., VPN | Must | 41080 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Vendors accessing VNFs through a client application API must be authorized by the client application owner and the resource owner of the VNF before provisioning authorization through Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), or other policy based mechanism. | Must | 41090 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Vendor VNF access will be subject to privilege reconciliation tools to prevent access creep and ensure correct enforcement of access policies. | Must | 41100 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide or Support the Identity and Access Management (IDAM) based threat detection data for: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. OWASP Top 10 | Must | 41110 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Password Attacks | Must | 41120 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Phishing / SMishing | Must | 41130 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Malware (Key Logger) | Must | 41140 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Session Hijacking | Must | 41150 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. XSS / CSRF | Must | 41160 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Replay | Must | 41170 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Man in the Middle (MITM) | Must | 41180 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Eavesdropping | Must | 41190 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide Context awareness data (device, location, time, etc.) and be able to integrate with threat detection system. | Must | 41200 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Where a VNF vendor requires the assumption of permissions, such as root or administrator, the vendor user must first log in under their individual user login ID then switch to the other higher level account; or where the individual user login is infeasible, must login with an account with admin privileges in a way that uniquely identifies the individual performing the function. | Must | 41210 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Authenticate system to system access and do not conceal a VNF vendor user’s individual accountability for transactions. | Must | 41220 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Warning Notices: A formal statement of resource intent, i.e., a warning notice, must be made visible upon initial access to a VNF vendor user who accesses private internal networks or Company computer resources, e.g., upon initial logon to an internal web site, system or application which requires authentication. | Must | 41230 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use access controls for VNFs and their supporting computing systems at all times to restrict access to authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. | Must | 41240 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Initial and default settings for new user accounts must provide minimum privileges only. | Must | 41250 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Default settings for user access to sensitive commands and data must be denied authorization. | Must | 41260 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Privileged users may be created conforming to approved request, workflow authorization, and authorization provisioning requirements. | Must | 41270 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Commands affecting network services, such as commands relating to VNFs, must have greater restrictions for access and execution, such as up to 3 factors of authentication and restricted authorization. | Must | 41280 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Encrypt TCP/IP--HTTPS (e.g., TLS v1.2) transmission of data on internal and external networks. | Must | 41290 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Unnecessary or vulnerable cgi-bin programs must be disabled. | Must | 41300 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| No public or unrestricted access to any data should be provided without the permission of the data owner. All data classification and access controls must be followed. | Must | 41310 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| When in production, vendors or developers must not do the following without authorization of the VNF system owner including: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Install or use systems, tools or utilities capable of capturing or logging data that was not created by them or sent specifically to them; | Must | 41320 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. Run security testing tools and programs, e.g., password cracker, port scanners, hacking tools. | Must | 41330 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Authentication credentials must not be included in security audit logs, even if encrypted. | Must | 41340 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| The standard interface for a VNF should be REST APIs exposed to Client Applications for the implementation of OAuth 2.0 Authorization Code Grant and Client Credentials Grant. | Should | 41350 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support hosting connectors for OS Level and Application Access. | Should | 41360 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Support SCEP (Simple Certificate Enrollment Protocol). | Should | 41370 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -VNF API Security Requirements ------------------------------ - -This section covers API security requirements when these are used by the -VNFs. Key security areas covered in API security are Access Control, -Authentication, Passwords, PKI Authentication Alarming, Anomaly -Detection, Lawful Intercept, Monitoring and Logging, Input Validation, -Cryptography, Business continuity, Biometric Authentication, -Identification, Confidentiality and Integrity, and Denial of Service. - -The solution in a virtual environment needs to meet the following API -security requirements: - -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| API Requirements | Type | ID # | -+==========================================================================================================================================================================================================================================================================================================================+========+=========+ -| Provide a mechanism to restrict access based on the attributes of the VNF and the attributes of the subject. | Must | 42010 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Integrate with external authentication and authorization services (e.g., IDAM). | Must | 42020 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Use certificates issued from publicly recognized Certificate Authorities (CA) for the authentication process where PKI-based authentication is used | Must | 42030 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Validate the CA signature on the certificate, ensure that the date is within the validity period of the certificate, check the Certificate Revocation List (CRL), and recognize the identity represented by the certificate where PKI-based authentication is used. | Must | 42040 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Protect the confidentiality and integrity of data at rest and in transit from unauthorized access and modification. | Must | 42050 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Protect against all denial of service attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools | Must | 42060 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Implement at minimum the following input validation controls: | | | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Check the size (length) of all input. Do not permit an amount of input so great that it would cause the VNF to fail. Where the input may be a file, the VNF API must enforce a size limit. | Must | 42070 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Do not permit input that contains content or characters inappropriate to the input expected by the design. Inappropriate input, such as SQL insertions, may cause the system to execute undesirable and unauthorized transactions against the database or allow other inappropriate access to the internal network. | Must | 42080 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Validate that any input file has a correct and valid Multipurpose Internet Mail Extensions (MIME) type. Input files should be tested for spoofed MIME types. | Must | 42090 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Validate input at all layers implementing VNF APIs. | Must | 42100 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Comply with NIST standards and industry best practices for all implementations of cryptography | Must | 42110 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Implement all monitoring and logging as described in the Security Analytics section. | Must | 42120 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Restrict changing the criticality level of a system security alarm to administrator(s). | Must | 42130 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. | Must | 42140 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support requests for information from law enforcement and government agencies. | Must | 42150 | -+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ - -VNF Security Analytics Requirements ------------------------------------ - -This section covers VNF security analytics requirements that are mostly -applicable to security monitoring. The VNF Security Analytics cover the -collection and analysis of data following key areas of security -monitoring: - -- Anti-virus software - -- Logging - -- Data capture - -- Tasking - -- DPI - -- API based monitoring - -- Detection and notification - -- Resource exhaustion detection - -- Proactive and scalable monitoring - -- Mobility and guest VNF monitoring - -- Closed loop monitoring - -- Interfaces to management and orchestration - -- Malformed packet detections - -- Service chaining - -- Dynamic security control - -- Dynamic load balancing - -- Connection attempts to inactive ports (malicious port scanning) - -The following requirements of security monitoring need to be met by the -solution in a virtual environment. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Security Analytics Requirements | Type | ID # | -+==========================================================================================================================================================================================================================================================================================+========+=========+ -| Support the following monitoring features by the VNF: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Real-time detection and notification of security events. | Must | 43010 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Integration functionality via API/Syslog/SNMP to other functional modules in the network (e.g., PCRF, PCEF) that enable dynamic security control by blocking the malicious traffic or malicious end users | Must | 43020 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. API-based monitoring to take care of the scenarios where the control interfaces are not exposed, or are optimized and proprietary in nature | Must | 43030 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Event logging, formats, and delivery tools to provide the required degree of event data to ONAP | Must | 43040 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Detection of malformed packets due to software misconfiguration or software vulnerability | Must | 43050 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Integrated DPI/monitoring functionality as part of VNFs (e.g., PGW, MME) | Must | 43060 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Alternative monitoring capabilities when VNFs do not expose data or control traffic or use proprietary and optimized protocols for inter VNF communication | Must | 43070 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Proactive monitoring to detect and report the attacks on resources so that the VNFs and associated VMs can be isolated, such as detection techniques for resource exhaustion, namely OS resource attacks, CPU attacks, consumption of kernel memory, local storage attacks. | Must | 43080 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Coexist and operate normally with commercial anti-virus software which shall produce alarms every time when there is a security incident. | Must | 43090 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Protect all security audit logs (including API, OS and application-generated logs), security audit software, data, and associated documentation from modification, or unauthorized viewing, by standard OS access control mechanisms, by sending to a remote system, or by encryption. | Must | 43100 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Log the following events: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Successful and unsuccessful login attempts | Must | 43110 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Logoffs | Must | 43120 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Successful and unsuccessful changes to a privilege level | Must | 43130 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Starting and stopping of security logging | Must | 43140 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Creating, removing, or changing the inherent privilege level of users | Must | 43150 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Connections to a network listener of the resource | Must | 43160 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Log, at minimum, the following fields (where applicable and technically feasible) in the security audit logs: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Event type | Must | 43170 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Date/time | Must | 43180 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Protocol | Must | 43190 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Service or program used for access | Must | 43200 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Success/failure | Must | 43210 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Login ID | Must | 43220 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Security audit logs must never contain an authentication credential, e.g., password, even if encrypted. | Must | 43230 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Detect when the security audit log storage medium is approaching capacity (configurable) and issue an alarm via SMS or equivalent as to allow time for proper actions to be taken to pre-empt loss of audit data. | Must | 43240 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support the capability of online storage of security audit logs. | Must | 43250 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Activate security alarms automatically when the following events, at a minimum, are detected: | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Configurable number of consecutive unsuccessful login attempts | Must | 43260 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Successful modification of critical system or application files | Must | 43270 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Unsuccessful attempts to gain permissions or assume the identity of another user | Must | 43280 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Include, at a minimum, the following fields in the Security alarms (where applicable and technically feasible): | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Date | Must | 43290 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Time | Must | 43300 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Service or program used for access | Must | 43310 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Success/failure | Must | 43320 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| a. Login ID | Must | 43330 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Restrict changing the criticality level of a system security alarm to administrator(s). | Must | 43340 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. | Must | 43350 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support requests for information from law enforcement and government agencies. | Must | 43360 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Implement “Closed Loop” automatic implementation (without human intervention) for Known Threats with detection rate in low false positives. | Must | 43370 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Perform data capture for security functions. | Must | 43380 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Generate security audit logs that must be sent to Security Analytics Tools for analysis. | Must | 43390 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Provide audit logs that include user ID, dates, times for log-on and log-off, and terminal location at minimum. | Must | 43400 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Provide security audit logs including records of successful and rejected system access data and other resource access attempts. | Must | 43410 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Support the storage of security audit logs for agreed period of time for forensic analysis. | Must | 43420 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Provide the capability of generating security audit logs by interacting with the operating system (OS) as appropriate. | Must | 43430 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ -| Security logging for VNFs and their OSs must be active from initialization. Audit logging includes automatic routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. | Must | 43440 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------+---------+ - -VNF Data Protection Requirements --------------------------------- - -This section covers VNF data protection requirements that are mostly -applicable to security monitoring. - -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Data Protection Requirements | Type | ID # | -+======================================================================================================================================================================================================================================================================================================================+==========+=========+ -| Provide the capability to restrict read and write access to data. | Must | 44010 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to restrict access to data to specific users. | Must | 44020 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to encrypt data in transit on a physical or virtual network. | Must | 44030 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to encrypt data on non-volatile memory. | Must | 44040 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Where the encryption of non-transient data is required on a device for which the operating system performs paging to virtual memory, then if possible disable the paging of the data requiring encryption, if not the virtual memory should be encrypted. | Should | 44050 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to integrate with an external encryption service. | Must | 44060 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use industry standard cryptographic algorithms and standard modes of operations when implementing cryptography. | Must | 44070 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use commercial algorithms only when there are no applicable governmental standards for specific cryptographic functions, e.g., public key cryptography, message digests. | Should | 44080 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| The SHA, DSS, MD5, SHA-1 and Skipjack algorithms or other compromised encryption must not be used. | Must | 44090 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use, whenever possible, standard implementations of security applications, protocols, and format, e.g., S/MIME, TLS, SSH, IPSec, X.509 digital certificates for cryptographic implementations. These implementations must be purchased from reputable vendors and must not be developed in-house. | Must | 44100 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| A VNF must provide the ability to migrate to newer versions of cryptographic algorithms and protocols with no impact. | Must | 44110 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use symmetric keys of at least 112 bits in length. | Must | 44120 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use asymmetric keys of at least 2048 bits in length. | Must | 44130 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Use commercial tools that comply with X.509 standards and produce x.509 compliant keys for public/private key generation. Keys must not be generated or derived from predictable functions or values, e.g., values considered predictable include user identity information, time of day, stored/transmitted data. | Must | 44140 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to configure encryption algorithms or devices so that they comply with the laws of the jurisdiction in which there are plans to use data encryption. | Must | 44150 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability of using certificates issued from a Certificate Authority not provided by the VNF vendor. | Must | 44160 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability of allowing certificate renewal and revocation. | Must | 44170 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability of testing the validity of a digital certificate by performing the following: | | | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. The CA signature on the certificate must be validated | Must | 44180 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. The date the certificate is being used must be within the validity period for the certificate | Must | 44190 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. The Certificate Revocation List (CRL) for the certificates of that type must be checked to ensure that the certificate has not been revoked | Must | 44200 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| a. The identity represented by the certificate — the "distinguished name" — must be recognized | Must | 44210 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability of encrypting selected data fields stored or bound for security logs. | Must | 44220 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability of deleting data stored in the VNF. | Must | 44230 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the capability to make data available in order to support requests from law enforcement and government agencies as required by legal or regulatory mandates. Capability must be configurable for MOW deployment. | Must | 44240 | -+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - -DevOps -====== - -This section includes guidelines for vendors to ensure that a Network -Cloud Service Provider’s operations personnel have a common and -consistent way to support VNFs and VNFCs. - -NCSPs may elect to support standard images to enable compliance with -security, audit, regulatory and other needs. As part of the overall VNF -software bundle, VNF suppliers using standard images would typically -provide the NCSP with an install package consistent with the default OS -package manager (e.g. aptitude for Ubuntu, yum for Redhat/CentOS). - -Section 4.1.4 in *VNF Guidelines for Network Cloud and ONAP* describes -the DevOps guidelines for VNFs. - -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| DevOps Requirements | Type | ID # | -+==============================================================================================================================================================================================================================================================================================================================================================================================================================+==========+=========+ -| Utilize only the Guest OS versions that are supported by the NCSP’s Network Cloud. [2]_ | Must | 50010 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize only NCSP provided Guest OS images.\ :sup:`2` | Should | 50020 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Utilize only NCSP standard compute flavors.\ :sup:`2` | Must | 50030 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Running VMs will not be backed up in the Network Cloud infrastructure. VNF’s are responsible for preserving their persistent data. | Must | 50040 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Install VNFC(s) on non-root file systems, unless software is specifically included with the operating system distribution of the guest image. | Must | 50050 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Be agnostic to the underlying infrastructure (such as hardware, host OS, Hypervisor), any requirements should be provided as specification to be fulfilled by any hardware. | Must | 50060 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Hypervisor-level customization must not be required from the cloud provider. | Must | 50070 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide an automated test suite to validate every new version of the software on the target environment(s). The tests should be of sufficient granularity to independently test various representative VNF use cases throughout its lifecycle. Operations might choose to invoke these tests either on a scheduled basis or on demand to support various operations functions including test, turn-up and troubleshooting. | Should | 50080 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| Provide the ability to test incremental growth of the VNF | Should | 50090 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| If a VNF provides a load balancing function across multiple instances of its VNFCs, then the VNF must respond to a "move traffic"\ :sup:`3` command against a specific VNFC, moving all existing session elsewhere with minimal disruption. | Must | 50100 | -| | | | -| Note: Individual VNF performance aspects (e.g., move duration or disruption scope) may require further constraints. | | | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ -| To support scenarios such as proactive maintenance with no user impact, if a VNF provides a load balancing function across multiple instances of its VNFCs, then the VNF must respond to a "drain VNFC" [3]_ command against a specific VNFC, preventing new session from reaching the targeted VNFC, with no disruption to active sessions on the impacted VNFC. | Must | 50110 | -+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+----------+---------+ - - -**Copyright © 2017 AT&T Intellectual Property. All rights reserved.