diff options
-rw-r--r-- | docs/Chapter2.rst | 19 | ||||
-rw-r--r-- | docs/Chapter3.rst | 34 | ||||
-rw-r--r-- | docs/Chapter4.rst | 898 | ||||
-rw-r--r-- | docs/Chapter6.rst | 9 | ||||
-rw-r--r-- | docs/Chapter7.rst | 1262 | ||||
-rw-r--r-- | docs/Chapter8.rst | 1687 |
6 files changed, 2705 insertions, 1204 deletions
diff --git a/docs/Chapter2.rst b/docs/Chapter2.rst index 0cbec53..1dd3340 100644 --- a/docs/Chapter2.rst +++ b/docs/Chapter2.rst @@ -5,15 +5,22 @@ **Scope** ============ -- The audience for this document are VNF/PNF providers, NCSPs and other interested 3rd parties who need to know the design, build and lifecycle management requirements for VNFs/PNFs to be compliant with ONAP. -- These requirements are strictly from a standpoint of what the VNF/PNF developer needs to know to operate and be compliant with ONAP. -- Requirements that are not applicable to VNF/PNF providers such as those that applicable to service providers are not included in this document. +- The audience for this document are VNF/PNF providers, NCSPs and other + interested 3rd parties who need to know the design, build and lifecycle + management requirements for VNFs/PNFs to be compliant with ONAP. +- These requirements are strictly from a standpoint of what the VNF/PNF + developer needs to know to operate and be compliant with ONAP. +- Requirements that are not applicable to VNF/PNF providers such as those + that applicable to service providers are not included in this document. - These requirements are applicable to the Amsterdam release of ONAP. - Scope of the ONAP versions/release and future functionality References ----------------------- -This section contains a list of normative and informative references along with information on acquiring the identified references. Normative references are required to be implemented by this document. Informative references are for informational purposes only. +This section contains a list of normative and informative references along +with information on acquiring the identified references. Normative references +are required to be implemented by this document. Informative references are +for informational purposes only. Normative References ^^^^^^^^^^^^^^^^^^^^^^^ @@ -35,5 +42,7 @@ Reference Acquisition ^^^^^^^^^^^^^^^^^^^^^^^ IETF Specifications: -- Internet Engineering Task Force (IETF) Secretariat, 48377 Fremont Blvd., Suite 117, Fremont, California 94538, USA; Phone: +1-510-492-4080, Fax: +1-510-492-4001. +- Internet Engineering Task Force (IETF) Secretariat, 48377 Fremont Blvd., + Suite 117, Fremont, California 94538, USA; Phone: +1-510-492-4080, + Fax: +1-510-492-4001. diff --git a/docs/Chapter3.rst b/docs/Chapter3.rst index 0faa84c..f7106a4 100644 --- a/docs/Chapter3.rst +++ b/docs/Chapter3.rst @@ -5,13 +5,29 @@ **Introduction** ==================== -- These requirements are specific to the Amsterdam release of ONAP. It is the initial release of requirements based on a merge of the Open-O and OpenECOMP requirements. -- Requirements are identified as either MUST, MUST NOT, SHOULD, SHOULD NOT, or MAY as defined in RFC 2119. -- Chapter 4 contains the VNF/PNF requirements involving the design and development of VNFs/PNFs. These requirements help VNFs/PNFs operate efficiently within a cloud environment. Requirements cover design, resiliency, security, modularity and DevOps. -- Chapter 5 describes the different data models the VNF/PNF provider needs to understand. There are currently 2 models described in this document - - The first model is the onboarding package data model. This is a TOSCA model that will describe how all the elements passed from the VNF/PNF Provider to the Service provider should be formatted and packaged. - - The second model is HEAT template used for orchestrating and instantiating virtual resources in an OpenStack environment. At this time the HEAT files will be passed to the Service provider as a data element within the TOSCA onboarding package. -- Chapter 6 details the requirements specific to an implementation. The current implementations documented are OpenStack and Azure. -- Chapter 7 provides the comprehensive set of requirements for VNFs/PNFs to be on-boarded, configured and managed by ONAP. -- Chapter 8 is the appendix that provide a number of detailed data record formats. +- These requirements are specific to the Amsterdam release of ONAP. + It is the initial release of requirements based on a merge of the Open-O + and OpenECOMP requirements. +- Requirements are identified as either MUST, MUST NOT, SHOULD, SHOULD NOT, + or MAY as defined in RFC 2119. +- Chapter 4 contains the VNF/PNF requirements involving the design and + development of VNFs/PNFs. These requirements help VNFs/PNFs operate + efficiently within a cloud environment. Requirements cover design, + resiliency, security, modularity and DevOps. +- Chapter 5 describes the different data models the VNF/PNF provider + needs to understand. There are currently 2 models described in this document: + + - The first model is the onboarding package data model. This is a TOSCA + model that will describe how all the elements passed from the VNF/PNF + Provider to the Service provider should be formatted and packaged. + - The second model is HEAT template used for orchestrating and + instantiating virtual resources in an OpenStack environment. At this + time the HEAT files will be passed to the Service provider as a data + element within the TOSCA onboarding package. +- Chapter 6 details the requirements