** - -Unless otherwise specified, all software contained herein is licensed -under the Apache License, Version 2.0 (the “License”); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Unless otherwise specified, all documentation contained herein is licensed -under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -you may not use this documentation except in compliance with the License. -You may obtain a copy of the License at - - https://creativecommons.org/licenses/by/4.0/ - -Unless required by applicable law or agreed to in writing, documentation -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -ECOMP is a trademark and service mark of AT&T Intellectual Property. - -.. [1] - Refer to NCSP’s Network Cloud specification - -.. [2] - Refer to NCSP’s Network Cloud specification - -.. [3] - Not currently supported in ONAP release 1 diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/index.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/index.rst deleted file mode 100644 index 3c951b6..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Cloud_Readiness_Requirements_for_ONAP/index.rst +++ /dev/null @@ -1,7 +0,0 @@ -VNF Cloud Readiness Requirements for ONAP ------------------------------------------- - -.. toctree:: - :maxdepth: 1 - - VNF_Cloud_Readiness_Requirements_for_ONAP diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF Guidelines for Network Cloud and ONAP 7-3-17.docx b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF Guidelines for Network Cloud and ONAP 7-3-17.docx Binary files differdeleted file mode 100644 index ee5d641..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF Guidelines for Network Cloud and ONAP 7-3-17.docx +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Control_Loop.jpg b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Control_Loop.jpg Binary files differdeleted file mode 100644 index 73dbcbb..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Control_Loop.jpg +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Guidelines_for_Network_Cloud_and_ONAP_7_3_17.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Guidelines_for_Network_Cloud_and_ONAP_7_3_17.rst deleted file mode 100644 index 54770e6..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Guidelines_for_Network_Cloud_and_ONAP_7_3_17.rst +++ /dev/null @@ -1,1117 +0,0 @@ -.. contents:: - :depth: 3 -.. - -**VNF Guidelines for Network Cloud and ONAP** - -**Version 2017-2** - -**June 30, 2017** - -Document Revision History - -+-------------+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Date | Revision | Description | -+=============+============+======================================================================================================================================================================+ -| 2/1/2017 | 1.0 | Initial public release of VNF Guidelines for Network Cloud and OpenECOMP | -+-------------+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 3/31/2017 | 1.1 | Updates to reflect name change from OpenECOMP to ONAP | -+-------------+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| 6/30/2017 | 2017-2 | Corrected the reference for DPDK, clarified VNF Modularity in 4.1.1, added contact information for feedback, cited reference to the ONAP VNF Requirements project. | -+-------------+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Table of Contents - -Abstract -======== - -This white paper and the accompanying reference documents set forth -guidelines and requirements for Virtual Network Functions (VNFs) that -run in Network Clouds [1]_ and are managed by ONAP (Open Network -Automation Platform) [2]_. This document set is part of the ONAP -community and focuses on setting and evolving VNF standards that will -facilitate industry discussion, participation, alignment and evolution -toward comprehensive and actionable VNF best practices and standard -interfaces. The goal is to accelerate adoption of VNF best practices -which will increase innovation, minimize customization needed to onboard -VNFs as well as reduce implementation complexity, time and cost for all -impacted stakeholders. The intent is to drive harmonization of VNFs -across VNF providers, Network Cloud Service Providers (NCSPs) and the -overall Network Function Virtualization (NFV) ecosystem by providing -both long term vision as well as short term focus and clarity where no -current open source implementations exist today. - -This first release of the guidelines and requirements, although -applicable in many implementations, is targeted for those -implementations that consist of Network Clouds based on OpenStack. -Future versions of these guidelines are envisioned to include other -targeted virtualization environments, such as Customer Premises or other -single-tenant small scale cloud implementations. - -In addition, given the relative maturity of key technologies involved, -rapid innovation of NFV/SDN and virtualization technologies as well as -the evolving ONAP roadmap, this will be a living package that will -evolve over time. These documents will become part of the ONAP related -requirements documents. The following enhancements are anticipated to be -addressed in the next set of releases: - -- Open source software and demos of simple reference VNFs; - -- Automation of VNF onboarding and other aspects of VNF lifecycle as - supported by ONAP; - -- Consistent VNF packaging for automated onboarding using ONAP; - -- Other implementation examples for targeted virtualization - environments beyond OpenStack based Network Clouds; - -- Incubation and certification environment to provide a self-service - program to gauge maturity and readiness of VNFs. - -Introduction -============ - -Motivation ----------- - -The requirements and guidelines defined herein are intended to -facilitate industry discussion, participation alignment and evolution -toward comprehensive and actionable VNF best practices. Integration -costs are a significant impediment to the development and deployment of -new services. We envision developing open source industry processes and -best practices leading eventually to VNF standards supporting commercial -acquisition of VNFs with minimal integration costs. Traditional PNFs -have all been unique like snowflakes and required expensive custom -integration, whereas VNF products and services should be designed for -easier integration just like Lego\ :sup:`TM` blocks. For example, by -standardizing on common actions and related APIs supported by VNFs, plug -and play integration is assured, jumpstarting automation with management -frameworks. Onboarding VNFs would no longer require complex and -protracted integration or development activities thus maximizing -automation and minimizing integration cost. Creating VNF open source -environments, best practices and standards provides additional benefits -to the NFV ecosystems such as: - -- Larger market for VNF providers - -- Rapid introduction and integration of new capabilities into the - services provider’s environment - -- Reduced development times and costs for VNF providers - -- Better availability of new capabilities to NCSPs - -- Better distribution of new capabilities to end-user consumers - -- Reduced integration cost (capex) for NCSPs - -- Usage based software licensing for end-user consumers and NCSPs - -Audience ---------- - -The industry transformation associated with softwarization [3]_ results -in a number of changes in traditional approaches for industry -collaboration. Changes from hardware to software, from waterfall to -agile processes and the emergence of industry supported open source -communities imply corresponding changes in processes at many industry -collaboration bodies. With limited operational experience and much more -dynamic requirements, open source communities are expected to evolve -these VNF guidelines further before final documentation of those aspects -necessary for standardization. This white paper and accompanying -reference documents provides VNF providers, NCSPs and other interested -3rd parties a set of guidelines and requirements for the design, build -and overall lifecycle management of VNFs. - -**VNF Providers** - -Both suppliers transitioning from providing physical network functions -(PNFs) to providing VNFs as well as new market entrants should find -these VNF requirements and guidelines a useful introduction to the -requirements to be able to develop VNFs for deployment into a Network -Cloud. VNF Providers may also be interested to test their VNFs in the -context of an open source implementation of the environment. - -**Network Cloud Service Providers (NCSPs)** - -A NCSP provides services based on Network Cloud infrastructure as well -as services above the infrastructure layer, e.g., platform service, -end-to-end services. - -Common approaches to packaging of VNFs enable economies of scale in -their development. As suitable infrastructure becomes deployed, NCSPs -have a common interest in guidelines that support the ease of deployment -of VNFs in each other’s Network Cloud. After reading these VNF -guidelines, NCSPs should be motivated to join AT&T in evolving these -guidelines in the ONAP open source community to meet the industry’s -collective needs. - -**Other interested parties** - -Other parties such as solution providers, open source community, -industry standard bodies, students and researchers of network -technologies, as well as enterprise customers may also be interested in -the VNF Guidelines. Solution Providers focused on specific industry -verticals may find these VNF guidelines useful in the development of -specialized VNFs that can better address the needs of their industry -through deployment of these VNFs in NCSP infrastructure. Open Source -developers can use these VNF guidelines to facilitate the automation of -VNF ingestion and deployment. The emergence of a market for VNFs enables -NCSPs to more rapidly deliver increased functionality, for execution on -white box hardware on customer’s premises – such functionality may be of -particular interest to enterprises supporting similar infrastructure. - -Program and Document Structure ------------------------------- - -This document is part of a hierarchy of documents that describes the -overall Requirements and Guidelines for ONAP. The diagram below -identifies where this document fits in the hierarchy. - -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| ONAP Requirements and Guidelines | -+=============================================+========================================+===========================================+==============================+=================================+ -| VNF Guidelines for Network Cloud and ONAP | Future ONAP Subject Documents | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| VNF Cloud Readiness Requirements for ONAP | VNF Management Requirements for ONAP | VNF Heat Template Requirements for ONAP | Future | Future Requirements Documents | -| | | | VNF Requirements Documents | | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ - -Document summary: - -**VNF Guidelines for Network Cloud and ONAP** - -- Describes VNF environment and overview of requirements - -*VNF Cloud Readiness Requirements for ONAP* - -- Cloud readiness requirements for VNFs (Design, Resiliency, Security, - and DevOps) - -*VNF Management Requirements for ONAP* - -- Requirements for how VNFs interact and utilize ONAP - -*VNF Heat Template Requirements for ONAP* - -- Provides recommendations and standards for building Heat templates - compatible with ONAP– initial implementations of Network Cloud are - assumed to be OpenStack based. - -VNF Context -=========== - -A technology trend towards softwarization is impacting the -communications industry as it has already impacted a number of other -industries. This trend is expected to have some significant impacts on -the products and processes of this industry. The transformation from -products primarily based on hardware to products primarily based on -software has a number of impacts. The completeness of the software -packages to ease integration, usage based licensing to reflect scaling -properties, independence from hardware and location and software -resilience in the presence of underlying hardware failure all gain in -importance compared to prior solutions. The processes supporting -software products and services are also expected to transform from -traditional waterfall methodologies to agile methods. In agile -processes, characteristics such as versioned APIs, rolling upgrades, -automated testing and deployment support with incremental release -schedules become important for these software products and services. -Industry process related to software products and services also change -with the rise of industrially supported open source communities. -Engagement with these open source communities enables sharing of best -practices and collaborative development of open source testing and -integration regimes, open source APIs and open source code bases. - -The term VNF is inspired by the work [4]_ of the ETSI [5]_ Network -Functions Virtualization (NFV) Industry Specification Group (ISG). -ETSI’s VNF definition includes both historically network functions, such -as Virtual Provider Edge (VPE), Virtual Customer Edge (VCE), and Session -Border Controller (SBC), as well as historically non-network functions -when used to support network services, such as network-supporting web -servers and databases. The VNF discussion in these guidelines applies to -all types of virtualized workloads, not just network appliance -workloads. Having a consistent approach to virtualizing any workload -provides more industry value than just virtualizing some workloads. [6]_ - -VNFs are functions that are implemented in Network Clouds. Network -Clouds must support end-to-end high-bandwidth low latency network flows -through VNFs running in virtualization environments. For example, a -Network Cloud is able to provide a firewall service to be created such -that all Internet traffic to a customer premise passes through a virtual -firewall running in the Network Cloud. - -A data center may be the most common target for a virtualization -environment, but it is not the only target. Virtualization environments -are also supported by more constrained resources e.g., Enterprise -Customer Premise Equipment (CPE). Virtualization environments are also -expected to be available at more distributed network locations by -architecting central offices as data centers, or virtualizing functions -located at the edge of the operator infrastructure (e.g., virtualized -Optical Line Termination (vOLT) or xRAN [7]_) and in constrained -resource Access Nodes. Expect detailed requirements to evolve with these -additional virtualization environments. Some VNFs may scale across all -these environments, but all VNFs should onboard through the same process -before deployment to the targeted virtualization environment. - -Business Process Impacts -------------------------- - -Business process changes need to occur in order to realize full benefits -of VNF characteristics: efficiency via automation, open source reliance, -and improved cycle time through careful design. - -**Efficiency via Automation** - -reliant on human labor for critical operational tasks don’t scale. By -aggressively automating all VNF operational procedures, VNFs have lower -operational cost, are more rapidly deployed at scale and are more -consistent in their operation. ONAP provides the automation framework -which VNFs can take advantage of simply by implementing ONAP compatible -interfaces and lifecycle models. This enables automation which drives -operational efficiencies and delivers the corresponding benefits. - -**Open Source** - -VNFs are expected to run on infrastructure largely enabled by open -source software. For example, OpenStack [8]_ is often used to provide -the virtualized compute, network, and storage capabilities used to host -VNFs. OpenDaylight (ODL) [9]_ can provide the network control plane. The -OPNFV community [10]_ provides a reference platform through integration -of ODL, OpenStack and other relevant open source projects. VNFs also run -in open source operating systems like Linux. VNFs might also utilize -open source software libraries to take advantage of required common but -critical software capabilities where community support is available. -Automation becomes easier, overall costs go down and time to market can -decrease when VNFs can be developed and tested in an open source -reference platform environment prior to on-boarding by the NCSP. All of -these points contribute to a lower cost structure for both VNF providers -and NCSPs. - -**Improved Cycle Time through Careful Design** - -Today’s fast paced world requires businesses to evolve rapidly in order -to stay relevant and competitive. To a large degree VNFs, when used with -the same control, orchestration, management and policy framework (e.g., -ONAP), will improve service development and composition. VNFs should -enable NCSPs to exploit recursive nesting of VNFs to acquire VNFs at the -smallest appropriate granularity so that new VNFs and network services -can be composed. The ETSI NFV Framework [11]_ envisages such recursive -assembly of VNFs, but many current implementations fail to support such -features. Designing for VNF reuse often requires that traditional -appliance based PNFs be refactored into multiple individual VNFs where -each does one thing particularly well. While the original appliance -based PNF can be replicated virtually by the right combination and -organization of lower level VNFs, the real advantage comes in creating -new services composed of different combinations of lower level VNFs -(possibly from many providers) organized in new ways. Easier and faster -service creation often generates real value for businesses. As -softwarization trends progress towards more agile processes, VNFs, ONAP -and Network Clouds are all expected to evolve towards continuous -integration, testing and deployment of small incremental changes to -de-risk the upgrade process. - -ETSI Network Function Virtualization (NFV) comparison ------------------------------------------------------ - -ETSI defines a VNF as an implementation of a network function that can -be deployed on a Network Function Virtualization Infrastructure (NFVI). -Service instances may be composed of an assembly of VNFs. In turn, a VNF -may also be assembled from VNF components (VNFCs) that each provide a -reusable set of functionality. VNFs are expected to take advantage of -platform provided common services. - -VNF management and control under ONAP is different than management and -control exposed in the ETSI MANO model. With ONAP, there is only a -single management and control plane. In ETSI’s Framework [12]_, -architectural options exist for preserving legacy systems that increase -integration costs e.g., different VNFs can be controlled by VNF Managers -(VNFMs) and Element Management Systems (EMSs) provided by different -software providers. ONAP addresses the concern that multiple VNFMs in -this space will hinder VNF reuse and increase VNF and service -integration costs. Asking all VNF providers to take advantage of and -interoperate with common control software mitigates related reuse and -integration challenges. The common, SDN based, control platform (ONAP) -is being made available as an open source project to reduce friction for -VNF providers and enable new network functions to get to market faster -and with lower costs. - -Also under ONAP, VNF providers do not provide their own proprietary VNF -Managers (VNFM) or Element Management Systems (EMS). Those capabilities -are provided by ONAP. Hence, VNFs are required to consume open -interfaces to ONAP in support of management and control. The VNF Package -must include the appropriate data models for integration with ONAP to -enable management and control of the VNFCs. - -**Figure 1** shows a simplified ONAP and Infrastructure view to -highlight how individual Virtual Network Functions plug into the ONAP -control loops. - -|image0| - -**Figure 1. Control Loop** - -In the control loop view in **Figure 1**, the VNF provides an event -data stream via an API to Data Collection, Analytics and Events (DCAE). -DCAE analyzes and aggregates the data stream and when particular -conditions are detected, uses policy to enable what, if any, action -should be triggered. Some of the triggered actions may require a -controller to make changes to the VNF through a VNF provided API. - -For a detailed comparison between ETSI NFV and ONAP, refer to Appendix C -- Comparison between VNF Guidelines and ETSI GS NFV-SWA 001. - -Evolving VNF Related Industry Activities ----------------------------------------- - -Many existing industry collaboration bodies are structured around a -particular service or segment of the network. VNFs are intended to -operate across multiple services and execute on commodity targeted -virtualization environments. With the NCSPs transformation to acquiring -products and services based on location and hardware independent VNFs, -the opportunity exists for instances of those VNFs to be deployed across -multiple network locations and services where suitable virtualization -infrastructure is available. - -The rise of industry-supported open source communities has created new -opportunities for collaboration and challenges for existing industry -communities such as Standards Developing Organizations (SDOs). -Collaboration in many SDOs defers intellectual property issues. Most -industrially-supported open source communities resolve intellectual -property issues between collaborators through explicit contribution -licensing agreements. Common infrastructure software components (e.g., -SDN Controllers, Cloud Management Systems) are expected to be available -through industrially supported open source communities (e.g., Open -Daylight and OpenStack). Whether VNFs are open or proprietary, they -should use open APIs, test and integration capabilities developed in -industrially supported open source communities (e.g., ONAP, OPNFV). - -The migration path for operator’s existing processes and services to -effectively utilize VNFs may be operator specific. The requirements for -VNFs may be expected to evolve rapidly as the industry develops -experience with operational and development best practices for VNFs. In -particular, industry operations procedures are expected to evolve -towards agile software methodologies, DevOps, continuous integration and -continuous deployment (CI/CD). In this environment of changing and -context-dependent VNF requirements, agile, pragmatic approaches focused -on delivering functionality in the near term and evolving it towards -targeted VNF characteristics are preferred over lengthy waterfall -industry standardization processes. Demonstrating functionality and -interoperability of appropriate VNF-related APIs in open source -communities is considered a pre-requisite to starting industry -specification work documenting stable interfaces. - -While multiple open source communities exist supporting particular -infrastructure software options, the market success of any particular -option combination cannot be assured. Integration communities such as -OPNFV provide an approach enabling VNF providers to test their products -and services against a variety of expected configurations available in -the industry. - -Evolving towards VNFs ---------------------- - -In order to deploy VNFs, a target virtualization environment must -already be in place. The NCSPs scale necessitates a phased rollout of -virtualization infrastructure and then of VNFs upon that infrastructure. -Some VNF use cases may require greenfield infrastructure deployments, -others may start brownfield deployments in centralized data centers and -then scale deployment more widely as infrastructure becomes available. -Some service providers have been very public and proactive in setting -transformation targets associated with VNFs [13]_. - -Because of the complexity of migration and integration issues, the -requirements for VNFs in the short term may need to be contextualized to -the specific service and transition planning. - -Much of the existing VNF work has been based on corresponding network -function definitions and requirements developed for PNFs. Many of the -assumptions about PNFs do not apply to VNFs and the modularity of the -functionality is expected to be significantly different. In addition, -the increased service velocity objectives of NFV are based on new types -of VNFs being developed to support new services being deployed in -virtualized environments. Much of the functionality associated with 5G -(e.g., IoT, augmented reality/virtual reality) is thus expected to be -deployed as VNFs in targeted virtualization infrastructure towards the -edge of the network. - -VNF Characteristics -=================== - -VNFs need to be constructed using a distributed systems architecture -that we will call "Network Cloud Ready". They need to interact with the -orchestration and control platform provided by ONAP and address the new -security challenges that come in this environment. - -The main goal of a Network Cloud Ready VNF is to run well on any Network -Cloud (public or private) over any network (carrier or enterprise). In -addition, for optimal performance and efficiency, VNFs will be designed -to take advantage of Network Clouds. This requires careful engineering -in both VNFs and candidate Network Cloud computing frameworks. - -To ensure Network Cloud capabilities are leveraged and VNF resource -consumption meets engineering and economic targets, VNF performance and -efficiency will be benchmarked in a controlled lab environment. In line -with the principles and practices laid out in ETSI GS NFV-PER 001, -efficiency testing will consist of benchmarking VNF performance with a -reference workload and associated performance metrics on a reference -Network Cloud (or, when appropriate, additional benchmarking on a bare -metal reference platform). - -Network Cloud Ready VNF characteristics and design consideration can be -grouped into three areas: - -- Cloud Readiness - -- ONAP Ready - -- Virtualization Environment Ready - -Detailed requirements are contained in the reference documents that are -listed in Appendix B - References. - -Cloud Readiness ---------------- - -VNFs should be designed to operate within a cloud environment from the -first stages of the development. The VNF provider should think clearly -about how the VNF should be decomposed into various modules. Resiliency -within a cloud environment is very different than in a physical -environment and the developer should give early thought as to how the -Network Cloud Service Provider will ensure the level of resiliency -required by the VNF and then provide the capabilities needed within that -VNF. Scaling and Security should also be well thought out at design time -so that the VNF runs well in a virtualized environment. Finally, the VNF -Provider also needs to think about how they will integrate and deploy -new versions of the VNF. Since the cloud environment is very dynamic, -the developer should utilize DevOps practices to deploy new software. - -Requirements for Cloud Readiness can be found in the *VNF Common -Requirements for ONAP* document. - -VNF Design -~~~~~~~~~~ - -A VNF may be a large construct and therefore when designing it, it is -important to think about the components from which it will be composed. -The ETSI SWA 001 document gives a good overview of the architecture of a -VNF in Chapter 4 as well as some good examples of how to compose a VNF -in its Annex B. VNFCs are expected to evolve towards microservices, as -an architectural style so when laying out the components of the VNF it -is important to keep in mind the following principles: Single -Capability, Independence, State and the APIs. - -Many Network Clouds will use Heat to describe orchestration templates -for instantiating VNFs and VNFCs. The *VNF Heat Template Requirements -for ONAP* document defines a modular Heat design pattern referred to as -“VNF Modularity”. With this approach, a single VNF may be composed from -one or more Heat Orchestration Templates (modules), each of which -represents a subset of the overall VNF. A module can be thought of as a -deployment unit. In general, the goal should be for each module to -contain a single VNFC. - -Single Capability -^^^^^^^^^^^^^^^^^ - -VNFs should be carefully decomposed into loosely coupled, granular, -re-usable VNFCs that can be distributed and scaled on a Network Cloud. -VNFCs should be responsible for a single capability. The behavior of -microservice VNFCs is focused on a single capability with independent -operation and encapsulation - -The Network Cloud will define several flavors of VMs for a VNF designer -to choose from for instantiating a VNFC. The best practice is to keep -the VNFCs as lightweight as possible while still fulfilling the business -requirements for the "single capability", however the VNFC should not be -so small that the overhead of constructing, maintaining, and operating -the service outweighs its utility. - -Independence -^^^^^^^^^^^^ - -VNFCs should be independently deployed, configured, upgraded, scaled, -monitored, and administered (by ONAP). The VNFC must be a standalone -executable process. - -API versioning is one of the biggest enablers of independence. To be -able to independently evolve a component, versioning must ensure -existing clients of the component are not forced to flash-cut with each -interface change. API versioning enables smoother evolution while -preserving backward compatibility. - -Scaling -^^^^^^^ - -Each VNFC within a VNF must support independent horizontal scaling, by -adding/removing instances, in response to demand loads on that VNFC. The -Network Cloud is not expected to support adding/removing resources -(compute, memory, storage) to an existing instance of a VNFC (vertical -scaling). A VNF should be designed such that its components can scale -independently of each other. Scaling one component should not require -another component to be scaled at the same time. All scaling will be -controlled by ONAP. - -Managing State -^^^^^^^^^^^^^^ - -VNFCs and their interfaces should isolate and manage state to allow for -high-reliability, scalability, and performance in a Network Cloud -environment. The use of state should be minimized as much as possible to -facilitate the movement of traffic from one instance of a VNFC to -another. Where state is required it should be maintained in a -geographically redundant data store that may in fact be its own VNFC. - -This concept of decoupling state data can be extended to all persistent -data. Persistent data should be held in a loosely coupled database. -These decoupled databases need to be engineered and placed correctly to -still meet all the performance and resiliency requirements of the -service. - -Lightweight and Open APIs -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Controllable microservice VNFCs have lightweight communications, are -discoverable and designed for automation. Key functions are accessible -via open APIs, which align to Industry API Standards and supported by an -open and extensible information/data model. - -Reusability -^^^^^^^^^^^ - -Properly (de)composing a VNF requires thinking about “reusability”. -Reusable microservice VNFCs are infrastructure agnostic and designed for -the consumer of their services. Components should be designed to be -reusable within the VNF as well as by other VNFs. The “single -capability” principle aids in this requirement. If a VNFC could be -reusable by other VNFs then it should be designed as its own single -component VNF that may then be chained with other VNFs. Likewise, a VNF -provider should make use of other common platform VNFs such as firewalls -and load balancers, instead of building their own. - -Resiliency -~~~~~~~~~~ - -The VNF is responsible for meeting its resiliency goals and must factor -in expected availability of the targeted virtualization environment. -This is likely to be much lower than found in a traditional data center. -The VNF developer should design the function in such a way that if there -is a platform problem the VNF will continue working as needed and meet -the SLAs of that function. VNFs should be designed to survive single -failure platform problems including: hypervisor, server, datacenter -outages, etc. There will also be significant planned downtime for the -Network Cloud as the infrastructure goes through hardware and software -upgrades. The VNF should support tools for gracefully meeting the -service needs such as methods for migrating traffic between instances -and draining traffic from an instance. The VNF needs to rapidly respond -to the changing conditions of the underlying infrastructure. - -Resilient microservice VNFCs are highly observable, highly resilient and -secure. VNF resiliency can typically be met through redundancy often -supported by distributed systems architectures. This is another reason -for favoring smaller VNFCs. By having more instances of smaller VNFCs it -is possible to spread the instance out across servers, racks, -datacenters, and geographic regions. This level of redundancy can -mitigate most failure scenarios and has the potential to provide a -service with even greater availability than the old model. Careful -consideration of VNFC modularity also minimizes the impact of failures -when an instance does fail. - -Security -~~~~~~~~ - -Security must be integral to the VNF through its design, development, -instantiation, operation, and retirement phases. VNF architectures -deliver new security capabilities that make it easier to maximize -responsiveness during a cyber-attack and minimize service interruption -to the customers. SDN enables the environment to expand and adapt for -additional traffic and incorporation of security solutions. Further, -additional requirements will exist to support new security capabilities -as well as provide checks during the development and production stages -to assure the expected advantages are present and compensating controls -exist to mitigate new risks. - -New security requirements will evolve along with the new architecture. -Initially, these requirements will fall into the following categories: - -- VNF General Security Requirements - -- VNF Identity and Access Management Requirements - -- VNF API Security Requirements - -- VNF Security Analytics Requirements - -- VNF Data Protection Requirements - -DevOps -~~~~~~ - -The ONAP software development and deployment methodology is evolving -toward a DevOps model. VNF development and deployment should evolve in -the same direction, enabling agile delivering of end-to-end services. -Following these same principles better positions ONAP and VNF -development to coevolve in the same direction. - -Testing -^^^^^^^ - -VNF packages should provide comprehensive automated regression, -performance and reliability testing with VNFs based on open industry -standard testing tools and methodologies. VNF packages should provide -acceptance and diagnostic tests and in-service instrumentation to be -used in production to validate VNF operation. - -Build and Deployment Processes -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -VNF packages should include continuous integration and continuous -deployment (CI/CD) software artifacts that utilize automated open -industry standard system and container build tools. The VNF package -should include parameterized configuration variables to enable automated -build customization. Don’t create unique (snowflake) VNFs requiring any -manual work or human attention to deploy. Do create standardized (Lego™) -VNFs that can be deployed in a fully automated way. - -ONAP will orchestrate updates and upgrades of VNFs. The target method -for updates and upgrades is to onboard and validate the new version, -then build a new instance with the new version of software, transfer -traffic to that instance and kill the old instance. There should be no -need for the VNF or its components to provide an update/upgrade -mechanism. - -Automation -^^^^^^^^^^ - -Increased automation is enabled by VNFs and VNF design and composition. -VNF and VNFCs should provide the following automation capabilities, as -triggered or managed via ONAP: - -- Events and alarms - -- Lifecycle events - -- Zero-Touch rolling upgrades and downgrades - -- Configuration - -ONAP Ready ----------- - -ONAP is the “brain” providing the lifecycle management and control of -software-centric network resources, infrastructure and services. ONAP is -critical in achieving the objectives to increase the value of the -Network Cloud to customers by rapidly on-boarding new services, enabling -the creation of a new ecosystem of consumer and enterprise services, -reducing capital and operational expenditures, and providing operations -efficiencies. It delivers enhanced customer experience by allowing them -in near real-time to reconfigure their network, services, and capacity. - -For more details, refer to the `*ECOMP Architecture White -Paper* <http://att.com/ecomp>`__\ [14]_ which inspired the ONAP -community effort. - -One of the main ONAP responsibilities is to rapidly onboard and enrich -VNFs to be cataloged as resources to allow composition and deployment of -services in a multi-vendor plug and play environment. It is also -extremely important to be able to automatically manage the VNF run-time -lifecycle to fully realize benefits of NFV. The VNF run-time lifecycle -includes aspects such as instantiation, configuration, elastic scaling, -automatic recovery from resource failures, and resource allocation. It -is therefore imperative to provide VNFs that are equipped with -well-defined capabilities that comply with ONAP standards to allow rapid -onboarding and automatic lifecycle management of these resources when -deploying services as depicted in **Figure 2**. - -|image1| - -**Figure 2. VNF Complete Lifecycle Stages** - -In order to realize these capabilities within the ONAP platform, it is -important to adhere to a set of key principles (listed below) for VNFs -to integrate into ONAP. - -Requirements for ONAP Ready can be found in the *VNF Management -Requirements for ONAP* document. - -Design Definition -~~~~~~~~~~~~~~~~~ - -Onboarding automation will be facilitated by applying standards-based -approaches to VNF packaging to describe the VNF’s infrastructure -resource requirements, topology, licensing model, design constraints, -and other dependencies to enable successful VNF deployment and -management of VNF configuration and operational behavior. - -The current VNF Package Requirement is based on a subset of the -Requirements contained in the ETSI Document: ETSI GS NFV-MAN 001 v1.1.1 -and GS NFV IFA011 V0.3.0 (2015-10) - Network Functions Virtualization -(NFV), Management and Orchestration, VNF Packaging Specification. - -Configuration Management -~~~~~~~~~~~~~~~~~~~~~~~~ - -ONAP must be able to orchestrate and manage the VNF configuration to -provide fully automated environment for rapid service provisioning and -modification. VNF configuration/reconfiguration must be allowed directly -through standardized APIs without the need for an EMS. - -Monitoring and Management -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The end-to-end service reliability and availability in a virtualized -environment will greatly depend on the ability to monitor and manage the -behavior of Virtual Network Functions in real-time. ONAP platform must -be able to monitor the health of the network and VNFs through collection -of event and performance data directly from network resources utilizing -standardized APIs without the need for an EMS. The VNF provider must -provide visibility into VNF performance and fault at the VNFC level -(VNFC is the smallest granularity of functionality in our architecture) -to allow ONAP to proactively monitor, test, diagnose and trouble shoot -the health and behavior of VNFs at their source. - -Virtualization Environment Ready --------------------------------- - -Every Network Cloud Service Provider will have a different set of -resources and capabilities for their Network Cloud, but there are some -common resources and capabilities that nearly every NCSP will offer. - -Network Cloud -~~~~~~~~~~~~~ - -VNFCs should be agnostic to the details of the Network Cloud (such as -hardware, host OS, Hypervisor or container technology) and must run on -the Network Cloud with acknowledgement to the paradigm that the Network -Cloud will continue to rapidly evolve and the underlying components of -the platform will change regularly. VNFs should be prepared to move -VNFCs across VMs, hosts, locations or datacenters, or Network Clouds. - -Overlay Network -~~~~~~~~~~~~~~~ - -VNFs should be compliant with the Network Cloud network virtualization -platform including the specific set of characteristics and features. - -The Network Cloud is expected to be tuned to support VNF performance -requirements. Initially, specifics may differ per Network Cloud -implementation and are expected to evolve over time, especially as the -technology matures. - -Guest Operating Systems -~~~~~~~~~~~~~~~~~~~~~~~ - -VNFs should use the NCSP’s standard set of OS images to enable -compliance with security, audit, regulatory and other needs. - -Compute Flavors -~~~~~~~~~~~~~~~ - -VNFs should take advantage of the standard Network Cloud capabilities in -terms of VM characteristics (often referred to as VM Flavors), VM sizes -and cloud acceleration capabilities aimed at VNFs such as Data Plane -Development Kit (DPDK [15]_). - -Summary -======= - -The intent of these guidelines and requirements is to provide long term -vision as well as short term focus and clarity where no current open -source implementation exists today. The goal is to accelerate the -adoption of VNFs which will increase innovation, minimize customization -to onboard VNFs, reduce implementation time and complexity as well as -lower overall costs for all stakeholders. It is critical for the -Industry to align on a set of standards and interfaces to quickly -realize the benefits of NFV. AT&T is contributing these guidelines to -the ONAP open source community as a step in moving toward standards. -These guidelines are based on our experience with large scale deployment -and operations of VNFs over the past several years. - -This VNF guidelines document provides a general overview and points to -more detailed requirements documents. The subtending documents provide -more detailed requirements and are listed in Appendix B - References. -All documents are expected to evolve. - -Some of these VNF guidelines may be more broadly applicable in the -industry, e.g., in other open source communities or standards bodies. -The art of VNF architecture and development is expected to mature -rapidly with practical deployment and operations experience from a -broader ecosystem of types of VNFs and different VNF providers. -Individual operators may also choose to provide their own extensions and -enhancements to support their particular operational processes, but -these guidelines are expected to remain broadly applicable across a -number of service providers interested in acquiring VNFs. - -We invite feedback on these VNF Guidelines via -`VNFGuidelines@list.att.com <mailto:VNFGuidelines@list.att.com?subject=VNF%20Guidelines%20and%20Requirements%20Feedback>`__. -The ONAP Community has an active project, `VNF -Requirements <https://wiki.onap.org/display/DW/VNF+Requirements+Project>`__, to -deliver a unified set of VNF Guidelines and Requirements. Interested -parties are encouraged to participate. - -Appendix A - Glossary -====================== - -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Heat** | Heat is a service to orchestrate composite cloud applications using a declarative template format through an OpenStack-native REST API. | -+===========================================+===========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+ -| **Network Clouds** | Network Clouds are built on a framework containing these essential elements: refactoring hardware elements into software functions running on commodity cloud computing infrastructure; aligning access, core, and edge networks with the traffic patterns created by IP based services; integrating the network and cloud technologies on a software platform that enables rapid, highly automated, deployment and management of services, and software defined control so that both infrastructure and functions can be optimized across change in service demand and infrastructure availability; and increasing competencies in software integration and a DevOps operations model. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Network Cloud Service Provider** | Network Cloud Service Provider (NCSP) is a company or organization, making use of a communications network to provide Network Cloud services on a commercial basis to third parties. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **SDOs** | Standards Developing Organizations are organizations which are active in the development of standards intended to address the needs of a group of affected adopters. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Softwarization** | Softwarization is the transformation of business processes to reflect characteristics of software centric products, services, lifecycles and methods. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Targeted Virtualization Environment** | Targeted Virtualization Environment is the execution environment for VNFs. While Network Clouds located in datacenters are a common execution environment, VNFs can and will be deployed in various locations (e.g., non-datacenter environments) and form factors (e.g., enterprise Customer Premise Equipment). Non-datacenter environments are expected to be available at more distributed network locations including central offices and at the edge of the NCSP’s infrastructure. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **VM** | Virtual Machine (VM) is a virtualized computation environment that behaves very much like a physical computer/server. A VM has all its ingredients (processor, memory/storage, interfaces/ports) of a physical computer/server and is generated by a hypervisor, which partitions the underlying physical resources and allocates them to VMs. Virtual Machines are capable of hosting a virtual network function component (VNFC). | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **VNF** | Virtual Network Function (VNF) is the software implementation of a function that can be deployed on a Network Cloud. It includes network functions that provide transport and forwarding. It also includes other functions when used to support network services, such as network-supporting web servers and database. | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **VNFC** | Virtual Network Function Component (VNFC) are the sub-components of a VNF providing a VNF Provider a defined sub-set of that VNF's functionality, with the main characteristic that a single instance of this component maps 1:1 against a single Virtualization Container. See **Figure 3** for the relationship between VNFC and VNFs. | -| | | -| | |image2| | -| | | -| | \ **Figure 3. Virtual Network Function Entity Relationship** | -+-------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Appendix B - References -======================= - -1. VNF Cloud Readiness Requirements for ONAP - -2. VNF Management Requirements for ONAP - -3. VNF Heat Template Requirements for ONAP - -Appendix C - Comparison between VNF Guidelines and ETSI GS NFV-SWA 001 -====================================================================== - -The VNF guidelines presented in this document (VNF Guidelines) overlap -with the ETSI GS NFV-SWA 001 (Network Functions Virtualization (NFV); -Virtual Network Function Architecture) document. For convenience, we -will just refer to this document as SWA 001. - -The SWA 001 document is a survey of the landscape for architecting a -VNF. It includes many different options for building a VNF that take -advantage of the ETSI MANO architecture. - -The Network Cloud and ONAP have similarities to ETSI’s MANO, but also -have differences described in earlier sections. The result is -differences in the VNF requirements. Since these VNF Guidelines are for -a specific implementation of an architecture they are narrower in scope -than what is specified in the SWA 001 document. - -The VNF Guidelines primarily overlaps the SWA 001 in Sections 4 and 5. -The other sections of the SWA 001 document lie outside the scope of the -VNF Guidelines. - -This appendix will describe the differences between these two documents -indexed on the SWA 001 sections - -Section 4 Overview of VNF in the NFV Architecture -------------------------------------------------- - -This section provides an overview of the ETSI NFVI architecture and how -it interfaces with the VNF architecture. Because of the differences -between infrastructure architectures there will naturally be some -differences in how it interfaces with the VNF. - -A high level view of the differences in architecture can be found in the -main body of this document and a more detailed analysis can be found in -the *ECOMP Architecture White Paper*\ [16]_. - -Section 4.3 Interfaces -~~~~~~~~~~~~~~~~~~~~~~ - -Since ONAP provides the VNFM and EMS functionality for all VNFs the -SWA-3 and SWA-4 interfaces are ONAP interfaces. All ONAP interfaces are -described in this package of documents. - -Section 5 VNF Design Patterns and Properties --------------------------------------------- - -This section of the SWA 001 document gives a broad view of all the -possible design patterns of VNFs. The VNF Guidelines do not generally -differ from this section. The VNF Guidelines address a more specific -scope than what is allowed in the SWA 001 document. - -Section 5.1 VNF Design Patterns -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following are differences between the VNF Guidelines and SWA-001: - -- 5.1.2 - The Network Cloud does not recognize the distinction between - “parallelizable” and “non-parallelizable” VNFCs, where parallelizable - means that there can be multiple instances of the VNFC. In the VNF - Guidelines, all VNFCs should support multiple instances and therefore - be parallelizable. - -- 5.1.3 - The VNF Guidelines encourages the use of stateless VNFCs. - However, where state is needed it should be kept external to the VNFC - to enable easier failover - -- 5.1.5 - The VNF Guidelines only accepts horizontal scaling (scale - out/in) by VNFC. Vertical scaling (scale up/down) is not supported by - ONAP. - -- 5.1.5 - Since ONAP provides all EMS and VNFM functionality On-Demand - scaling is accomplished through ONAP and not directly by the VNF - -Section 5.2 VNF Update and Upgrade -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -- 5.2.2 - ONAP will orchestrate updates and upgrades. The preferred - method for updates and upgrades is to build a new instance with the - new version of software, transfer traffic to that instance and kill - the old instance - -Section 5.3 VNF Properties -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following are differences between the VNF Guidelines and SWA-001: - -- 5.3.1 - In a Network Cloud all VNFs must be only “COTS-Ready”. The - VNF Guidelines does not support “Partly COTS-READY” or “Hardware - Dependent”. - -- 5.3.2 – The only virtualization environment currently supported by - ONAP is “Virtual Machines”. The VNF Guidelines state that all VNFs - should be hypervisor agnostic. Other virtualized environment options - such as containers are not currently supported. However, container - technology is targeted to be supported in the future. - -- 5.3.3 - All VNFs must scale horizontally (scale out/in) within the - Network Cloud. Vertical (scale up/down) is not supported. - -- 5.3.5 - The VNF Guidelines state that ONAP will provide full policy - management for all VNFs. The VNF will not provide its own policy - management for provisioning and management. - -- 5.3.7 - The VNF Guidelines recognizes both stateless and stateful - VNFCs but it encourages the minimization of stateful VNFCs. - -- 5.3.11 - The VNF Guidelines only allows for ONAP management of the - VNF. It does not allow a proprietary management interface for use - with a 3rd party EMS - -Section 5.4 Attributes describing VNF Requirements -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Attributes described in the VNF Guidelines and reference documents -include those attributes defined in this section of the SWA 001 document -but also include additional attributes. - - -**Copyright © 2017 AT&T Intellectual Property. All rights reserved.