specific to an implementation. + The current implementations documented are OpenStack and Azure. +- Chapter 7 provides the comprehensive set of requirements for VNFs/PNFs to + be on-boarded, configured and managed by ONAP. +- Chapter 8 is the appendix that provide a number of detailed data record + formats. diff --git a/docs/Chapter4.rst b/docs/Chapter4.rst index be89b41..58e02f3 100644 --- a/docs/Chapter4.rst +++ b/docs/Chapter4.rst @@ -31,24 +31,55 @@ Below are more detailed requirements for composing VNFs. VNF Design Requirements * R-58421 The VNF **SHOULD** be decomposed into granular re-usable VNFCs. -* R-82223 The VNF **MUST** be decomposed if the functions have significantly different scaling characteristics (e.g., signaling versus media functions, control versus data plane functions). -* R-16496 The VNF **MUST** enable instantiating only the functionality that is needed for the decomposed VNF (e.g., if transcoding is not needed it should not be instantiated). +* R-82223 The VNF **MUST** be decomposed if the functions have + significantly different scaling characteristics (e.g., signaling + versus media functions, control versus data plane functions). +* R-16496 The VNF **MUST** enable instantiating only the functionality that + is needed for the decomposed VNF (e.g., if transcoding is not needed it + should not be instantiated). * R-02360 The VNFC **MUST** be designed as a standalone, executable process. -* R-34484 The VNF **SHOULD** create a single component VNF for VNFCs that can be used by other VNFs. -* R-23035 The VNF **MUST** be designed to scale horizontally (more instances of a VNF or VNFC) and not vertically (moving the existing instances to larger VMs or increasing the resources within a VM) to achieve effective utilization of cloud resources. -* R-30650 The VNF **MUST** utilize cloud provided infrastructure and VNFs (e.g., virtualized Local Load Balancer) as part of the VNF so that the cloud can manage and provide a consistent service resiliency and methods across all VNF's. -* R-12709 The VNFC **SHOULD** be independently deployed, configured, upgraded, scaled, monitored, and administered by ONAP. -* R-37692 The VNFC **MUST** provide API versioning to allow for independent upgrades of VNFC. -* R-86585 The VNFC **SHOULD** minimize the use of state within a VNFC to facilitate the movement of traffic from one instance to another. -* R-65134 The VNF **SHOULD** maintain state in a geographically redundant datastore that may, in fact, be its own VNFC. -* R-75850 The VNF **SHOULD** decouple persistent data from the VNFC and keep it in its own datastore that can be reached by all instances of the VNFC requiring the data. -* R-88199 The VNF **MUST** utilize a persistent datastore service that can meet the data performance/latency requirements. (For example: Datastore service could be a VNFC in VNF or a DBaaS in the Cloud execution environment) -* R-99656 The VNF **MUST** NOT terminate stable sessions if a VNFC instance fails. -* R-84473 The VNF **MUST** enable DPDK in the guest OS for VNF’s requiring high packets/sec performance. High packet throughput is defined as greater than 500K packets/sec. -* R-54430 The VNF **MUST** use the NCSP’s supported library and compute flavor that supports DPDK to optimize network efficiency if using DPDK. [1]_ -* R-18864 The VNF **MUST** NOT use technologies that bypass virtualization layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary to meet functional or performance requirements). -* R-64768 The VNF **MUST** limit the size of application data packets to no larger than 9000 bytes for SDN network-based tunneling when guest data packets are transported between tunnel endpoints that support guest logical networks. -* R-74481 The VNF **MUST** NOT require the use of a dynamic routing protocol unless necessary to meet functional requirements. +* R-34484 The VNF **SHOULD** create a single component VNF for VNFCs + that can be used by other VNFs. +* R-23035 The VNF **MUST** be designed to scale horizontally (more + instances of a VNF or VNFC) and not vertically (moving the existing + instances to larger VMs or increasing the resources within a VM) + to achieve effective utilization of cloud resources. +* R-30650 The VNF **MUST** utilize cloud provided infrastructure and + VNFs (e.g., virtualized Local Load Balancer) as part of the VNF so + that the cloud can manage and provide a consistent service resiliency + and methods across all VNF's. +* R-12709 The VNFC **SHOULD** be independently deployed, configured, + upgraded, scaled, monitored, and administered by ONAP. +* R-37692 The VNFC **MUST** provide API versioning to allow for + independent upgrades of VNFC. +* R-86585 The VNFC **SHOULD** minimize the use of state within + a VNFC to facilitate the movement of traffic from one instance + to another. +* R-65134 The VNF **SHOULD** maintain state in a geographically + redundant datastore that may, in fact, be its own VNFC. +* R-75850 The VNF **SHOULD** decouple persistent data from the VNFC + and keep it in its own datastore that can be reached by all instances + of the VNFC requiring the data. +* R-88199 The VNF **MUST** utilize a persistent datastore service that + can meet the data performance/latency requirements. (For example: + Datastore service could be a VNFC in VNF or a DBaaS in the Cloud + execution environment) +* R-99656 The VNF **MUST** NOT terminate stable sessions if a VNFC + instance fails. +* R-84473 The VNF **MUST** enable DPDK in the guest OS for VNF’s requiring + high packets/sec performance. High packet throughput is defined as greater + than 500K packets/sec. +* R-54430 The VNF **MUST** use the NCSP’s supported library and compute + flavor that supports DPDK to optimize network efficiency if using DPDK. [1]_ +* R-18864 The VNF **MUST** NOT use technologies that bypass virtualization + layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary + to meet functional or performance requirements). +* R-64768 The VNF **MUST** limit the size of application data packets + to no larger than 9000 bytes for SDN network-based tunneling when + guest data packets are transported between tunnel endpoints that + support guest logical networks. +* R-74481 The VNF **MUST** NOT require the use of a dynamic routing + protocol unless necessary to meet functional requirements. VNF Resiliency ------------------------- @@ -80,13 +111,26 @@ and virtualized services such as Load Balancers. All Layer Redundancy Requirements -* R-52499 The VNF **MUST** meet their own resiliency goals and not rely on the Network Cloud. -* R-42207 The VNF **MUST** design resiliency into a VNF such that the resiliency deployment model (e.g., active-active) can be chosen at run-time. -* R-03954 The VNF **MUST** survive any single points of failure within the Network Cloud (e.g., virtual NIC, VM, disk failure). -* R-89010 The VNF **MUST** survive any single points of software failure internal to the VNF (e.g., in memory structures, JMS message queues). -* R-67709 The VNF **MUST** be designed, built and packaged to enable deployment across multiple fault zones (e.g., VNFCs deployed in different servers, racks, OpenStack regions, geographies) so that in the event of a planned/unplanned downtime of a fault zone, the overall operation/throughput of the VNF is maintained. -* R-35291 The VNF **MUST** support the ability to failover a VNFC automatically to other geographically redundant sites if not deployed active-active to increase the overall resiliency of the VNF. -* R-36843 The VNF **MUST** support the ability of the VNFC to be deployable in multi-zoned cloud sites to allow for site support in the event of cloud zone failure or upgrades. +* R-52499 The VNF **MUST** meet their own resiliency goals and not rely + on the Network Cloud. +* R-42207 The VNF **MUST** design resiliency into a VNF such that the + resiliency deployment model (e.g., active-active) can be chosen at + run-time. +* R-03954 The VNF **MUST** survive any single points of failure within + the Network Cloud (e.g., virtual NIC, VM, disk failure). +* R-89010 The VNF **MUST** survive any single points of software failure + internal to the VNF (e.g., in memory structures, JMS message queues). +* R-67709 The VNF **MUST** be designed, built and packaged to enable + deployment across multiple fault zones (e.g., VNFCs deployed in + different servers, racks, OpenStack regions, geographies) so that + in the event of a planned/unplanned downtime of a fault zone, the + overall operation/throughput of the VNF is maintained. +* R-35291 The VNF **MUST** support the ability to failover a VNFC + automatically to other geographically redundant sites if not + deployed active-active to increase the overall resiliency of the VNF. +* R-36843 The VNF **MUST** support the ability of the VNFC to be deployable + in multi-zoned cloud sites to allow for site support in the event of cloud + zone failure or upgrades. Minimize Cross Data-Center Traffic ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -100,7 +144,8 @@ completed). Minimize Cross Data-Center Traffic Requirements -* R-92935 The VNF **SHOULD** minimize the propagation of state information across multiple data centers to avoid cross data center traffic. +* R-92935 The VNF **SHOULD** minimize the propagation of state information + across multiple data centers to avoid cross data center traffic. Application Resilient Error Handling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -113,14 +158,34 @@ applications. Application Resilient Error Handling Requirements -* R-26371 The VNF **MUST** detect communication failure for inter VNFC instance and intra/inter VNF and re-establish communication automatically to maintain the VNF without manual intervention to provide service continuity. -* R-18725 The VNF **MUST** handle the restart of a single VNFC instance without requiring all VNFC instances to be restarted. -* R-06668 The VNF **MUST** handle the start or restart of VNFC instances in any order with each VNFC instance establishing or re-establishing required connections or relationships with other VNFC instances and/or VNFs required to perform the VNF function/role without requiring VNFC instance(s) to be started/restarted in a particular order. -* R-80070 The VNF **MUST** handle errors and exceptions so that they do not interrupt processing of incoming VNF requests to maintain service continuity (where the error is not directly impacting the software handling the incoming request). -* R-32695 The VNF **MUST** provide the ability to modify the number of retries, the time between retries and the behavior/action taken after the retries have been exhausted for exception handling to allow the NCSP to control that behavior, where the interface and/or functional specification allows for altering behaviour. -* R-48356 The VNF **MUST** fully exploit exception handling to the extent that resources (e.g., threads and memory) are released when no longer needed regardless of programming