** - -Unless otherwise specified, all software contained herein is licensed -under the Apache License, Version 2.0 (the “License”); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Unless otherwise specified, all documentation contained herein is licensed -under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -you may not use this documentation except in compliance with the License. -You may obtain a copy of the License at - - https://creativecommons.org/licenses/by/4.0/ - -Unless required by applicable law or agreed to in writing, documentation -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -ECOMP is a trademark and service mark of AT&T Intellectual Property. - -.. [1] - Network Clouds are built on a framework containing these essential - elements: refactoring hardware elements into software functions - running on commodity cloud computing infrastructure; aligning access, - core, and edge networks with the traffic patterns created by IP based - services; integrating the network and cloud technologies on a - software platform that enables rapid, highly automated, deployment - and management of services, and software defined control so that both - infrastructure and functions can be optimized across change in - service demand and infrastructure availability; and increasing - competencies in software integration and a DevOps operations model. - -.. [2] - ONAP is an open source initiative for ECOMP, www.onap.org. - -.. [3] - Softwarization is the transformation of business processes to reflect - characteristics of software centric products, services, lifecycles - and methods. - -.. [4] - “Virtual Network Functions Architecture” ETSI GS NFV-SWA 001 v1.1.1 - (Dec 2012) - -.. [5] - European Telecommunications Standards Institute or ETSI - (http://www.etsi.org) is a respected standards body providing - standards for information and communications technologies. - -.. [6] - Full set of capabilities of Network Cloud and/or ONAP might not be - needed to support traditional IT like workloads. - -.. [7] - xRAN (http://www.xran.org/) - -.. [8] - OpenStack (http://www.openstack.org) - -.. [9] - OpenDaylight (http://www.opendaylight.org) - -.. [10] - OPNFV (http://www.opnfv.org) - -.. [11] - See, e.g., Figure 3 of GS NFV 002, Architectural Framework - -.. [12] - “Architectural Framework”, ETSI GS NFV 002 v1.1.1 (Oct. 2013) - -.. [13] - AT&T, for instance, has announced that it seeks to virtualize and - control 75% of its network functionality by 2020 and that 50% of - AT&T’s software be coming from open source. For AT&T, VNFs have - already been placed in service in the Network Cloud and enterprise - CPE whiteboxes. - -.. [14] - ECOMP (Enhanced Control Orchestration, Management & Policy) - Architecture White Paper - (http://about.att.com/content/dam/snrdocs/ecomp.pdf) - -.. [15] - DPDK is a Linux Foundation Project, developed by hundreds of - contributors, supported by strong leading members, and used in a - growing ecosystem, - `dpdk.org <file:///C:\Users\hp1256\Documents\Matt%20Projects\VNF\2Q17\dpdk.org>`__. - -.. [16] - ECOMP (Enhanced Control Orchestration, Management & Policy) - Architecture White Paper - (http://about.att.com/content/dam/snrdocs/ecomp.pdf) - -.. |image0| image:: VNF_Control_Loop.jpg - :width: 6.56250in - :height: 3.69167in -.. |image1| image:: VNF_Lifecycle.jpg - :width: 6.49000in - :height: 2.23000in -.. |image2| image:: VNF_VNFC_Relation.jpg - :width: 4.26087in - :height: 3.42514in diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Lifecycle.jpg b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Lifecycle.jpg Binary files differdeleted file mode 100644 index 45419e6..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_Lifecycle.jpg +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_VNFC_Relation.jpg b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_VNFC_Relation.jpg Binary files differdeleted file mode 100644 index 0457e86..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/VNF_VNFC_Relation.jpg +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/index.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/index.rst deleted file mode 100644 index f8db545..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Guidelines_for_Network_Cloud_and_ONAP/index.rst +++ /dev/null @@ -1,7 +0,0 @@ -VNF Guidelines for Network Cloud and ONAP 7/3/17 -------------------------------------------------- - -.. toctree:: - :maxdepth: 1 - - VNF_Guidelines_for_Network_Cloud_and_ONAP_7_3_17 diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/Data_Model_For_Event_Records.png b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/Data_Model_For_Event_Records.png Binary files differdeleted file mode 100644 index 1cb7464..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/Data_Model_For_Event_Records.png +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF Management Requirements for OpenECOMP 7-3-2017.docx b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF Management Requirements for OpenECOMP 7-3-2017.docx Binary files differdeleted file mode 100644 index 1c9b991..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF Management Requirements for OpenECOMP 7-3-2017.docx +++ /dev/null diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF_Management_Requirements_for_OpenECOMP_7_3_2017.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF_Management_Requirements_for_OpenECOMP_7_3_2017.rst deleted file mode 100644 index b1facb3..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/VNF_Management_Requirements_for_OpenECOMP_7_3_2017.rst +++ /dev/null @@ -1,1997 +0,0 @@ -.. contents:: - :depth: 3 -.. - -**VNF Management Requirements for ONAP** - -+-----------------+-------------+ -+-----------------+-------------+ -| Revision | 2017-2 | -+-----------------+-------------+ -| Revision Date | 6/30/2017 | -+-----------------+-------------+ - -**Document Revision History** - -+-------------+------------+------------------------------------------------------------------------------------------+ -| Date | Revision | Description | -+=============+============+==========================================================================================+ -| 2/1/2017 | 1.0 | Initial publication defining VNF Management Requirements for ONAP | -+-------------+------------+------------------------------------------------------------------------------------------+ -| 3/31/2017 | 1.1 | Updates to reflect name change from OpenECOMP to ONAP | -+-------------+------------+------------------------------------------------------------------------------------------+ -| 6/30/2017 | 2017-2 | Updates to Monitoring and Management requirements | -| | | | -| | | - Section 4.2 | -| | | | -| | | - Update to verbiage on Data Model | -| | | | -| | | - break out common events and domain-specific events | -| | | | -| | | - update to data model drawing | -| | | | -| | | - Section 4.3 | -| | | | -| | | - new domains and description updates | -| | | | -| | | - re-ordering to sub-sections | -| | | | -| | | Update to Configuration Management requirements to include Chef and Ansible | -| | | | -| | | - Section 2 | -| | | | -| | | - Update Design Definition requirements for resource Configuration | -| | | | -| | | - New Appendix A in support of Chef Design definition requirements | -| | | | -| | | - New Appendix B in support of Ansible Design definition requirements | -| | | | -| | | - Section 3.3 | -| | | | -| | | - New section 3.3 to describe requirements in support of Chef interface to VNFs | -| | | | -| | | - Section 3.4 | -| | | | -| | | - New section 3.4 to describe requirements in support of Ansible interface to VNFs | -| | | | -| | | - New Appendix D in support requirements for optional Ansible Server | -| | | | -| | | - Section 3.5 | -| | | | -| | | - Include VNF operations for support of Chef and Ansible interfaces | -| | | | -| | | Update to Licensing requirements to include Licensing Meta data definition | -| | | | -| | | - Section 2 | -| | | | -| | | - Update Design Definition requirements for Licensing | -| | | | -| | | - New Appendix C to describe Licensing data requirements for Design Definition | -+-------------+------------+------------------------------------------------------------------------------------------+ - -Introduction -============ - -This document is part of a hierarchy of documents that describes the -overall Requirements and Guidelines for ONAP (Open Network Automation -Platform). The diagram below identifies where this document fits in the -hierarchy. - -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| ONAP Requirements and Guidelines | -+=============================================+========================================+===========================================+==============================+=================================+ -| VNF Guidelines for Network Cloud and ONAP | Future ONAP Subject Documents | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ -| VNF Cloud Readiness Requirements for ONAP | VNF Management Requirements for ONAP | VNF Heat Template Requirements for ONAP | Future | Future Requirements Documents | -| | | | VNF Requirements Documents | | -+---------------------------------------------+----------------------------------------+-------------------------------------------+------------------------------+---------------------------------+ - -Document summary: - -*VNF Guidelines for Network Cloud and ONAP* - -- Describes VNF environment and overview of requirements - -*VNF Cloud Readiness Requirements for ONAP* - -- Cloud readiness requirements for VNFs (Design, Resiliency, Security, - and DevOps) - -**VNF Management Requirements for ONAP** - -- Requirements for how VNFs interact and utilize ONAP - -*VNF Heat Template Requirements for ONAP* - -- Provides recommendations and standards for building Heat templates - compatible with ONAP– initial implementations of Network Cloud are - assumed to be OpenStack based. - -Feedback on or questions about the content of this document may be sent -to the following email address: VNFGuidelines@list.att.com. - -The ONAP platform is the part of the larger Network Function -Virtualization/Software Defined Network (NFV/SDN) ecosystem that is -responsible for the efficient control, operation and management of -Virtual Network Function (VNF) capabilities and functions. It specifies -standardized abstractions and interfaces that enable efficient -interoperation of the NVF/SDN ecosystem components. It enables -product/service independent capabilities for design, creation and -runtime lifecycle management (includes all aspects of installation, -change management, assurance, and retirement) of resources in NFV/SDN -environment (see `ECOMP white paper <http://att.com/ecomp>`__\ [1]_). -These capabilities are provided using two major architectural -frameworks: (1) a Design Time Framework to design, define and program -the platform (uniform onboarding), and (2) a Runtime Execution Framework -to execute the logic programmed in the design environment (uniform -delivery and runtime lifecycle management). The platform delivers an -integrated information model based on the VNF package to express the -characteristics and behavior of these resources in the Design Time -Framework. The information model is utilized by Runtime Execution -Framework to manage the runtime lifecycle of the VNFs. The management -processes are orchestrated across various modules of ONAP to -instantiate, configure, scale, monitor, and reconfigure the VNFs using a -set of standard APIs provided by the VNF developers. - -Design Definition -================= - -The ONAP Design Time Framework provides the ability to design NFV -resources including VNFs, Services, and products. The vendor must -provide VNF packages that include a rich set of recipes, management and -functional interfaces, policies, configuration parameters, and -infrastructure requirements that can be utilized by the ONAP Design -module to onboard and catalog these resources. Initially this -information may be provided in documents, but in the near future a -method will be developed to automate as much of the transfer of data as -possible to satisfy its long term requirements. - -The current VNF Package Requirement is based on a subset of the -Requirements contained in the ETSI Document: ETSI GS NFV-MAN 001 v1.1.1 -and GS NFV IFA011 V0.3.0 (2015-10) - Network Functions Virtualization -(NFV), Management and Orchestration, VNF Packaging Specification. - -Table 1. VNF Package - -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID#** | -+==========================+===================================================================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| Resource | The VNF Vendor must provide a Manifest File that contains a list of all the components in the VNF package. | Must | 10010 | -| | | | | -| Description | | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The package must include VNF Identification Data to uniquely identify the resource for a given Vendor. The identification data must include: an identifier for the VNF, the name of the VNF as was given by the VNF Vendor, VNF description, VNF Vendor, and version. | Must | 10020 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide documentation describing VNF Management APIs. The document must include information and tools for: | Must | 10030 | -| | | | | -| | - ONAP to deploy and configure (initially and ongoing) the VNF application(s) (e.g., NETCONF APIs). Includes description of configurable parameters for the VNF and whether the parameters can be configured after VNF instantiation. | | | -| | | | | -| | - ONAP to monitor the health of the VNF (conditions that require healing and/or scaling responses). Includes a description of: | | | -| | | | | -| | - Parameters that can be monitored for the VNF and event records (status, fault, flow, session, call, control plane, etc.) generated by the VNF after instantiation. | | | -| | | | | -| | - Runtime lifecycle events and related actions (e.g., control responses, tests) which can be performed for the VNF. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF package must include documentation describing VNF Functional APIs that are utilized to build network and application services. This document describes the externally exposed functional inputs and outputs for the VNF, including interface format and protocols supported. | Must | 10040 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide documentation describing VNF Functional Capabilities that are utilized to operationalize the VNF and compose complex services. | Must | 10050 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide information regarding any dependency (e.g., affinity, anti-affinity) with other VNFs and resources. | Must | 10060 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Resource | The VNF Vendor must support and provide artifacts for configuration management using at least one of the following technologies: | Must | 10070 | -| | | | | -| Configuration | - Netconf/YANG | | | -| | | | | -| | - Chef | | | -| | | | | -| | - Ansible | | | -| | | | | -| | Note: The requirements for Netconf/YANG, Chef, and Ansible protocols are provided separately and must be supported only if the corresponding protocol option is provided by the vendor. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | **Configuration Management via Netconf/YANG** | Must | 10071 | -| | | | | -| | The VNF Vendor must provide a Resource/Device YANG model as a foundation for creating the YANG model for configuration. This will include VNF attributes/parameters and valid values/attributes configurable by policy. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | **Configuration Management via Chef** | Must | 10072 | -| | | | | -| | - VNF Vendor must provide cookbooks to be loaded on the appropriate Chef Server. | | | -| | | | | -| | - The VNF Vendor is required to provide a JSON file for each supported action for the VNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix A. | | | -| | | | | -| | Note: Chef support in ONAP is not currently available and planned for 4Q 2017. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | **Configuration Management via Ansible** | Must | 10073 | -| | | | | -| | - VNF Vendor must provide playbooks to be loaded on the appropriate Ansible Server. | | | -| | | | | -| | - The VNF Vendor is required to provide a JSON file for each supported action for the VNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix B. | | | -| | | | | -| | Note: Ansible support in ONAP is not currently available and planned for 4Q 2017. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Package must include configuration scripts for boot sequence and configuration. | Must | 10080 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide configurable parameters (if unable to conform to YANG model) including VNF attributes/parameters and valid values, dynamic attributes and cross parameter dependencies (e.g., customer provisioning data). | Must | 10090 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Resource | The VNF Vendor must provide documentation for the VNF Policy Description to manage the VNF runtime lifecycle. The document must include a description of how the policies (conditions and actions) are implemented in the VNF. | Must | 10100 | -| | | | | -| Control Loop | | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Package must include documentation describing the fault, performance, capacity events/alarms and other event records that are made available by the VNF. The document must include: | Must | 10110 | -| | | | | -| | - A unique identification string for the specific VNF, a description of the problem that caused the error, and steps or procedures to perform Root Cause Analysis and resolve the issue. | | | -| | | | | -| | - All events, severity level (e.g., informational, warning, error) and descriptions including causes/fixes if applicable for the event. | | | -| | | | | -| | - All events (fault, measurement for VNF Scaling, Syslogs, State Change and Mobile Flow), that need to be collected at each VM, VNFC (defined in *VNF Guidelines for Network Cloud and ONAP*) and for the overall VNF. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide an XML file that contains a list of VNF error codes, descriptions of the error, and possible causes/corrective action. | Must | 10120 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Provide documentation describing all parameters that are available to monitor the VNF after instantiation (includes all counters, OIDs, PM data, KPIs, etc.) that must be collected for reporting purposes. The documentation must include a list of: | Must | 10130 | -| | | | | -| | - Monitoring parameters/counters exposed for virtual resource management and VNF application management. | | | -| | | | | -| | - KPIs and metrics that need to be collected at each VM for capacity planning and performance management purposes. | | | -| | | | | -| | - The monitoring parameters must include latencies, success rates, retry rates, load and quality (e.g., DPM) for the key transactions/functions supported by the VNF and those that must be exercised by the VNF in order to perform its function. | | | -| | | | | -| | - For each KPI, provide lower and upper limits. | | | -| | | | | -| | - When relevant, provide a threshold crossing alert point for each KPI and describe the significance of the threshold crossing. | | | -| | | | | -| | - For each KPI, identify the suggested actions that need to be performed when a threshold crossing alert event is recorded. | | | -| | | | | -| | - Describe any requirements for the monitoring component of tools for Network Cloud automation and management to provide these records to components of the VNF. | | | -| | | | | -| | - When applicable, provide calculators needed to convert raw data into appropriate reporting artifacts. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Package must include documentation describing supported VNF scaling capabilities and capacity limits (e.g., number of users, bandwidth, throughput, concurrent calls). | Must | 10140 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Package must include documentation describing the characteristics for the VNF reliability and high availability. | Must | 10150 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF vendor must provide an artifact per VNF that contains all of the VNF Event Records supported. The artifact should include reference to the specific release of the VNF Event Stream Common Event Data Model document it is based on. ( `AT&T Service Specification; Service: VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__) | Must | 10151 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Compute, | The VNF Package must include VNF topology that describes basic network and application connectivity internal and external to the VNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if applicable) for each interface. | Must | 10160 | -| | | | | -| Network, | | | | -| | | | | -| Storage | | | | -| | | | | -| Requirements | | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Package must include VM requirements via a Heat template that provides the necessary data for: | Must | 10170 | -| | | | | -| | - VM specifications for all VNF components - for hypervisor, CPU, memory, storage. | | | -| | | | | -| | - Network connections, interface connections, internal and external to VNF. | | | -| | | | | -| | - High availability redundancy model. | | | -| | | | | -| | - Scaling/growth VM specifications. | | | -| | | | | -| | Note: Must comply with the *VNF Heat Template Requirements for ONAP*. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide the binaries and images needed to instantiate the VNF (VNF and VNFC images). | Must | 10180 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must describe scaling capabilities to manage scaling characteristics of the VNF. | Must | 10190 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Testing | The VNF Package must include documentation describing the tests that were conducted by the Vendor and the test results. | Must | 10200 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide their testing scripts to support testing. | Must | 10210 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must provide software components that can be packaged with/near the VNF, if needed, to simulate any functions or systems that connect to the VNF system under test. This component is necessary only if the existing testing environment does not have the necessary simulators. | Must | 10220 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Licensing Requirements | VNFs must provide metrics (e.g., number of sessions, number of subscribers, number of seats, etc.) to ONAP for tracking every license. | Must | 10230 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Contract shall define the reporting process and the available reporting tools. The vendor will have to agree to the process that can be met by Service Provider reporting infrastructure. | Must | 10240 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | VNF vendors shall enumerate all of the open source licenses their VNF(s) incorporate. | Must | 10250 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Audits of Service Provider’s business must not be required. | Must | 10260 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Vendor functions and metrics that require additional infrastructure such as a vendor license server for deployment shall not be supported. | Must | 10270 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Provide clear measurements for licensing purposes to allow automated scale up/down by the management system. | Must | 10280 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The vendor must provide the ability to scale up a vendor supplied product during growth and scale down a vendor supplied product during decline without “real-time” restrictions based upon vendor permissions. | Must | 10290 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | A universal license key must be provided per VNF to be used as needed by services (i.e., not tied to a VM instance) as the recommended solution. The vendor may provide pools of Unique VNF License Keys, where there is a unique key for each VNF instance as an alternate solution. Licensing issues should be resolved without interrupting in-service VNFs. | Must | 10300 | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF Vendor must support the metadata about licenses (and their applicable entitlements) as defined in this document for VNF software, and any license keys required to authorize use of the VNF software. This metadata will be used to facilitate onboarding the VNF into the ONAP environment and automating processes for putting the licenses into use and managing the full lifecycle of the licenses. | Must | 10310 | -| | | | | -| | The details of this license model are described in Appendix C. | | | -| | | | | -| | Note: License metadata support in ONAP is not currently available and planned for 1Q 2018. | | | -+--------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -Configuration Management -======================== - -ONAP interacts directly with VNFs through its Network and Application -Adapters to perform configuration activities within NFV environment. -These activities include service and resource -configuration/reconfiguration, automated scaling of resources, service -and resource removal to support runtime lifecycle management of VNFs and -services. The Adapters employ a model driven approach along with -standardized APIs provided by the VNF developers to configure resources -and manage their runtime lifecycle. - -NETCONF Standards and Capabilities ----------------------------------- - -ONAP Controllers and their Adapters utilize device YANG model and -NETCONF APIs to make the required changes in the VNF state and -configuration. The VNF providers must provide the Device YANG model and -NETCONF server supporting NETCONF APIs to comply with target ONAP and -industry standards. - -**Table 2. VNF Configuration via NETCONF** - -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID #** | -+=================+=======================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| Configuration | Virtual Network functions (VNFs) must include a NETCONF server enabling runtime configuration and lifecycle management capabilities. The NETCONF server embedded in VNFs shall provide a NETCONF interface fully defined by supplied YANG models. | Must | 11010 | -| | | | | -| Management | | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| NETCONF | NETCONF server connection parameters shall be configurable during virtual machine instantiation through Heat templates where SSH keys, usernames, passwords, SSH service and SSH port numbers are Heat template parameters. | Must | 11020 | -| | | | | -| Server | | | | -| | | | | -| Requirements | | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Following protocol operations must be implemented: | Must | 11030 | -| | | | | -| | **close-session()**- Gracefully close the current session. | | | -| | | | | -| | **commit(confirmed, confirm-timeout)** - Commit candidate configuration datastore to the running configuration. | | | -| | | | | -| | **discard-changes()** - Revert the candidate configuration datastore to the running configuration | | | -| | | | | -| | **edit-config(target, default-operation, test-option, error-option, config)** - Edit the target configuration datastore by merging, replacing, creating, or deleting new config elements. | | | -| | | | | -| | **get(filter)** - Retrieve (a filtered subset of) the running configuration and device state information. This should include the list of VNF supported schemas. | | | -| | | | | -| | **get-config(source, filter)** - Retrieve a (filtered subset of a) configuration from the configuration datastore source. | | | -| | | | | -| | **kill-session(session)** - Force the termination of **session**. | | | -| | | | | -| | **lock(target)** - Lock the configuration datastore target. | | | -| | | | | -| | **unlock(target)** - Unlock the configuration datastore target. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Following protocol operations should be implemented: | Should | 11040 | -| | | | | -| | **copy-config(target, source) -** Copy the content of the configuration datastore source to the configuration datastore target. | | | -| | | | | -| | **delete-config(target) -** Delete the named configuration datastore target. | | | -| | | | | -| | **get-schema(identifier, version, format) -** Retrieve the YANG schema. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | All configuration data shall be editable through a NETCONF <*edit-config*> operation. Proprietary NETCONF RPCs that make configuration changes are not sufficient. | Must | 11050 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | By default, the entire configuration of the VNF must be retrievable via NETCONF's <get-config> and <edit-config>, independently of whether it was configured via NETCONF or other mechanisms. | Must | 11060 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The **:partial-lock** and **:partial-unlock** capabilities, defined in RFC 5717 must be supported. This allows multiple independent clients to each write to a different part of the <running> configuration at the same time. | Must | 11070 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The **:rollback-on-error** value for the <error-option> parameter to the <edit-config> operation must be supported. If any error occurs during the requested edit operation, then the target database (usually the running configuration) will be left affected. This provides an 'all-or-nothing' edit mode for a single <edit-config> request. | Must | 11080 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The server must support the **:startup** capability. It will allow the running configuration to be copied to this special database. It can also be locked and unlocked. | Must | 11090 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The **:url** value must be supported to specify protocol operation source and target parameters. The capability URI for this feature will indicate which schemes (e.g., file, https, sftp) that the server supports within a particular URL value. The 'file' scheme allows for editable local configuration databases. The other schemes allow for remote storage of configuration databases. | Must | 11100 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | At least one of the capabilities **:candidate** or **:writable-running** must be implemented. If both **:candidate** and **:writable-running** are provided then two locks should be supported. | Must | 11110 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The server must fully support the XPath 1.0 specification for filtered retrieval of configuration and other database contents. The 'type' attribute within the <filter> parameter for <get> and <get-config> operations may be set to 'xpath'. The 'select' attribute (which contains the XPath expression) will also be supported by the server. A server may support partial XPath retrieval filtering, but it cannot advertise the **:xpath** capability unless the entire XPath 1.0 specification is supported. | Must | 11120 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The **:validate** capability must be implemented. | Must | 11130 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | If **:candidate** is supported, **:confirmed-commit** must be implemented. | Must | 11140 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The **:with-defaults** capability [RFC6243] shall be implemented. | Must | 11150 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Data model discovery and download as defined in [RFC6022] shall be implemented. | Must | 11160 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | NETCONF Event Notifications [RFC5277] should be implemented. | Should | 11170 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | All data models shall be defined in YANG [RFC6020], and the mapping to NETCONF shall follow the rules defined in this RFC. | Must | 11180 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The data model upgrade rules defined in [RFC6020] section 10 should be followed. All deviations from section 10 rules shall be handled by a built-in automatic upgrade mechanism. | Must | 11190 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF must support parallel and simultaneous configuration of separate objects within itself. | Must | 11200 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Locking is required if a common object is being manipulated by two simultaneous NETCONF configuration operations on the same VNF within the context of the same writable running data store (e.g., if an interface parameter is being configured then it should be locked out for configuration by a simultaneous configuration operation on that same interface parameter). | Must | 11210 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Locking must be applied based on the sequence of NETCONF operations, with the first configuration operation locking out all others until completed. | Must | 11220 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | If a VNF needs to lock an object for configuration, the lock must be permitted at the finest granularity to avoid blocking simultaneous configuration operations on unrelated objects (e.g., BGP configuration should not be locked out if an interface is being configured, Entire Interface configuration should not be locked out if a non-overlapping parameter on the interface is being configured). The granularity of the lock must be able to be specified via a restricted or full XPath expression. | Must | 11230 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | All simultaneous configuration operations should guarantee the VNF configuration integrity (e.g., if a change is attempted to the BUM filter rate from multiple interfaces on the same EVC, then they need to be sequenced in the VNF without locking either configuration method out). | Must | 11240 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | To prevent permanent lock-outs, locks must be released: | Must | 11250 | -| | | | | -| | a. when/if a session applying the lock is terminated (e.g., SSH session is terminated) | | | -| | | | | -| | b. when the corresponding <partial-unlock> operation succeeds | | | -| | | | | -| | c. when a user configured timer has expired forcing the NETCONF SSH Session termination (i.e., product must expose a configuration knob for a user setting of a lock expiration timer) | | | -| | | | | -| | Additionally, to guard against hung NETCONF sessions, another NETCONF session should be able to initiate the release of the lock by killing the session owning the lock, using the <kill-session> operation. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF should support simultaneous <commit> operations within the context of this locking requirements framework. | Must | 11260 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The supplied YANG code and associated NETCONF servers shall support all operations, administration and management (OAM) functions available from the supplier for VNFs. | Must | 11270 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Sub tree filtering must be supported. | Must | 11280 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Heartbeat via a <get> with null filter shall be supported. | Must | 11290 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Get-schema (ietf-netconf-monitoring) must be supported to pull YANG model over session. | Must | 11300 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The supplied YANG code shall be validated using the open source pyang [2]_ program using the following commands: | Must | 11310 | -| | | | | -| | $ pyang --verbose --strict <YANG-file-name(s)> | | | -| | | | | -| | $ echo $! | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The echo command must return a zero value otherwise the validation has failed. | Must | 11320 | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The supplier shall demonstrate mounting the NETCONF server on OpenDaylight (client) and: | Must | 11330 | -| | | | | -| | - Modify, update, change, rollback configurations using each configuration data element. | | | -| | | | | -| | - Query each state (non-configuration) data element. | | | -| | | | | -| | - Execute each YANG RPC. | | | -| | | | | -| | - Receive data through each notification statement. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -The following table provides the Yang models that suppliers must -conform, and those where applicable, that suppliers need to use. - -Table 3. YANG Models - -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| **RFC** | **Description** | **Type** | **ID #** | -+================+====================================================================================+============+============+ -| RFC 6020 | YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF) | Must | 12010 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 6022 | YANG module for NETCONF monitoring | Must | 12020 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 6470 | NETCONF Base Notifications | Must | 12030 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 6244 | An Architecture for Network Management Using NETCONF and YANG | Must | 12040 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 6087 | Guidelines for Authors and Reviewers of YANG Data Model Documents | Must | 12050 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| \*\*RFC 6991 | Common YANG Data Types | Should | 12060 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 6536 | NETCONF Access Control Model | Should | 12070 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 7223 | A YANG Data Model for Interface Management | Should | 12080 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 7224 | IANA Interface Type YANG Module | Should | 12090 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 7277 | A YANG Data Model for IP Management | Should | 12100 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 7317 | A YANG Data Model for System Management | Should | 12110 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ -| RFC 7407 | A YANG Data Model for SNMP Configuration | Should | 12120 | -+----------------+------------------------------------------------------------------------------------+------------+------------+ - -The NETCONF server interface shall fully conform to the following -NETCONF RFCs. - -Table 4. NETCONF RFCs - -+------------+--------------------------------------------------------------------+------------+------------+ -| **RFC** | **Description** | **Type** | **ID #** | -+============+====================================================================+============+============+ -| RFC 4741 | NETCONF Configuration Protocol | Must | 12130 | -+------------+--------------------------------------------------------------------+------------+------------+ -| RFC 4742 | Using the NETCONF Configuration Protocol over Secure Shell (SSH) | Must | 12140 | -+------------+--------------------------------------------------------------------+------------+------------+ -| RFC 5277 | NETCONF Event Notification | Must | 12150 | -+------------+--------------------------------------------------------------------+------------+------------+ -| RFC 5717 | Partial Lock Remote Procedure Call | Must | 12160 | -+------------+--------------------------------------------------------------------+------------+------------+ -| RFC 6241 | NETCONF Configuration Protocol | Must | 12170 | -+------------+--------------------------------------------------------------------+------------+------------+ -| RFC 6242 | Using the Network Configuration Protocol over Secure Shell | Must | 12180 | -+------------+--------------------------------------------------------------------+------------+------------+ - -VNF REST APIs --------------- - -Healthcheck is a command for which no NETCONF support exists. Therefore, -this must be supported using a RESTful interface which we have defined. - -The VNF must provide a REST formatted GET RPCs to support Healthcheck -queries via the GET method over HTTP(s). - -The port number, url, and other authentication information is provided -by the VNF vendor. - -**Table 5. VNF REST APIs** - -+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principal** | **Description** | **Type** | **ID #** | -+=================+=======================================================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| REST APIs | The HealthCheck RPC, executes a vendor-defined VNF Healthcheck over the scope of the entire VNF (e.g., if there are multiple VNFCs, then run a health check, as appropriate, for all VNFCs). It returns a 200 OK if the test completes. A JSON object is returned indicating state (healthy, unhealthy), scope identifier, time-stamp and one or more blocks containing info and fault information. | Must | 12190 | -| | | | | -| | If the VNF is unable to run the HealthCheck, return a standard http error code and message. | | | -| | | | | -| | Examples: | | | -| | | | | -| | 200 | | | -| | | | | -| | { | | | -| | | | | -| | "identifier": "scope represented", | | | -| | | | | -| | "state": "healthy", | | | -| | | | | -| | "time": "01-01-1000:0000" | | | -| | | | | -| | } | | | -| | | | | -| | 200 | | | -| | | | | -| | { | | | -| | | | | -| | "identifier": "scope represented", | | | -| | | | | -| | "state": "unhealthy", | | | -| | | | | -| | {[ | | | -| | | | | -| | "info": "System threshold exceeded details", | | | -| | | | | -| | "fault": | | | -| | | | | -| | { | | | -| | | | | -| | "cpuOverall": 0.80, | | | -| | | | | -| | "cpuThreshold": 0.45 | | | -| | | | | -| | } | | | -| | | | | -| | ]}, | | | -| | | | | -| | "time": "01-01-1000:0000" | | | -| | | | | -| | } | | | -+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -Chef Standards and Capabilities -------------------------------- - -ONAP will support configuration of VNFs via Chef subject to the -requirements and guidelines defined in this section. - -The Chef configuration management mechanism follows a client-server -model. It requires the presence of a Chef-Client on the VNF that will be -directly managed by a Chef Server. The Chef-client will register with -the appropriate Chef Server and are managed via ‘cookbooks’ and -configuration attributes loaded on the Chef Server which contain all -necessary information to execute the appropriate actions on the VNF via -the Chef-client. - -ONAP will utilize the open source Chef Server, invoke the documented -Chef REST APIs to manage the VNF and requires the use of open source -Chef-Client and Push Jobs Client on the VNF -(https://downloads.chef.io/). - -**Table 6. VNF Configuration via Chef** - -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID #** | -+============================+===============================================================================================================================================================================================================================================================================================================+============+============+ -| Chef Server Requirements | ONAP will interact with the Chef Server designated to manage a target VNF. ONAP design allows for the VNF to register with the following types of Chef Server [3]_: | Must | 12310 | -| | | | | -| | - **Chef Server hosted by ONAP**: ONAP will provide a Chef Server to manage a VNF. If this choice is used then it is required that the VNF Vendor provide all relevant cookbooks to ONAP to be loaded on the Chef Server. | | | -| | | | | -| | - **Chef Server hosted in Tenant Space**: The Chef Server may also be hosted external to ONAP in tenant space. Same guidelines as ONAP Chef Server apply. In addition, the owner is required to provide appropriate credentials to ONAP in order to interact with the Chef Server. | | | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Chef Client | It is required that as part of the installation process, the chef-client on the VNF be preloaded with validator keys and configuration to register with the designated Chef Server. | Must | 12320 | -| | | | | -| Requirements | | | | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | All the endpoints (VMs) of a VNF that contain chef-clients are required to have routable FQDNs which are used to register with the Chef Server. As part of invoking VNF actions, ONAP will trigger push jobs against FQDNs of endpoints for a VNF, if required. | Must | 12330 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is recommended that each VNF expose a single endpoint that is responsible for all functionality. | May | 12331 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is required that the VNF be installed with | Must | 12340 | -| | | | | -| | - Chef-Client >= 12.0 | | | -| | | | | -| | - Chef push jobs client >= 2.0 | | | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Chef Roles/ | Each VNF Vendor is required to make available for loading on appropriate Chef Server, all relevant Chef artifacts (roles/cookbooks/recipes) required to execute VNF actions requested by ONAP. | Must | 12350 | -| | | | | -| Requirements | | | | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | For each supported VNF action, the VNF Vendor is required to provide a run list of roles/cookbooks/recipes that will perform the desired VNF action in its entirety as specified by ONAP (see Section 3.5 for list of VNF actions and requirements), when triggered by a chef-client run list in JSON file. | Must | 12360 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Roles/cookbooks/recipes invoked for a VNF action must not contain any instance specific parameters for the VNF. Instead they must accept all necessary instance specific data from the environment or node object attributes. | Must | 12370 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is required that all configurable parameters in the roles, cookbooks and recipes that can be set by ONAP, over-ride any default values. | Must | 12380 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is required that when executing a VNF action, if the chef-client run encounters any critical errors/failures, it update status on the Chef Server appropriately (e.g., via a fail or raise an exception). | Must | 12390 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | If the VNF action requires the output of a chef-client run be made available (e.g., get running configuration), an attribute, defined as node[‘PushJobOutput’] must be populated with the desired output on all nodes in the push job that execute chef-client run. | Must | 12400 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is recommended that, for actions that change state of the VNF (e.g., configure), the Vendor design appropriate cookbooks that can automatically ‘rollback’ to the original state in case of any errors. | Must | 12410 | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is recommended that any chef-client run associated with a VNF action support callback URLs to return information to ONAP upon completion of the chef-client run. | Should | 12420 | -| | | | | -| | - As part of the push job, ONAP will provide two parameters in the environment of the push job JSON object: | | | -| | | | | -| | - ‘RequestId’ a unique Id to be used to identify the request, | | | -| | | | | -| | - ‘CallbackUrl’, the URL to post response back. | | | -| | | | | -| | - If the CallbackUrl field is empty or missing in the push job, then the chef-client run need not post the results back via callback. | | | -| | | | | -| | - If the chef-client run list includes a cookbook/recipe that is callback capable, it is required to, upon completion of the chef-client run, POST back on the callback URL, a JSON object as described in Table A2. | | | -| | | | | -| | - Failure to POST on the Callback Url should not be considered a critical error. That is, if the chef-client successfully completes the VNF action, it should reflect this status on the Chef Server regardless of whether the Callback succeeded or not. | | | -+----------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -ONAP Chef API Usage -~~~~~~~~~~~~~~~~~~~ - -This section outlines the workflow that ONAP invokes when it receives an -action request against a Chef managed VNF. - -1. When ONAP receives a request for an action for a Chef Managed VNF, it - retrieves the corresponding template (based on **action** and - **VNF)** from its database and sets necessary values in the - “Environment”, “Node” and “NodeList” keys (if present) from either - the payload of the received action or internal data. - -2. If “Environment” key is present in the updated template, it posts the - corresponding JSON dictionary to the appropriate Environment object - REST endpoint on the Chef Server thus updating the Environment - attributes on the Chef Server. - -3. Next, it creates a Node Object from the “Node” JSON dictionary for - all elements listed in the NodeList (using the FQDN to construct the - endpoint) by replicating it [4]_. As part of this process, it will - set the name field in each Node Object to the corresponding FQDN. - These node objects are then posted on the Chef Server to - corresponding Node Object REST endpoints to update the corresponding - node attributes. - -4. If PushJobFlag is set to “True” in the template, ONAP requests a push - job against all the nodes in the NodeList to trigger - chef-client\ **.** It will not invoke any other command via the push - job. ONAP will include a callback URL in the push job request and a - unique Request Id. An example push job posted by ONAP is listed - below: - - { - - "command": "chef-client", - - "run\_timeout": 300, - - "nodes”: [“node1.vnf\_a.onap.com”, “node2.vnf\_a.onap.com”], - - "env": { - - “RequestId”:”8279-abcd-aksdj-19231”, - - “CallbackUrl”:”<callback url>” - - }, - - } - -5. If CallbackCapable field in the template is not present or set to - “False” ONAP will poll the Chef Server to check completion status of - the push job. - -6. If “GetOutputFlag” is set to “True” in the template and - CallbackCapable is not set to “True”, ONAP will retrieve any output - from each node where the push job has finished by accessing the Node - Object attribute node[‘PushJobOutput’]. - -Ansible Standards and Capabilities ----------------------------------- - -ONAP will support configuration of VNFs via Ansible subject to the -requirements and guidelines defined in this section. - -Ansible allows agentless management of VMs via execution of ‘playbooks’ -over ssh. The ‘playbooks’ are a structured set of tasks which contain -all the necessary data and execution capabilities to take the necessary -action on one or more target VMs of the VNF. ONAP will utilize the -framework of an Ansible Server that will host and invoke playbooks to -manage VNFs that support Ansible. - -**Table 7. VNF Configuration via Ansible** - -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID #** | -+===============================+========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| Ansible Server Requirements | ONAP will utilize an Ansible server in order to manage VNFs that support Ansible playbooks. We note that Ansible in general does not require the use of a server. However, this framework has been adopted to align with ONAP architecture, ease of management and scalability. | Must | 12510 | -| | | | | -| | All playbooks for the VNF will be hosted on a designated Ansible Server that meets ONAP Ansible API requirements. ONAP design allows for VNFs to be managed by an Ansible Server in any of the two following forms [5]_: | | | -| | | | | -| | - **Ansible Server hosted by ONAP**: ONAP will provide an Ansible Server to manage a VNF. If this choice is used then it is required that the VNF Vendor provide all relevant playbooks to ONAP to be loaded on the Ansible Server. | | | -| | | | | -| | - **Ansible Server hosted in Tenant Space**: Same guidelines as the ONAP Ansible Server. The Ansible Server must meet the ONAP Ansible Server API Interface requirements. | | | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Client | The endpoints (VMs) of a VNF on which playbooks will be executed must have routable FQDNs that are reachable via the Ansible Server. ONAP will initiate requests to the Ansible Server for invocation of playbooks against these end points [6]_. | Must | 12520 | -| | | | | -| Requirements | | | | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is recommended that a VNF typically have a single endpoint. | May | 12521 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The endpoint VM(s) of a VNF on which an Ansible playbook will be executed is required to have Python >= 2.7. | Must | 12530 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The endpoint VM(s) must support SSH and allow SSH access to the Ansible server in line with Network Cloud Service Provider guidelines for authentication and access. | Must | 12540 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Playbook | An Ansible playbook is a collection of tasks that is executed on the Ansible server (local host) and/or the target VM (s) in order to complete the desired action. Each VNF Vendor is required to make available (or load on VNF Ansible Server) playbooks that conform to the ONAP requirements. | Must | 12550 | -| | | | | -| Requirements | | | | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is required that each VNF action be supported by invocation of **one** playbook [7]_. The playbook will be responsible for executing all necessary tasks (as well as calling other playbooks) to complete the request. | Must | 12560 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | A playbook must not contain any instance specific parameters. It must utilize information from key value pairs that will be provided by the Ansible Server as extra-vars during invocation to execute the desired VNF action. If the playbook requires files, they must also be supplied using the methodology detailed in the Ansible Server API. | Must | 12570 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The Ansible Server will determine if a playbook invoked to execute a VNF action finished successfully or not using the “PLAY\_RECAP” summary in Ansible log. The playbook will be considered to successfully finish only if the “PLAY RECAP” section at the end of playbook