language. -* R-67918 The VNF **MUST** handle replication race conditions both locally and geo-located in the event of a data base instance failure to maintain service continuity. -* R-36792 The VNF **MUST** automatically retry/resubmit failed requests made by the software to its downstream system to increase the success rate. +* R-26371 The VNF **MUST** detect communication failure for inter VNFC + instance and intra/inter VNF and re-establish communication + automatically to maintain the VNF without manual intervention to + provide service continuity. +* R-18725 The VNF **MUST** handle the restart of a single VNFC instance + without requiring all VNFC instances to be restarted. +* R-06668 The VNF **MUST** handle the start or restart of VNFC instances + in any order with each VNFC instance establishing or re-establishing + required connections or relationships with other VNFC instances and/or + VNFs required to perform the VNF function/role without requiring VNFC + instance(s) to be started/restarted in a particular order. +* R-80070 The VNF **MUST** handle errors and exceptions so that they do + not interrupt processing of incoming VNF requests to maintain service + continuity (where the error is not directly impacting the software + handling the incoming request). +* R-32695 The VNF **MUST** provide the ability to modify the number of + retries, the time between retries and the behavior/action taken after + the retries have been exhausted for exception handling to allow the + NCSP to control that behavior, where the interface and/or functional + specification allows for altering behaviour. +* R-48356 The VNF **MUST** fully exploit exception handling to the extent + that resources (e.g., threads and memory) are released when no longer + needed regardless of programming language. +* R-67918 The VNF **MUST** handle replication race conditions both locally + and geo-located in the event of a data base instance failure to maintain + service continuity. +* R-36792 The VNF **MUST** automatically retry/resubmit failed requests + made by the software to its downstream system to increase the success rate. System Resource Optimization @@ -136,16 +201,38 @@ any network or IO operation. System Resource Optimization Requirements -* R-22059 The VNF **MUST NOT** execute long running tasks (e.g., IO, database, network operations, service calls) in a critical section of code, so as to minimize blocking of other operations and increase concurrent throughput. -* R-63473 The VNF **MUST** automatically advertise newly scaled components so there is no manual intervention required. -* R-74712 The VNF **MUST** utilize FQDNs (and not IP address) for both Service Chaining and scaling. -* R-41159 The VNF **MUST** deliver any and all functionality from any VNFC in the pool (where pooling is the most suitable solution). The VNFC pool member should be transparent to the client. Upstream and downstream clients should only recognize the function being performed, not the member performing it. -* R-85959 The VNF **SHOULD** automatically enable/disable added/removed sub-components or component so there is no manual intervention required. -* R-06885 The VNF **SHOULD** support the ability to scale down a VNFC pool without jeopardizing active sessions. Ideally, an active session should not be tied to any particular VNFC instance. -* R-12538 The VNF **SHOULD** support load balancing and discovery mechanisms in resource pools containing VNFC instances. -* R-98989 The VNF **SHOULD** utilize resource pooling (threads, connections, etc.) within the VNF application so that resources are not being created and destroyed resulting in resource management overhead. -* R-55345 The VNF **SHOULD** use techniques such as “lazy loading” when initialization includes loading catalogues and/or lists which can grow over time, so that the VNF startup time does not grow at a rate proportional to that of the list. -* R-35532 The VNF **SHOULD** release and clear all shared assets (memory, database operations, connections, locks, etc.) as soon as possible, especially before long running sync and asynchronous operations, so as to not prevent use of these assets by other entities. +* R-22059 The VNF **MUST NOT** execute long running tasks (e.g., IO, + database, network operations, service calls) in a critical section + of code, so as to minimize blocking of other operations and increase + concurrent throughput. +* R-63473 The VNF **MUST** automatically advertise newly scaled + components so there is no manual intervention required. +* R-74712 The VNF **MUST** utilize FQDNs (and not IP address) for + both Service Chaining and scaling. +* R-41159 The VNF **MUST** deliver any and all functionality from any + VNFC in the pool (where pooling is the most suitable solution). The + VNFC pool member should be transparent to the client. Upstream and + downstream clients should only recognize the function being performed, + not the member performing it. +* R-85959 The VNF **SHOULD** automatically enable/disable added/removed + sub-components or component so there is no manual intervention required. +* R-06885 The VNF **SHOULD** support the ability to scale down a VNFC pool + without jeopardizing active sessions. Ideally, an active session should + not be tied to any particular VNFC instance. +* R-12538 The VNF **SHOULD** support load balancing and discovery + mechanisms in resource pools containing VNFC instances. +* R-98989 The VNF **SHOULD** utilize resource pooling (threads, + connections, etc.) within the VNF application so that resources + are not being created and destroyed resulting in resource management + overhead. +* R-55345 The VNF **SHOULD** use techniques such as “lazy loading” when + initialization includes loading catalogues and/or lists which can grow + over time, so that the VNF startup time does not grow at a rate + proportional to that of the list. +* R-35532 The VNF **SHOULD** release and clear all shared assets (memory, + database operations, connections, locks, etc.) as soon as possible, + especially before long running sync and asynchronous operations, so as + to not prevent use of these assets by other entities. Application Configuration Management @@ -156,9 +243,15 @@ to develop gold configurations for technologies like Java, Python, etc. Application Configuration Management Requirements -* R-77334 The VNF **MUST** allow configurations and configuration parameters to be managed under version control to ensure consistent configuration deployment, traceability and rollback. -* R-99766 The VNF **MUST** allow configurations and configuration parameters to be managed under version control to ensure the ability to rollback to a known valid configuration. -* R-73583 The VNF **MUST** allow changes of configuration parameters to be consumed by the VNF without requiring the VNF or its sub-components to be bounced so that the VNF availability is not effected. +* R-77334 The VNF **MUST** allow configurations and configuration parameters + to be managed under version control to ensure consistent configuration + deployment, traceability and rollback. +* R-99766 The VNF **MUST** allow configurations and configuration parameters + to be managed under version control to ensure the ability to rollback to + a known valid configuration. +* R-73583 The VNF **MUST** allow changes of configuration parameters + to be consumed by the VNF without requiring the VNF or its sub-components + to be bounced so that the VNF availability is not effected. Intelligent Transaction Distribution & Management @@ -176,9 +269,17 @@ deploying non-related elements in the same container). Intelligent Transaction Distribution & Management Requirements -* R-21558 The VNF **SHOULD** use intelligent routing by having knowledge of multiple downstream/upstream endpoints that are exposed to it, to ensure there is no dependency on external services (such as load balancers) to switch to alternate endpoints. -* R-08315 The VNF **SHOULD** use redundant connection pooling to connect to any backend data source that can be switched between pools in an automated/scripted fashion to ensure high availability of the connection to the data source. -* R-27995 The VNF **SHOULD** include control loop mechanisms to notify the consumer of the VNF of their exceeding SLA thresholds so the consumer is able to control its load against the VNF. +* R-21558 The VNF **SHOULD** use intelligent routing by having knowledge + of multiple downstream/upstream endpoints that are exposed to it, to + ensure there is no dependency on external services (such as load balancers) + to switch to alternate endpoints. +* R-08315 The VNF **SHOULD** use redundant connection pooling to connect + to any backend data source that can be switched between pools in an + automated/scripted fashion to ensure high availability of the connection + to the data source. +* R-27995 The VNF **SHOULD** include control loop mechanisms to notify + the consumer of the VNF of their exceeding SLA thresholds so the consumer + is able to control its load against the VNF. Deployment Optimization ^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -190,14 +291,39 @@ automation (remove the human from the mix). Deployment Optimization Requirements -* R-73364 The VNF **MUST** support at least two major versions of the VNF software and/or sub-components to co-exist within production environments at any time so that upgrades can be applied across multiple systems in a staggered manner. -* R-02454 The VNF **MUST** support the existence of multiple major/minor versions of the VNF software and/or sub-components and interfaces that support both forward and backward compatibility to be transparent to the Service Provider usage. -* R-57855 The VNF **MUST** support hitless staggered/rolling deployments between its redundant instances to allow "soak-time/burn in/slow roll" which can enable the support of low traffic loads to validate the deployment prior to supporting full traffic loads. -* R-64445 The VNF **MUST** support the ability of a requestor of the service to determine the version (and therefore capabilities) of the service so that Network Cloud Service Provider can understand the capabilities of the service. -* R-56793 The VNF **MUST** test for adherence to the defined performance budgets at each layer, during each delivery cycle with delivered results, so that the performance budget is measured and the code is adjusted to meet performance budget. -* R-77667 The VNF **MUST** test for adherence to the defined performance budget at each layer, during each delivery cycle so that the performance budget is measured and feedback is provided where the performance budget is not met. -* R-49308 The VNF **SHOULD** test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle with delivered results, so that the resiliency rating is measured and the code is adjusted to meet software resiliency requirements. -* R-16039 The VNF **SHOULD** test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle so that the resiliency rating is measured and feedback is provided where software resiliency requirements are not met. +* R-73364 The VNF **MUST** support at least two major versions of the + VNF software and/or sub-components to co-exist within production + environments at any time so that upgrades can be applied across + multiple systems in a staggered manner. +* R-02454 The VNF **MUST** support the existence of multiple major/minor + versions of the VNF software and/or sub-components and interfaces that + support both forward and backward compatibility to be transparent to + the Service Provider usage. +* R-57855 The VNF **MUST** support hitless staggered/rolling deployments + between its redundant instances to allow "soak-time/burn in/slow roll" + which can enable the support of low traffic loads to validate the + deployment prior to supporting full traffic loads. +* R-64445 The VNF **MUST** support the ability of a requestor of the + service to determine the version (and therefore capabilities) of the + service so that Network Cloud Service Provider can understand the + capabilities of the service. +* R-56793 The VNF **MUST** test for adherence to the defined performance + budgets at each layer, during each delivery cycle with delivered + results, so that the performance budget is measured and the code + is adjusted to meet performance budget. +* R-77667 The VNF **MUST** test for adherence to the defined performance + budget at each layer, during each delivery cycle so that the performance + budget is measured and feedback is provided where the performance budget + is not met. +* R-49308 The VNF **SHOULD** test for adherence to the defined resiliency + rating recommendation at each layer, during each delivery cycle with + delivered results, so that the resiliency rating is measured and the + code is adjusted to meet software resiliency requirements. +* R-16039 The VNF **SHOULD** test for adherence to the defined + resiliency rating recommendation at each layer, during each + delivery cycle so that the resiliency rating is measured and + feedback is provided where software resiliency requirements are + not met. Monitoring & Dashboard ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -212,14 +338,32 @@ post-incident diagnostics. Monitoring & Dashboard Requirements -* R-34957 The VNF **MUST** provide a method of metrics gathering for each layer's performance to identify/document variances in the allocations so they can be addressed. -* R-49224 The VNF **MUST** provide unique traceability of a transaction through its life cycle to ensure quick and efficient troubleshooting. -* R-52870 The VNF **MUST** provide a method of metrics gathering and analysis to evaluate the resiliency of the software from both a granular as well as a holistic standpoint. This includes, but is not limited to thread utilization, errors, timeouts, and retries. -* R-92571 The VNF **MUST** provide operational instrumentation such as logging, so as to facilitate quick resolution of issues with the VNF to provide service continuity. -* R-48917 The VNF **MUST** monitor for and alert on (both sender and receiver) errant, running longer than expected and missing file transfers, so as to minimize the impact due to file transfer errors. -* R-28168 The VNF **SHOULD** use an appropriately configured logging level that can be changed dynamically, so as to not cause performance degradation of the VNF due to excessive logging. -* R-87352 The VNF **SHOULD** utilize Cloud health checks, when available from the Network Cloud, from inside the application through APIs to check the network connectivity, dropped packets rate, injection, and auto failover to alternate sites if needed. -* R-16560 The VNF **SHOULD** conduct a resiliency impact assessment for all inter/intra-connectivity points in the VNF to provide an overall resiliency rating for the VNF to be incorporated into the software design and development of the VNF. +* R-34957 The VNF **MUST** provide a method of metrics gathering for each + layer's performance to identify/document variances in the allocations so + they can be addressed. +* R-49224 The VNF **MUST** provide unique traceability of a transaction + through its life cycle to ensure quick and efficient troubleshooting. +* R-52870 The VNF **MUST** provide a method of metrics gathering + and analysis to evaluate the resiliency of the software from both + a granular as well as a holistic standpoint. This includes, but is + not limited to thread utilization, errors, timeouts, and retries. +* R-92571 The VNF **MUST** provide operational instrumentation such as + logging, so as to facilitate quick resolution of issues with the VNF to + provide service continuity. +* R-48917 The VNF **MUST** monitor for and alert on (both sender and + receiver) errant, running longer than expected and missing file transfers, + so as to minimize the impact due to file transfer errors. +* R-28168 The VNF **SHOULD** use an appropriately configured logging + level that can be changed dynamically, so as to not cause performance + degradation of the VNF due to excessive logging. +* R-87352 The VNF **SHOULD** utilize Cloud health checks, when available + from the Network Cloud, from inside the application through APIs to check + the network connectivity, dropped packets rate, injection, and auto failover + to alternate sites if needed. +* R-16560 The VNF **SHOULD** conduct a resiliency impact assessment for all + inter/intra-connectivity points in the VNF to provide an overall resiliency + rating for the VNF to be incorporated into the software design and + development of the VNF. VNF Security ---------------------- @@ -268,38 +412,134 @@ requirements need to be met by the solution in a virtual environment: General Security Requirements -Integration and operation within a robust security environment is necessary and expected. The security architecture will include one or more of the following: IDAM (Identity and Access Management) for all system and applications access, Code scanning, network vulnerability scans, OS, Database and application patching, malware detection and cleaning, DDOS prevention, network security gateways (internal and external) operating at various layers, host and application based tools for security compliance validation, aggressive security patch application, tightly controlled software distribution and change control processes and other state of the art security solutions. The VNF is expected to function reliably within such an environment and the developer is expected to understand and accommodate such controls and can expected to supply responsive interoperability support and testing throughout the product’s lifecycle. - -* R-23740 The VNF **MUST** accommodate the security principle of “least privilege” during development, implementation and operation. The importance of “least privilege” cannot be overstated and must be observed in all aspects of VNF development and not limited to security. This is applicable to all sections of this document. -* R-61354 The VNF **MUST** implement access control list for OA&M services (e.g., restricting access to certain ports or applications). -* R-85633 The VNF **MUST** implement Data Storage Encryption (database/disk encryption) for Sensitive Personal Information (SPI) and other subscriber identifiable data. Note: subscriber’s SPI/data must be encrypted at rest, and other subscriber identifiable data should be encrypted at rest. Other data protection requirements exist and should be well understood by the developer. -* R-92207 The VNF **SHOULD** implement a mechanism for automated and frequent "system configuration (automated provisioning / closed loop)" auditing. -* R-23882 The VNF **SHOULD** be scanned using both network scanning and application scanning security tools on all code, including underlying OS and related configuration. Scan reports shall be provided. Remediation roadmaps shall be made available for any findings. -* R-46986 The VNF **SHOULD** have source code scanned using scanning tools (e.g., Fortify) and provide reports. -* R-55830 The VNF **MUST** distribute all production code from NCSP internal sources only. No production code, libraries, OS images, etc. shall be distributed from publically accessible depots. -* R-99771 The VNF **MUST** provide all code/configuration files in a "Locked down" or hardened state or with documented recommendations for such hardening. All unnecessary services will be disabled. VNF provider default credentials, community strings and other such artifacts will be removed or disclosed so that they can be modified or removed during provisioning. -* R-19768 The VNF **SHOULD** support L3 VPNs that enable segregation of traffic by application (dropping packets not belonging to the VPN) (i.e., AVPN, IPSec VPN for Internet routes). -* R-33981 The VNF **SHOULD** interoperate with various access control mechanisms for the Network Cloud execution environment (e.g., Hypervisors, containers). -* R-40813 The VNF **SHOULD** support the use of virtual trusted platform module, hypervisor security testing and standards scanning tools. -* R-56904 The VNF **MUST** interoperate with the ONAP (SDN) Controller so that it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual routing and forwarding rules. -* R-26586 The VNF **SHOULD** support the ability to work with aliases (e.g., gateways, proxies) to protect and encapsulate resources. -* R-49956 The VNF **MUST** pass all access to applications (Bearer, signaling and OA&M) through various security tools and platforms from ACLs, stateful firewalls and application layer gateways depending on manner of deployment. The application is expected to function (and in some cases, interwork) with these security tools. -* R-69649 The VNF **MUST** have all vulnerabilities patched as soon as possible. Patching shall be controlled via change control process with vulnerabilities disclosed along with mitigation recommendations. -* R-78010 The VNF **MUST** use the NCSP’s IDAM API for Identification, authentication and access control of customer or VNF application users. -* R-42681 The VNF **MUST** use the NCSP’s IDAM API or comply with the requirements if not using the NCSP’s IDAM API, for identification, authentication and access control of OA&M and other system level functions. -* R-68589 The VNF **MUST**, if not using the NCSP’s IDAM API, support User-IDs and passwords to uniquely identify the user/application. VNF needs to have appropriate connectors to the Identity, Authentication and Authorization systems that enables access at OS, Database and Application levels as appropriate. -* R-52085 The VNF **MUST**, if not using the NCSP’s IDAM API, provide the ability to support Multi-Factor Authentication (e.g., 1st factor = Software token on device (RSA SecureID); 2nd factor = User Name+Password, etc.) for the users. -* R-98391 The VNF **MUST**, if not using the NCSP’s IDAM API, support Role-Based Access Control to