execution output has no unreachable hosts and no failed tasks. Otherwise, the playbook will be considered to have failed. | Must | 12580 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | VNF vendor must design playbooks to allow Ansible Server to infer failure or success based on the “PLAY\_RECAP” capability. | Must | 12590 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | If, as part of a VNF action (e.g., audit), a playbook is required to return any VNF information, it must be written to a specific set of text files that will be retrieved and made available by the Ansible Server. The text files must be written in the same directory as the one from which the playbook is being executed. A text file must be created for each host the playbook is run on, with the name ‘<playbook name> <hostname>\_results.txt’ into which any desired output from each respective VM/VNF must be written. | Must | 12600 | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | It is recommended that, for actions that change state of the VNF (e.g., configure), the VNF Vendor design appropriate playbooks that can automatically ‘rollback’ to the original state in case of any errors. | Should | 12610 | -| | | | | -| | NOTE: In case rollback at the playbook level is not supported or possible, vendor shall provide alternative locking mechanism (e.g., for a small VNF the rollback mechanism may rely on workflow to terminate and re-instantiate VNF VMs and then re-run playbook(s)). | | | -+-------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -ONAP Controller APIs and Behavior ---------------------------------- - -ONAP Controllers support the following operations which act directly -upon the VNF. Most of these utilize the NETCONF interface. There are -additional commands in use but these either act internally on Controller -itself or depend upon network cloud components for implementation. Those -actions do not put any special requirement on the VNF provider. - -The following table summarizes how the VNF must act in response to -commands from ONAP. - -Table 8. ONAP Controller APIs and NETCONF Commands - -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Action** | **Description** | **NETCONF Commands** | -+=====================+==================================================================================================================================================================================================================================================================================+===============================================================================================================================================================================================================================+ -| Action | Queries ONAP Controller for the current state of a previously submitted runtime LCM (Lifecycle Management) action. | There is currently no way to check the request status in NETCONF so action status is managed internally by the ONAP controller. | -| | | | -| Status | | | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Audit, Sync | Compare active (uploaded) configuration against the current configuration in the ONAP controller. Audit returns failure if different. Sync considers the active (uploaded) configuration as the current configuration. | The <get-config> operation is used to retrieve the running configuration from the VNF. | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Lock, | Returns true when the given VNF has been locked. | There is currently no way to query lock state in NETCONF so VNF locking and unlocking is managed internally by the ONAP controller. | -| | | | -| Unlock, | | | -| | | | -| CheckLock | | | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Configure, | Configure applies a post-instantiation configuration the target VNF or VNFC. ConfigModify updates only a subset of the total configuration parameters of a VNF. | The <edit-config> operation loads all or part of a specified configuration data set to the specified target database. If there is no <candidate/> database, then the target is the <running/> database. A <commit> follows. | -| | | | -| ConfigModify | | | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Health | Executes a VNF health check and returns the result. A health check is VNF-specific. | The ONAP health check interface is defined over REST and requires the target VNF to expose a standardized HTTP(S) interface for that purpose. See Section 3.2. | -| | | | -| Check | | | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| StartApplication, | ONAP requests application to be started or stopped on the VNF or VNFC. These actions do not need to be supported if (1) the application starts automatically after Configure or if the VM’s are started and (2) the application gracefully shuts down if the VM’s are stopped. | These commands have no specific NETCONF RPC action. | -| | | | -| StopApplication | | They can be supported using Ansible or Chef (see Table 9 below). | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| SoftwareUpload, | Upgrades the target VNF to a new version without interrupting VNF operation. | These commands have no specific NETCONF RPC action. | -| | | | -| LiveUpgrade | | They can be supported using Ansible or Chef (see Table 9 below). | -+---------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Table 9 lists the required Chef and Ansible support for commands from -ONAP. - -Table 9. ONAP Controller APIs and Chef/Ansible Support - -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| **Action** | **Chef** | **Ansible** | -+=====================+==================================================================================================================================================================================================================================================================================================+=========================================================================================================================================================================================================================================================+ -| Action | Not needed. ActionStatus is managed internally by the ONAP controller. | Not needed. ActionStatus is managed internally by the ONAP controller. | -| | | | -| Status | | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Audit, Sync | VNF Vendor must provide any necessary roles, cookbooks, recipes to retrieve the running configuration from a VNF and place it in the respective Node Objects ‘PushJobOutput’ attribute of all nodes in NodeList when triggered by a chef-client run. | VNF Vendor must provide an Ansible playbook to retrieve the running configuration from a VNF and place the output on the Ansible server in a manner aligned with playbook requirements listed in this document. | -| | | | -| | The JSON file for this VNF action is required to set “PushJobFlag” to “True” and “GetOutputFlag” to “True”. The “Node” JSON dictionary must have the run list populated with the necessary sequence of roles, cookbooks, recipes. | The PlaybookName must be provided in the JSON file. | -| | | | -| | The Environment and Node values should contain all appropriate configuration attributes. | NodeList must list FQDNs of an example VNF on which to execute playbook. | -| | | | -| | NodeList must list sample FQDNs that are required to conduct a chef-client run for this VNF Action. | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Lock, | Not needed. VNF locking and unlocking is managed internally by the ONAP controller. | Not needed. VNF locking and unlocking is managed internally by the ONAP controller. | -| | | | -| Unlock, | | | -| | | | -| CheckLock | | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Configure, | VNF Vendor must provide any necessary roles, cookbooks, recipes to apply configuration attributes to the VNF when triggered by a chef-client run. All configurable attributes must be obtained from the Environment and Node objects on the Chef Server. | VNF Vendor must provide an Ansible playbook that can configure the VNF with parameters supplied by the Ansible Server. | -| | | | -| ConfigModify | The JSON file for this VNF action should include all configurable attributes in the Environment and/or Node JSON dictionary. | The PlaybookName must be provided in the JSON file. | -| | | | -| | The “PushJobFlag” must be set to “True”. | The “EnvParameters” and/or “FileParameters” field values should be provided and contain all configurable parameters for the VNF. | -| | | | -| | The “Node” JSON dictionary must have the run list populated with necessary sequence of roles, cookbooks, recipes. This action is not expected to return an output. | NodeList must list FQDNs of an example VNF on which to execute playbook. | -| | | | -| | “GetOutputFlag” must be set to “False”. | | -| | | | -| | NodeList must list sample FQDNs that are required to conduct a chef-client run for this VNF Action. | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Health | The ONAP health check interface is defined over REST and requires the target VNF to expose a standardized HTTP(S) interface for that purpose. See Section 3.2. | The ONAP health check interface is defined over REST and requires the target VNF to expose a standardized HTTP(S) interface for that purpose. See Section 3.2. | -| | | | -| Check | | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| StartApplication, | VNF Vendor must provide roles, cookbooks, recipes to start an application on the VNF when triggered by a chef-client run. If application does not start, the run must fail or raise an exception. If application is already started, or starts successfully, the run must finish successfully. | VNF Vendor must provide an Ansible playbook to start the application on the VNF. If application does not start, the playbook must indicate failure. If application is already started, or starts successfully, the playbook must finish successfully. | -| | | | -| StopApplication | For StopApplication, the application must be stopped gracefully (no loss of traffic). | For StopApplication, the application must be stopped gracefully (no loss of traffic). | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| SoftwareUpload, | VNF Vendor must provide any necessary roles, cookbooks, recipes to apply a software upgrade to the VNF when triggered by a chef-client run. | VNF Vendor must provide an Ansible playbook that can apply a software upgrade to the VNF when triggered by the Ansible server | -| | | | -| LiveUpgrade | | | -+---------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -For information purposes, the following ONAP controller functions are -planned in the future: - -Table 10. Planned ONAP Controller Functions - -+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ConfigSave, | ConfigSave stores the VNF running configuration to a url or file using a specified name. ConfigRestore replaces the VNF running configuration with the configuration previously stored with a url or file with the specified name. | -| | | -| ConfigRestore | | -+==================+==================================================================================================================================================================================================================================================================================================================+ -| Reconfigure | If the audit fails, Reconfigure may be used to be replace the VNF running configuration using a previously uploaded configuration in the ONAP controller. | -+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ConfigStartup | ConfigStartup is used to store a running configuration to be used when a VNF is rebooted. | -+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ConfigRecovery | ConfigRecovery is used to replace the running configuration with a recovery configuration. This recovery configuration is stored in the ONAP Controller and is the configuration uploaded after instantiation. It will only be used if there is no other option to restore the VNF to a working configuration. | -+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| StatusQuery | Executes a VNF status query and returns the result. A status query is VNF-specific. | -+------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ - -Monitoring & Management -======================= - -This section addresses data collection and event processing -functionality that is directly dependent on the interfaces provided by -the VNFs’ APIs. These can be in the form of asynchronous interfaces for -event, fault notifications, and autonomous data streams. They can also -be synchronous interfaces for on-demand requests to retrieve various -performance, usage, and other event information. - -The target direction for VNF interfaces is to employ APIs that are -implemented utilizing standardized messaging and modeling protocols over -standardized transports. Migrating to a virtualized environment presents -a tremendous opportunity to eliminate the need for proprietary -interfaces for vendor equipment while removing the traditional -boundaries between Network Management Systems and Element Management -Systems. Additionally, VNFs provide the ability to instrument the -networking applications by creating event records to test and monitor -end-to-end data flow through the network, similar to what physical or -virtual probes provide without the need to insert probes at various -points in the network. The VNF vendors must be able to provide the -aforementioned set of required data directly to the ONAP collection -layer using standardized interfaces. - -Transports and Protocols Supporting Resource Interfaces -------------------------------------------------------- - -Delivery of data from VNFs to ONAP must use the same common transport -mechanisms and protocols for all VNFs. Transport mechanisms and -protocols have been selected to enable both high volume and moderate -volume datasets, as well as asynchronous and synchronous communications -over secure connections. The specified encoding provides -self-documenting content, so data fields can be changed as needs evolve, -while minimizing changes to data delivery. - -The term ‘Event Record’ is used throughout this document to represent -various forms instrumentation/telemetry made available by the VNF -including, faults, status events and various other types of VNF -measurements and logs. Headers received by themselves must be used as -heartbeat indicators. The common structure and delivery protocols for -other types of data will be given in future versions of this document as -we get more insight into data volumes and required processing. - -In the following guidelines, we provide options for encoding, -serialization and data delivery. Agreements between Service Providers -and VNF vendors shall determine which encoding, serialization and -delivery method to use for particular data sets. The selected methods -must be agreed to prior to the on-boarding of the VNF into ONAP design -studio. - -Table 11. Monitoring & Management - -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID #** | -+==============================================+=====================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| VNF telemetry via standardized interface | VNFs must provide all telemetry (e.g., fault event records, syslog records, performance records etc.) to ONAP using the model, format and mechanisms described in this section. | Must | 13005 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Encoding and Serialization | Content delivered from VNFs to ONAP is to be encoded and serialized using JSON (option 1). High-volume data is to be encoded and serialized using Avro, where Avro data format are described using JSON (option 2) [8]_. | Must | 13010 | -| | | | | -| | - JSON plain text format is preferred for moderate volume data sets (option 1), as JSON has the advantage of having well-understood simple processing and being human-readable without additional decoding. Examples of moderate volume data sets include the fault alarms and performance alerts, heartbeat messages, measurements used for VNF scaling and syslogs. | | | -| | | | | -| | - Binary format using Avro is preferred for high volume data sets (option 2) such as mobility flow measurements and other high-volume streaming events (such as mobility signaling events or SIP signaling) or bulk data, as this will significantly reduce the volume of data to be transmitted. As of the date of this document, all events are reported using plain text JSON and REST. | | | -| | | | | -| | - Avro content is self-documented, using a JSON schema. The JSON schema is delivered along with the data content (http://avro.apache.org/docs/current/ ). This means the presence and position of data fields can be recognized automatically, as well as the data format, definition and other attributes. Avro content can be serialized as JSON tagged text or as binary. In binary format, the JSON schema is included as a separate data block, so the content is not tagged, further compressing the volume. For streaming data, Avro will read the schema when the stream is established and apply the schema to the received content. | | | -| | | | | -| | - In the future, we may consider support for other types of encoding & serialization (e.g., gRPC) based on industry demand. | | | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Reporting Frequency | The frequency that asynchronous data is delivered will vary based on the content and how data may be aggregated or grouped together. For example, alarms and alerts are expected to be delivered as soon as they appear. In contrast, other content, such as performance measurements, KPIs or reported network signaling may have various ways of packaging and delivering content. Some content should be streamed immediately; or content may be monitored over a time interval, then packaged as collection of records and delivered as block; or data may be collected until a package of a certain size has been collected; or content may be summarized statistically over a time interval, or computed as a KPI, with the summary or KPI being delivered. | Must | 13020 | -| | | | | -| | - We expect the reporting frequency to be configurable depending on the virtual network function’s needs for management. For example, Service Provider may choose to vary the frequency of collection between normal and trouble-shooting scenarios. | | | -| | | | | -| | - Decisions about the frequency of data reporting will affect the size of delivered data sets, recommended delivery method, and how the data will be interpreted by ONAP. However, this should not affect deserialization and decoding of the data, which will be guided by the accompanying JSON schema. | | | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Addressing and Delivery Protocol | ONAP destinations can be addressed by URLs for RESTful data PUT. Future data sets may also be addressed by host name and port number for TCP streaming, or by host name and landing zone directory for SFTP transfer of bulk files. | Must | 13030 | -| | | | | -| | - REST using HTTPS delivery of plain text JSON is preferred for moderate sized asynchronous data sets, and for high volume data sets when feasible. | | | -| | | | | -| | - VNFs must have the capability of maintaining a primary and backup DNS name (URL) for connecting to ONAP collectors, with the ability to switch between addresses based on conditions defined by policy such as time-outs, and buffering to store messages until they can be delivered. At its discretion, the service provider may choose to populate only one collector address for a VNF. In this case, the network will promptly resolve connectivity problems caused by a collector or network failure transparently to the VNF. | | | -| | | | | -| | - VNFs will be configured with initial address(es) to use at deployment time. After that the address(es) may be changed through ONAP-defined policies delivered from ONAP to the VNF using PUTs to a RESTful API, in the same way that other controls over data reporting will be controlled by policy. | | | -| | | | | -| | - Other options are expected to include: | | | -| | | | | -| | - REST delivery of binary encoded data sets. | | | -| | | | | -| | - TCP for high volume streaming asynchronous data sets and for other high volume data sets. TCP delivery can be used for either JSON or binary encoded data sets. | | | -| | | | | -| | - SFTP for asynchronous bulk files, such as bulk files that contain large volumes of data collected over a long time interval or data collected across many VNFs. This is not preferred. Preferred is to reorganize the data into more frequent or more focused data sets, and deliver these by REST or TCP as appropriate. | | | -| | | | | -| | - REST for synchronous data, using RESTCONF (e.g., for VNF state polling). | | | -| | | | | -| | - The ONAP addresses as data destinations for each VNF must be provided by ONAP Policy, and may be changed by Policy while the VNF is in operation. We expect the VNF to be capable of redirecting traffic to changed destinations with no loss of data, for example from one REST URL to another, or from one TCP host and port to another. | | | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Asynchronous and Synchronous Data Delivery | VNFs are to deliver asynchronous data as data becomes available, or according to the configured frequency. The delivered data must be encoded using JSON or Avro, addressed and delivered as described in the previous paragraphs. | Must | 13040 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | VNFs are to respond to data requests from ONAP as soon as those requests are received, as a synchronous response. | Must | 13050 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Synchronous communication must leverage the RESTCONF/NETCONF framework used by the ONAP configuration subsystem. This shall include using YANG configuration models and RESTCONF (https://tools.ietf.org/html/draft-ietf-netconf-restconf-09#page-46). | Must | 13060 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The VNF must respond with content encoded in JSON, as described in the RESTCONF specification. This way the encoding of a synchronous communication will be consistent with Avro. | Must | 13070 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | ONAP may request the VNF to deliver the current data for any of the record types defined in Section 4.2 below. The VNF must respond by returning the requested record, populated with the current field values. (Currently the defined record types include the common header record, technology independent records such as Fault, Heartbeat, State Change, Syslog, and technology specific records such as Mobile Flow, Signaling and Voice Quality records. Additional record types will be added in the future as they are standardized and become available.) | Must | 13080 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | ONAP may request the VNF to deliver granular data on device or subsystem status or performance, referencing the YANG configuration model for the VNF. The VNF must respond by returning the requested data elements. | Must | 13090 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | If YANG models need to be translated to and from JSON, (https://trac.tools.ietf.org/id/draft-lhotka-netmod-yang-json-00.html) should be utilized for translation, meaning YANG configuration and content can be represented via JSON, consistent with Avro, as described in “Encoding and Serialization” section. | Should | 13100 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Security | VNFs must support secure connections and transports. | Must | 13110 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Access to ONAP and to VNFs, and creation of connections, must be controlled through secure credentials, log-on and exchange mechanisms. | Must | 13120 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Data in motion must be carried only over secure connections. | Must | 13130 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Service Providers require that any content containing Sensitive Personal Information (SPI) or certain proprietary data must be encrypted, in addition to applying the regular procedures for securing access and delivery. | Must | 13140 | -+----------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -Data Model for Event Records ------------------------------ - -This section describes the data model for the collection of telemetry -data from VNFs by Service Providers (SPs) to manage VNF health and -runtime lifecycle. This data model is referred to as the VNF Event -Streaming (VES) specifications. While this document is focused on -specifying some of the records from the ONAP perspective, there may be -other external bodies using the same framework to specify additional -records. For example, OPNFV has a VES project [9]_ that is looking to -specify records for OpenStack’s internal telemetry to manage Application -(VNFs), physical and virtual infrastructure (compute, storage, network -devices), and virtual infrastructure managers (cloud controllers, SDN -controllers). Note that any configurable parameters for these data -records (e.g., frequency, granularity, policy-based configuration) will -be managed using the “Configuration” framework described in the prior -sections of this document. - -The Data Model consists of: - -- Common Header Record: This data structure precedes each of the - Technology Independent and Technology Specific records sections of - the data model. - -- Technology Independent Records: This version of the document - specifies the model for Fault, Heartbeat, State Change, Syslog, - Threshold Crossing Alerts, and VF Scaling\* (short for - measurementForVfScalingFields) records. In the future, these may be - extended to support other types of technology independent records. - Each of these records allows additional fields (name/ value pairs) - for extensibility. The vendors can use these vendor-specific - additional fields to provide additional information that may be - relevant to the managing systems. - -- Technology Specific Records: This version of the document specifies - the model for Mobile Flow records, Signaling and Voice Quality - records. In the future, these may be extended to support other types - of records (e.g., Network Fabric, Security records, etc.). Each of - these records allows additional fields (name/value pairs) for - extensibility. The VNF vendors can use these VNF-specific additional - fields to provide additional information that may be relevant to the - managing systems. A placeholder for additional technology specific - areas of interest to be defined in the future documents has been - depicted. - -|image0| -Figure 1. Data Model for Event Records - -Event Records - Data Structure Description ------------------------------------------- - -The data structure for event records consists of: - -- a Common Event Header block; - -- zero or more technology independent domain blocks; and - - - e.g., Fault domain, State Change domain, Syslog domain, etc. - -- zero or more technology specific domain blocks. - - - e.g., Mobile Flow domain, Signaling domain, Voice Quality domain, - etc. - -Note: Heartbeat records would only have the Common Event Header block. -An optional heartbeat domain is available if required by the heartbeat -implementation. - -Common Event Header -~~~~~~~~~~~~~~~~~~~~~ - -The common header that precedes any of the domain-specific records -contains information identifying the type of record to follow, -information about the sender and other identifying characteristics -related to timestamp, sequence number, etc. - -Technology Independent Records – Fault Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Fault Record, describing a condition in the Fault domain, contains -information about the fault such as the entity under fault, the -severity, resulting status, etc. - -Technology Independent Records – Heartbeat Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Heartbeat Record provides an optional structure for communicating -information about heartbeat or watchdog signaling events. It can contain -information about service intervals, status information etc. as required -by the heartbeat implementation. - -Technology Independent Records – State Change Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The State Change Record provides a structure for communicating -information about data flow through the VNF. It can contain information -about state change related to physical device that is reported by VNF. -As an example, when cards or port name of the entity that has changed -state. - -Technology Independent Records – Syslog Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Syslog Record provides a structure for communicating any type of -information that may be logged by the VNF. It can contain information -about system internal events, status, errors, etc. - -Technology Independent Records – Threshold Crossing Alert Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Threshold Crossing Alert (TCA) Record provides a structure for -communicating information about threshold crossing alerts. It can -contain alert definitions and types, actions, events, timestamps and -physical or logical details. - -Technology Independent Records - VF Scaling Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The VF Scaling\* (short for measurementForVfScalingFields) Record -contains information about VF and VNF resource structure and its -condition to help in the management of the resources for purposes of -elastic scaling. - -Technology Independent Records – otherFields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The otherFields Record defines fields for events belonging to the -otherFields domain of the Technology Independent domain enumeration. -This record provides a mechanism to convey a complex set of fields -(possibly nested or opaque) and is purely intended to address -miscellaneous needs such as addressing time-to-market considerations or -other proof-of-concept evaluations. Hence, use of this record type is -discouraged and should be minimized. - -Technology Specific Records – Mobile Flow Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Mobile Flow Record provides a structure for communicating -information about data flow through the VNF. It can contain information -about connectivity and data flows between serving elements for mobile -service, such as between LTE reference points, etc. - -Technology Specific Records – Signaling Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Signaling Record provides a structure for communicating information -about signaling messages, parameters and signaling state. It can contain -information about data flows for -`signaling <https://en.wikipedia.org/wiki/Signaling_%28telecommunications%29>`__ -and controlling -`multimedia <https://en.wikipedia.org/wiki/Multimedia>`__ communication -`session <https://en.wikipedia.org/wiki/Session_%28computer_science%29>`__\ s -such as `voice <https://en.wikipedia.org/wiki/Telephone_call>`__ and -`video calls <https://en.wikipedia.org/wiki/Video_call>`__. - -Technology Specific Records – Voice Quality Fields -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The Voice Quality Record provides a structure for communicating -information about voice quality statistics including media connection -information, such as transmitted octet and packet counts, packet loss, -packet delay variation, round-trip delay, QoS parameters and codec -selection. - -Technology Specific Records – Future Domains -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The futureDomains Record is a placeholder for additional technology -specific areas of interest that will be defined and described in the -future documents. - -Data Structure Specification of the Event Record ------------------------------------------------- - -For additional information on the event record formats of the data -structures mentioned above, please refer to `AT&T Service Specification; -Service: VES Event -Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__. - -**Appendix A – Chef JSON Key Value Description** - -The following provides the key value pairs that must be contained in the -JSON file supporting Chef action. - -Table A1. Chef JSON File key value description -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| **Field Name** | **Description** | **Type** | **Comment** | -+===================+===================================================================================================================================================================================================================================================================================================+=============+=========================================================================================================================================+ -| Environment | A JSON dictionary representing a Chef Environment object. If the VNF action requires loading or modifying Chef environment attributes associated with the VNF, all the relevant information must be provided in this JSON dictionary in a structure that conforms to a Chef Environment Object. | Optional | Depends on VNF action. | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| Node | A JSON dictionary representing a Chef Node Object. | Mandatory | | -| | | | | -| | The Node JSON dictionary must include the run list to be triggered for the desired VNF action by the push job. It should also include any attributes that need to be configured on the Node Object as part of the VNF action. | | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| NodeList | Array of FQDNs that correspond to the endpoints (VMs) of a VNF registered with the Chef Server that need to trigger a chef-client run as part of the desired VNF action. | Mandatory | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| PushJobFlag | This field indicates whether the VNF action requires a push Job. Push job object will be created by ONAP if required. | Mandatory | If set to “True”, ONAP will request a push job. Ignored otherwise. | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| CallbackCapable | This field indicates if the chef-client run invoked by push job corresponding to the VNF action is capable of posting results on a callback URL. | Optional | If Chef cookbook is callback capable, VNF owner is required to set it to “True”. Ignored otherwise. | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ -| GetOutputFlag | Flag which indicates whether ONAP should retrieve output generated in a chef-client run from Node object attribute node[‘PushJobOutput’] for this VNF action (e.g., in Audit). | Mandatory | ONAP will retrieve output from NodeObject attributes [‘PushJobOutput’] for all nodes in NodeList if set to “True”. Ignored otherwise. | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------+ - -Chef Template example: - -“Environment”:{ - - "name": "HAR", - - "description": "VNF Chef environment for HAR", - - "json\_class": "Chef::Environment", - - "chef\_type": "environment", - - "default\_attributes": { }, - - "override\_attributes": { - - “Retry\_Time”:”50”, - - “MemCache”: “1024”, - - “Database\_IP”:”10.10.1.5” - - }, - -} - -} - -“Node”: { - - “name” : “signal.network.com “ - - "chef\_type": "node", - - "json\_class": "Chef::Node", - - "attributes": { - - “IPAddress1”: “192.168.1.2”, - - “IPAddress2”:”135.16.162.5”, - - “MyRole”:”BE” - - }, - - "override": {}, - - "default": {}, - - “normal”:{}, - - “automatic”:{}, - - “chef\_environment” : “\_default” - - "run\_list": [ "configure\_signal" ] - - }, - - “NodeList”:[“node1.vnf\_a.onap.com”, “node2.vnf\_a.onap.com”], - - “PushJobFlag”: “True” - - “CallbackCapable”:True - - “GetOutputFlag” : “False” - -} - -The example JSON file provided by the vendor for each VNF action will be -turned into a template by ONAP, that can be updated with instance -specific values at run-time. - -Some points worth noting regarding the JSON fields: - -a. The JSON file must be created for each action for each VNF. - -b. If a VNF action involves multiple endpoints (VMs) of a VNF, ONAP will - replicate the “Node” JSON dictionary in the template and post it to - each FQDN (i.e., endpoint) in the NodeList after setting the “name” - field in the Node object to be the respective FQDN [10]_. Hence, it - is required that all end points (VMs) of a VNF involved in a VNF - action support the same set of Node Object attributes. - -The following table describes the JSON dictionary to post in Callback. - -Table A2. JSON Dictionary to Post in Callback -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ -| **Key** | **Description** | **Type** | **Comment** | -+=================+===========================================================================================================================================================================================================+=============+=============================================================+ -| RequestId | A unique string associated with the original request by ONAP. This key-value pair will be provided by ONAP in the environment of the push job request and must be returned as part of the POST message. | Mandatory | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ -| StatusCode | An integer that must be set to | Mandatory | | -| | | | | -| | 200 if chef-client run on the node finished successfully | | | -| | | | | -| | 500 otherwise. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ -| StatusMessage | A string which must be set to | Mandatory | | -| | | | | -| | ‘SUCCESS’ if StatusCode was 200 | | | -| | | | | -| | Appropriate error message otherwise. | | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ -| Name | A string which corresponds to the name of the node where push job is run. It is required that the value be retrieved from the node object attributes (where it is always defined). | Mandatory | | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ -| PushJobOutput | Any output from the chef-client run that needs to be returned to ONAP. | Optional | Depends on VNF action. If empty, it must not be included. | -+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------------------------------------------------------------+ - - -**Appendix B – Ansible JSON Key Value Description** - -The following provides the key value pairs that must be contained in the -JSON file supporting Ansible action. - -Table B1. Ansible JSON File key value description -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| **Field Name** | **Description** | **Type** | **Comment** | -+==================+============================================================================================================================================================================================================================================================================================+=============+=====================================================================+ -| PlaybookName | VNF Vendor must list name of the playbook used to execute the VNF action. | Mandatory | | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| Action | Name of VNF action. | Optional | | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| EnvParameters | A JSON dictionary which should list key value pairs to be passed to the Ansible playbook. These values would correspond to instance specific parameters that a playbook may need to execute an action. | Optional | Depends on the VNF action. | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| NodeList | A JSON array of FQDNs that the playbook must be executed on. | Optional | If not provided, playbook will be executed on the Ansible Server. | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| FileParameters | A JSON dictionary where keys are filenames and values are contents of files. The Ansible Server will utilize this feature to generate files with keys as filenames and values as content. This attribute can be used to generate files that a playbook may require as part of execution. | Optional | Depends on the VNF action and playbook design. | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ -| Timeout | Time (in seconds) that a playbook is expected to take to finish execution for the VNF. If playbook execution time exceeds this value, Ansible Server will terminate the playbook process. | Optional | | -+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+---------------------------------------------------------------------+ - -Ansible JSON file example: - -{ - - “Action”:”Configure”, - - "PlaybookName": "Ansible\_configure.yml", - - "NodeList": ["test1.vnf\_b.onap.com", “test2.vnf\_b.onap.com”], - - "Timeout": 60, - - "EnvParameters": {"Retry": 3, "Wait": 5, “ConfigFile”:”config.txt”}, - - “FileParameters”:{“config.txt”:”db\_ip=10.1.1.1, sip\_timer=10000”} - -} - -In the above example, the Ansible Server will: - -a. Process the “FileParameters” dictionary and generate a file named - ‘config.txt’ with contents set to the value of the ‘config.txt’ key. - -b. Execute the playbook named ‘Ansible\_configure.yml’ on nodes with - FQDNs test1.vnf\_b.onap.com and test2.vnf\_b.onap.com respectively - while providing the following key value pairs to the playbook: - Retry=3, Wait=5, ConfigFile=config.txt - -c. If execution time of the playbook exceeds 60 secs (across all hosts), - it will be terminated. - -**Appendix C – VNF License Information Guidelines** - -This Appendix describes the metadata to be supplied for VNF licenses. - -1. General Information - -Table C1 defines the required and optional fields for licenses. - -Table C1. Required Fields for General Information -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+================================+===========================================================================================================================================================================================================================================================================================================+===================+=============+ -| Vendor Name | The name of the vendor. | String | Mandatory | -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ -| Vendor Product | The name of the product to which this agreement applies. | String | Mandatory | -| | | | | -| | Note: a contract/agreement may apply to more than one vendor product. In that case, provide the metadata for each product separately. | | | -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ -| Vendor Product Description | A general description of vendor software product. | String | Optional | -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ -| Export Control | ECCNs are 5-character alpha-numeric designations used on the Commerce Control List (CCL) to identify dual-use items for export control purposes. An ECCN categorizes items based on the nature of the product, i.e. type of commodity, software, or technology and its respective technical parameters. | String | Mandatory | -| | | | | -| Classification Number (ECCN) | | | | -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ -| Reporting Requirements | A list of any reporting requirements on the usage of the software product. | List of strings | Optional | -+--------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+-------------+ - -1. Entitlements - -Entitlements describe software license use rights. The use rights may be -quantified by various metrics: # users, # software instances, # units. -The use rights may be limited by various criteria: location (physical or -logical), type of customer, type of device, time, etc. - -One or more entitlements can be defined; each one consists of the -following fields: - -Table C2. Required Fields for Entitlements -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+=====================================================+=======================================================================================================================================================================================+===================+===============+ -| Vendor Part Number / Manufacture Reference Number | Identifier for the entitlement as described by the vendor in their price list / catalog / contract. | String | Mandatory | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| Description | Verbiage that describes the entitlement. | String | Optional | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| Entitlement Identifier | Each entitlement defined must be identified by a unique value (e.g., numbered 1, 2, 3….) | String | Mandatory | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| Minimum Order Requirement | The minimum number of entitlements that need to be purchased. For example, the entitlements must be purchased in a block of 100. If no minimum is required, the value will be zero. | Number | Mandatory | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| Unique Reporting Requirements | A list of any reporting requirements on the usage of the software product. (e.g.: quarterly usage reports are required) | List of Strings | Optional | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| License Type | Type of license applicable to the software product. (e.g.: fixed-term, perpetual, trial, subscription.) | String | Mandatory | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| License Duration | Valid values: | String | Conditional | -| | | | | -| | **year**, **quarter**, **month**, **day**. | | | -| | | | | -| | Not applicable when license type is Perpetual. | | | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| License Duration Quantification | Number of years, quarters, months, or days for which the license is valid. | Number | Conditional | -| | | | | -| | Not applicable when license type is Perpetual. | | | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ -| Limits | see section C.4 for possible values | List | Optional | -+-----------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------+---------------+ - -1. License Keys - -This section defines information on any License Keys associated with the -Software Product. A license key is a data string (or a file) providing a -means to authorize the use of software. License key does not provide -entitlement information. - -License Keys are not required. Optionally, one or more license keys can -be defined; each one consists of the following fields: - -Table C3. Required Fields for License Keys -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+==========================+===============================================================================================================+=================+=============+ -| Description | Verbiage that describes the license key | String | Mandatory | -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| License Key Identifier | Each license key defined must be identified by a unique value (e.g., numbered 1, 2, 3….) | String | Mandatory | -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Key Function | Lifecycle stage (e.g., Instantiation or Activation) at which the license key is applied to the software. | String | Optional | -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| License Key Type | Valid values: | String | Mandatory | -| | | | | -| | **Universal, Unique** | | | -| | | | | -| | **Universal** - a single license key value that may be used with any number of instances of the software. | | | -| | | | | -| | **Unique**- a unique license key value is required for each instance of the software. | | | -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limits | see section C.4 for possible values | List | Optional | -+--------------------------+---------------------------------------------------------------------------------------------------------------+-----------------+-------------+ - -1. Entitlement and License Key Limits - -Limitations on the use of software entitlements and license keys may be -based on factors such as: features enabled in the product, the allowed -capacity of the product, number of installations, etc... The limits may -generally be categorized as: - -- where (location) - -- when (time) - -- how (usages) - -- who/what (entity) - -- amount (how much) - -Multiple limits may be applicable for an entitlement or license key. -Each limit may further be described by limit behavior, duration, -quantification, aggregation, aggregation interval, start date, end date, -and threshold. - -When the limit is associated with a quantity, the quantity is relative -to an instance of the entitlement or license key. For example: - -- Each entitlement grants the right to 50 concurrent users. If 10 - entitlements are purchased, the total number of concurrent users - permitted would be 500. In this example, the limit category is - **amount**, the limit type is **users**, and the limit - **quantification** is **50.** - - Each license key may be installed on 3 devices. If 5 license keys are - acquired, the total number of devices allowed would be 15. In this - example, the limit category is **usages**, the limit type is - **device**, and the limit **quantification** is **3.** - -1. Location - -Locations may be logical or physical location (e.g., site, country). For -example: - -- use is allowed in Canada - -Table C4. Required Fields for Location -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+========================+=====================================================================================================================+==================+=============+ -| Limit Identifier | Each limit defined for an entitlement or license key must be identified by a unique value (e.g., numbered 1,2,3…) | String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Description | Verbiage describing the limit. | String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Behavior | Description of the actions taken when the limit boundaries are reached. | String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Category | Valid value: **location** | String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Type | Valid values: **city, county, state, country, region, MSA, BTA, CLLI** | String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit List | List of locations where the Vendor Product can be used or needs to be restricted from use | List of String | Mandatory | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Set Type | Indicates if the list is an inclusion or exclusion. | String | Mandatory | -| | | | | -| | Valid Values: | | | -| | | | | -| | **Allowed** | | | -| | | | | -| | **Not allowed** | | | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Quantification | The quantity (amount) the limit expresses. | Number | Optional | -+------------------------+---------------------------------------------------------------------------------------------------------------------+------------------+-------------+ - -1. Time - -Limit on the length of time the software may be used. For example: - -- license key valid for 1 year from activation - -- entitlement valid from 15 May 2018 thru 30 June 2020 - -Table C5. Required Fields for Time -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+========================+===============================================================================================================================+==================+===============+ -| Limit Identifier | Each limit defined for an entitlement or license key must be identified by a unique value (e.g., numbered) | String | Mandatory | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit Description | Verbiage describing the limit. | String | Mandatory | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit Behavior | Description of the actions taken when the limit boundaries are reached. | String | Mandatory | -| | | | | -| | The limit behavior may also describe when a time limit takes effect. (e.g., key is valid for 1 year from date of purchase). | | | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit Category | Valid value: **time** | String | Mandatory | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit Type | Valid values: **duration, date** | String | Mandatory | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit List | List of times for which the Vendor Product can be used or needs to be restricted from use | List of String | Mandatory | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Duration Units | Required when limit type is duration. Valid values: **perpetual, year, quarter, month, day, minute, second, millisecond** | String | Conditional | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Limit Quantification | The quantity (amount) the limit expresses. | Number | Optional | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| Start Date | Required when limit type is date. | Date | Optional | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ -| End Date | May be used when limit type is date. | Date | Optional | -+------------------------+-------------------------------------------------------------------------------------------------------------------------------+------------------+---------------+ - -1. Usage - -Limits based on how the software is used. For example: - -- use is limited to a specific sub-set of the features/capabilities the - software supports - -- use is limited to a certain environment (e.g., test, development, - production…) - -- use is limited by processor (vm, cpu, core) - -- use is limited by software release - -Table C6. Required Fields for Usage -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+========================+==============================================================================================================+==================+=============+ -| Limit Identifier | Each limit defined for an entitlement or license key must be identified by a unique value (e.g., numbered) | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Description | Verbiage describing the limit. | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Behavior | Description of the actions taken when the limit boundaries are reached. | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Category | Valid value: **usages** | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Type | Valid values: **feature, environment, processor, version** | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit List | List of usage limits (e.g., test, development, vm, core, R1.2.1, R1.3.5…) | List of String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Set Type | Indicates if the list is an inclusion or exclusion. | String | Mandatory | -| | | | | -| | Valid Values: | | | -| | | | | -| | **Allowed** | | | -| | | | | -| | **Not allowed** | | | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Quantification | The quantity (amount) the limit expresses. | Number | Optional | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ - -1. Entity - -Limit on the entity (product line, organization, customer) allowed to -make use of the software. For example: - -- allowed to be used in support of wireless products - -- allowed to be used only for government entities - -Table C7. Required Fields for Entity -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+========================+==============================================================================================================+==================+=============+ -| Limit Identifier | Each limit defined for an entitlement or license key must be identified by a unique value (e.g., numbered) | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Description | Verbiage describing the limit. | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Behavior | Description of the actions taken when the limit boundaries are reached. | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Category | Valid value: **entity** | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Type | Valid values: **product line, organization, internal customer, external customer** | String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit List | List of entities for which the Vendor Product can be used or needs to be restricted from use | List of String | Mandatory | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Set Type | Indicates if the list is an inclusion or exclusion. | String | Mandatory | -| | | | | -| | Valid Values: | | | -| | | | | -| | **Allowed** | | | -| | | | | -| | **Not allowed** | | | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ -| Limit Quantification | The quantity (amount) the limit expresses. | Number | Optional | -+------------------------+--------------------------------------------------------------------------------------------------------------+------------------+-------------+ - -1. Amount - -These limits describe terms relative to utilization of the functions of -the software (for example, number of named users permitted, throughput, -or capacity). Limits of this type may also be relative to utilization of -other resources (for example, a limit for firewall software is not based -on use of the firewall software, but on the number of network -subscribers). - -The metadata describing this type of limit includes the unit of measure -(e.g., # users, # sessions, # MB, # TB, etc.), the quantity of units, -any aggregation function (e.g., peak or average users), and aggregation -interval (day, month, quarter, year, etc.). - -Table C8. Required Fields for Amount -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| **Field Name** | **Description** | **Data Type** | **Type** | -+========================+================================================================================================================================================================================================================================================================+=================+=============+ -| Limit Identifier | Each limit defined for an entitlement or license key must be identified by a unique value (e.g., numbered) | String | Mandatory | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limit Description | Verbiage describing the limit. | String | Mandatory | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limit Behavior | Description of the actions taken when the limit boundaries are reached. | String | Mandatory | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limit Category | Valid value: **amount** | String | Mandatory | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limit Type | Valid values: **trunk, user, subscriber, session, token, transactions, seats, KB, MB, TB, GB** | String | Mandatory | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Type of Utilization | Is the limit relative to utilization of the functions of the software or relative to utilization of other resources? | String | Mandatory | -| | | | | -| | Valid values: | | | -| | | | | -| | - **software functions** | | | -| | | | | -| | - **other resources** | | | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Limit Quantification | The quantity (amount) the limit expresses. | Number | Optional | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Aggregation Function | Valid values: **peak, average** | String | Optional | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Aggregation Interval | Time period over which the aggregation is done (e.g., average sessions per quarter). Required when an Aggregation Function is specified. | String | Optional | -| | | | | -| | Valid values: **day, month, quarter, year, minute, second, millisecond** | | | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Aggregation Scope | Is the limit quantity applicable to a single entitlement or license key (each separately)? Or may the limit quantity be combined with others of the same type (resulting in limit amount that is the sum of all the purchased entitlements or license keys)? | String | Optional | -| | | | | -| | Valid values: | | | -| | | | | -| | - **single** | | | -| | | | | -| | - **combined** | | | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -| Type of User | Describes the types of users of the functionality offered by the software (e.g., authorized, named). This field is included when Limit Type is user. | String | Optional | -+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ - - -**Appendix D – Ansible Server Specification** - -This section outlines the specifications for an ONAP compliant Ansible -Server that can optionally be provided by the VNF Vendor. The Ansible -Server will be used as a repository to store Ansible playbooks as well -as an execution engine which upon a REST API request, will execute -Ansible playbook against VNFs. - -Table D1. Ansible Server Requirements -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| **Principle** | **Description** | **Type** | **ID #** | -+==============================================+==============================================================================================================================================================================================================================================================================================================================================================================+============+============+ -| Ansible Server Scope | The Ansible Server is required to support storage and execution of playbooks that are in yaml format or a collection of playbooks compressed and uploaded in tar-ball format. | Must | D1000 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The Ansible Server must accept requests for execution of playbooks via a REST interface. The scope of each request will involve exactly one action and will request execution of one playbook. | Must | D1010 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The playbook executed by the Ansible Server will be responsible for execution of the entire action against the VNF (e.g., calling other playbooks, running tasks on multiple VMs in the VNF) and return back the status of the action as well as any necessary output in its entirety after the action is finished. | Must | D1020 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The Ansible Server must support simultaneous execution of multiple playbooks against different VNFs in parallel (i.e., process multiple requests). | Must | D1030 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The Ansible Server will be loaded with all necessary credentials to invoke playbooks against target VNF(s). | Must | D1040 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Server/ONAP Interface | Load Playbook\ **:** The Ansible Server must expose an authenticated interface to allow loading all necessary playbooks for a target VNF. It should impose an identification mechanism that allows each playbook to be uniquely identified. | Must | D1050 | -| | | | | -| | - It is recommended that the load Playbook API be a REST API. | | | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Request API: The Ansible Server must expose a REST endpoint that accepts a POST message to request execution of the playbook. The POST request must be a JSON block as outlined in Table D2. | Must | D1060 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | When the Ansible server accepts an authenticated request to execute a playbook, it is required to send back an initial response indicating whether the request is accepted or rejected. The response must be a JSON Object with the key value pairs as described in Table D3. | Must | D1070 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | Result API: If the Ansible Server accepts a request to execute a playbook, it must make available status of the execution of the playbook at a Results REST endpoint indexed by the Id in the request in the form <url>?Id=<RequestId>&Type=GetResult where <url> is the URL used for submitting requests. | Must | D1080 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | When a GET is invoked against the Results REST endpoint, the Ansible Server must reply with an appropriate response: | Must | D1090 | -| | | | | -| | - If the Endpoint is invalid (no request, or request expired), reply with a standard HTTP 404 error. | | | -| | | | | -| | - If the playbook execution is still ongoing, then the Ansible Server is required to block on the GET request till the execution finishes or terminates. | | | -| | | | | -| | - Upon completion of execution, the Ansible Server is required to respond to the GET request with the result of the playbook execution in the form of a JSON message as outlined in the Table D4. | | | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| | The dictionary associated with the ‘Results’ key in the Result Response must be a key-value pair where each key corresponds to an entry in the NodeList and the value is a dictionary with the format as outlined in Table D5. | Must | D1100 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Server Actions | The Ansible Server must take the following actions when triggered by a request to execute a playbook: | Must | D1110 | -| | | | | -| | - Determine if the request is valid, and if so, must send back an initial response message accepting the request. | | | -| | | | | -| | - If the request contains a “FileParameters” key that is not NULL, create all the necessary files. | | | -| | | | | -| | - Invoke the ansible playbook while providing it all appropriate parameters listed in EnvParameters and inventory information listed in NodeList. The playbook will be responsible for execution of all necessary steps required by the VNF action. | | | -| | | | | -| | - If the playbook finishes, use the PLAY\_RECAP functionality to determine whether playbook finished successfully on each endpoint identified in the NodeList. | | | -| | | | | -| | - If the playbook finishes, collect any output returned by the playbook. A playbook conforming to the ONAP vendor requirements document will write out any necessary output to a file named ‘<hostname>\_results.txt’ in the working directory, where ‘hostname’ is an element of the NodeList where the playbook is being executed. | | | -| | | | | -| | - If the playbook execution exceeds the Timeout value, the playbook execution process is terminated and ansible log that captures the last task executed is stored. | | | -| | | | | -| | - Make results available on the Results REST Endpoint as documented in Table D3. | | | -| | | | | -| | - If Callback url was provided in initial request, post the final response message on the Callback URL along with an additional key additional key “Id “: which corresponds to the request Id sent in the request. | | | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Server Result Storage Requirements | The Ansible Server must cache and provide results of an execution as well as retain logs for debugging purposes as outlined below: | Must | D1120 | -| | | | | -| | - The results from a playbook execution result must be retained by the Ansible Server and made available through the respective REST endpoint for a duration that is configurable. | | | -| | | | | -| | - Recommended duration is 2 x Timeout. | | | -| | | | | -| | - The log from a playbook must be stored by the Ansible Server, tagged with the Id along with all other parameters in the initial request in a format that allows for examination for debugging purposes. | | | -| | | | | -| | - The results from playbook execution and log files shall be removed after a configurable defined retention period for this type of file. | | | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ -| Ansible Server Locking Mechanism | The Ansible Server shall lock VNF while running playbooks that require exclusive use of a VNF (Configure is an example) and not accept requests to run other playbooks or queue those requests until playbook that requires exclusivity completes | Must | D1130 | -+----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------------+ - -Table D2. Request Message -~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| **Key** | **Description** | **Type** | **Comment** | -+===================+=========================================================================================================================================================================================================================================================================================================================================================+=============+====================================================================================================================================+ -| Id | A unique string that identifies this request. For e.g., a UUID | Mandatory | NOT NULL | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| PlaybookName | A string which contains the name of the playbook to execute. | Mandatory | NOT NULL | -| | | | | -| | Example: memthres.yaml | | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| Action | Name of action | Optional | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| NodeList | List of endpoints of the VNF against which the playbook should be executed. | Optional | If not specified, playbook executed within Ansible Server (localhost) | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| Timeout | Time the Ansible Server should wait (in seconds), before terminating playbook execution. The Ansible Server will apply the timeout for the entire playbook execution (i.e., independent of number of endpoints against which the playbook is executing). If playbook execution time exceeds the timeout value, the server will terminate the process. | Optional | If not specified, Ansible server will use internal default value (configurable) | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| LocalParameters | A JSON dictionary that can be used to provide key value pairs that are specific to each individual VNF/VM instance. Key must be endpoint FQDN and value a JSON dictionary with key-value pairs for the playbook run associated with that host/group. | Optional | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| EnvParameters | A JSON dictionary that can be used to specify key value pairs passed at run time to the playbook that are common across all hosts against which the playbook will run. | Optional | | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| CallbackUrl | A callback URL that Ansible Server can POST results to once playbook finishes execution or is terminated. | Optional | If present, Ansible Server is required to POST response back on the Callback URL | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ -| FileParameters | A dictionary where keys correspond to file names to be generated and values correspond to contents of files. | Optional | If present, Ansible Server will first process this and write out contents to appropriate files and then process other parameters | -+-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+------------------------------------------------------------------------------------------------------------------------------------+ - -Table D3. Initial Response Message -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+--------------------+------------------------------------------------------------------------------------------+-------------+---------------+ -| **Key** | **Description** | **Type** | **Comment** | -+====================+==========================================================================================+=============+===============+ -| StatusCode | An integer indicating status of the request. It MUST take one of the following values: | Mandatory | | -| | | | | -| | 100 if request is accepted | | | -| | | | | -| | 101 if request is rejected | | | -+--------------------+------------------------------------------------------------------------------------------+-------------+---------------+ -| StatusMessage | A string describing Server’s response | Mandatory | | -| | | | | -| | It MUST be set to ‘PENDING’ if StatusCode=100 | | | -| | | | | -| | It MUST be set to appropriate error exception message if StatusCode=101 | | | -+--------------------+------------------------------------------------------------------------------------------+-------------+---------------+ -| ExpectedDuration | Time the server expects (in seconds) to finish the playbook execution. | Optional | | -+--------------------+------------------------------------------------------------------------------------------+-------------+---------------+ - -Table D4. Final Response Message -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-----------------+-------------------------------------------------------------------------------------------------------+-------------+------------------------+ -| **Key** | **Description** | **Type** | **Comment** | -+=================+=======================================================================================================+=============+========================+ -| StatusCode | 200 if Execution finished normally | Mandatory | | -| | | | | -| | 500 otherwise. | | | -+-----------------+-------------------------------------------------------------------------------------------------------+-------------+------------------------+ -| StatusMessage | A string which be set to either of the TWO values: | Mandatory | | -| | | | | -| | - ‘FINISHED’ if StatusCode=200 | | | -| | | | | -| | - Appropriate error exception message if StatusCode=500 | | | -+-----------------+-------------------------------------------------------------------------------------------------------+-------------+------------------------+ -| Duration | Time it took for execution to finish (in seconds). | Optional | | -+-----------------+-------------------------------------------------------------------------------------------------------+-------------+------------------------+ -| Result | A JSON dictionary that lists the status of playbook execution for each VM (or VNF) in the NodeList. | Optional | Not present if empty | -+-----------------+-------------------------------------------------------------------------------------------------------+-------------+------------------------+ - -Table D5. Result Block Format -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -+-----------------+----------------------------------------------------------+-------------+------------------------+ -| **Key** | **Description** | **Type** | **Comment** | -+=================+==========================================================+=============+========================+ -| GroupName | Group under which the VM (or VNF) falls in a playbook. | Optional | | -+-----------------+----------------------------------------------------------+-------------+------------------------+ -| StatusCode | A string which must have the following values: | Mandatory | | -| | | | | -| | - 200 if SUCCESS | | | -| | | | | -| | - 500 otherwise | | | -+-----------------+----------------------------------------------------------+-------------+------------------------+ -| StatusMessage | An integer with the following values: | Mandatory | | -| | | | | -| | - ‘SUCCESS’ if StatusCode=200 | | | -| | | | | -| | - Error exception message otherwise | | | -+-----------------+----------------------------------------------------------+-------------+------------------------+ -| Output | Any output the playbook is required to return. | Optional | Not present if empty | -+-----------------+----------------------------------------------------------+-------------+------------------------+ - -Some illustrative examples are shown below: - -1. An example POST for requesting execution of a Playbook : - - {"Id": "10", “Action”:”HealthCheck”, "PlaybookName": - "ansible\_getresource.yml", "NodeList": - ["interface1.vnf\_b.onap.com", ["interface2.vnf\_b.onap.com"], - "Timeout": 60, "EnvParameters": {"Retry": 3, "Wait": 5}} - -2. Potential examples of Ansible Server initial response. - - a. Successfully accepted request: {"StatusCode": "100", - "ExpectedDuration": "60sec", "StatusMessage": "PENDING"} - - b. Request rejected: {"StatusCode": "101", "StatusMessage": "PLAYBOOK - NOT FOUND "} - -3. Potential examples of final response by Ansible Server to a GET on - - a. Playbook successful execution: {"Duration": "4.864815sec", - “StatusCode”: 200, “StatusMessage”:”FINISHED”, "Results": - {"interface\_1.vnf\_b.onap.com": {"StatusCode": "200", - "GroupName": "vnf-x-oam", "StatusMessage": "SUCCESS", - “Output”:{“CPU”:30, “Memory”:”5Gb”}, - "interface\_1.vnf\_b.onap.com": {"StatusCode": "200", "GroupName": - "vnf-x-oam", "StatusMessage": "SUCCESS", “Output”:{“CPU”:60, - “Memory”:”10Gb”}}} - - b. Playbook failed execution on one of the hosts: {"Duration": - "10.8sec", “StatusCode”: 200, “StatusMessage”:”FINISHED”, - "Results": {"interface\_1.vnf\_b.onap.com": {"StatusCode": "500", - "GroupName": "vnf-x-oam", "StatusMessage": "Error executing - command ", "interface\_1.vnf\_b.onap.com": {"StatusCode": "200", - "GroupName": "vnf-x-oam", "StatusMessage": "SUCCESS", - “Output”:{“CPU”:60, “Memory”:”10Gb”}}} - - c. Playbook terminated: {"Duration": "61 sec", “StatusCode”: 500, - “StatusMessage”:”TERMINATED” } - - -**Copyright © 2017 AT&T Intellectual Property. All rights reserved.** - -Unless otherwise specified, all software contained herein is licensed -under the Apache License, Version 2.0 (the “License”); -you may not use this software except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Unless otherwise specified, all documentation contained herein is licensed -under the Creative Commons License, Attribution 4.0 Intl. (the “License”); -you may not use this documentation except in compliance with the License. -You may obtain a copy of the License at - - https://creativecommons.org/licenses/by/4.0/ - -Unless required by applicable law or agreed to in writing, documentation -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -ECOMP is a trademark and service mark of AT&T Intellectual Property. - -.. [1] - ECOMP (Enhanced Control Orchestration, Management & Policy) - Architecture White Paper - (http://about.att.com/content/dam/snrdocs/ecomp.pdf) - -.. [2] - https://github.com/mbj4668/pyang - -.. [3] - Decision on which Chef Server instance associates with a VNF will be - made on a case-by-case basis depending on VNF, access requirements, - etc. and are outside the scope of this document. The specific - criteria for this would involve considerations like connectivity and - access required by the VNF, security, VNF topology and proprietary - cookbooks. - -.. [4] - Recall that the Node Object **is required** to be identical across - all VMs of a VNF invoked as part of the action except for the “name”. - -.. [5] - Decision on which Ansible Server to use may happen on a case-by-case - basis depending on VNF, access requirements etc. and are outside the - scope of this document. The specific criteria for this could involve - considerations like connectivity and access required by the VNF, - security, VNF topology and proprietary playbooks. - -.. [6] - Upstream elements must provide the appropriate FQDN in the request to - ONAP for the desired action. - -.. [7] - Multiple ONAP actions may map to one playbook. - -.. [8] - This option is not currently supported in ONAP and it is currently - under consideration. - -.. [9] - https://wiki.opnfv.org/display/PROJ/VNF+Event+Stream - -.. [10] - The “name” field is a mandatory field in a valid Chef Node Object - JSON dictionary. - - -.. |image0| image:: Data_Model_For_Event_Records.png - :width: 7in - :height: 8in diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/index.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/index.rst deleted file mode 100644 index e02df02..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/VNF_Managment_Requirements_for_OpenECOMP/index.rst +++ /dev/null @@ -1,7 +0,0 @@ -VNF Management Requirements for OpenECOMP 7/3/2017 --------------------------------------------------- - -.. toctree:: - :maxdepth: 1 - - VNF_Management_Requirements_for_OpenECOMP_7_3_2017
\ No newline at end of file diff --git a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/index.rst b/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/index.rst deleted file mode 100644 index 7951d87..0000000 --- a/docs/all_vnfrqts_seed_docs/open_ecomp/q2_ecomp/index.rst +++ /dev/null @@ -1,9 +0,0 @@ -Second Quarter ECOMP Documents -------------------------------- - -.. toctree:: - :titlesonly: - - VNF_Cloud_Readiness_Requirements_for_ONAP/index - VNF_Guidelines_for_Network_Cloud_and_ONAP/index - VNF_Managment_Requirements_for_OpenECOMP/index
\ No newline at end of file |