permit/limit the user/application to performing specific activities. -* R-63217 The VNF **MUST**, if not using the NCSP’s IDAM API, support logging via ONAP for a historical view of “who did what and when”. -* R-62498 The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt OA&M access (e.g., SSH, SFTP). -* R-79107 The VNF **MUST**, if not using the NCSP’s IDAM API, enforce a configurable maximum number of Login attempts policy for the users. VNF provider must comply with "terminate idle sessions" policy. Interactive sessions must be terminated, or a secure, locking screensaver must be activated requiring authentication, after a configurable period of inactivity. The system-based inactivity timeout for the enterprise identity and access management system must also be configurable. -* R-35144 The VNF **MUST**, if not using the NCSP’s IDAM API, comply with the NCSP’s credential management policy. -* R-75041 The VNF **MUST**, if not using the NCSP’s IDAM API, expire passwords at regular configurable intervals. -* R-46908 The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "password complexity" policy. When passwords are used, they shall be complex and shall at least meet the following password construction requirements: (1) be a minimum configurable number of characters in length, (2) include 3 of the 4 following types of characters: upper-case alphabetic, lower-case alphabetic, numeric, and special, (3) not be the same as the UserID with which they are associated or other common strings as specified by the environment, (4) not contain repeating or sequential characters or numbers, (5) not to use special characters that may have command functions, and (6) new passwords must not contain sequences of three or more characters from the previous password. -* R-39342 The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "password changes (includes default passwords)" policy. Products will support password aging, syntax and other credential management practices on a configurable basis. -* R-40521 The VNF **MUST**, if not using the NCSP’s IDAM API, support use of common third party authentication and authorization tools such as TACACS+, RADIUS. -* R-41994 The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "No Self-Signed Certificates" policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as TLS 1.2 or higher or equivalent security protocols such as IPSec, AES. -* R-23135 The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate system to system communications where one system accesses the resources of another system, and must never conceal individual accountability. +Integration and operation within a robust security environment is necessary +and expected. The security architecture will include one or more of the +following: IDAM (Identity and Access Management) for all system and +applications access, Code scanning, network vulnerability scans, OS, +Database and application patching, malware detection and cleaning, +DDOS prevention, network security gateways (internal and external) +operating at various layers, host and application based tools for +security compliance validation, aggressive security patch application, +tightly controlled software distribution and change control processes +and other state of the art security solutions. The VNF is expected to +function reliably within such an environment and the developer is +expected to understand and accommodate such controls and can expected +to supply responsive interoperability support and testing throughout +the product’s lifecycle. + +* R-23740 The VNF **MUST** accommodate the security principle of + “least privilege” during development, implementation and operation. + The importance of “least privilege” cannot be overstated and must be + observed in all aspects of VNF development and not limited to security. + This is applicable to all sections of this document. +* R-61354 The VNF **MUST** implement access control list for OA&M + services (e.g., restricting access to certain ports or applications). +* R-85633 The VNF **MUST** implement Data Storage Encryption + (database/disk encryption) for Sensitive Personal Information (SPI) + and other subscriber identifiable data. Note: subscriber’s SPI/data + must be encrypted at rest, and other subscriber identifiable data + should be encrypted at rest. Other data protection requirements exist + and should be well understood by the developer. +* R-92207 The VNF **SHOULD** implement a mechanism for automated and + frequent "system configuration (automated provisioning / closed loop)" + auditing. +* R-23882 The VNF **SHOULD** be scanned using both network scanning + and application scanning security tools on all code, including underlying + OS and related configuration. Scan reports shall be provided. Remediation + roadmaps shall be made available for any findings. +* R-46986 The VNF **SHOULD** have source code scanned using scanning + tools (e.g., Fortify) and provide reports. +* R-55830 The VNF **MUST** distribute all production code from NCSP + internal sources only. No production code, libraries, OS images, etc. + shall be distributed from publically accessible depots. +* R-99771 The VNF **MUST** provide all code/configuration files in a + "Locked down" or hardened state or with documented recommendations for + such hardening. All unnecessary services will be disabled. VNF provider + default credentials, community strings and other such artifacts will be + removed or disclosed so that they can be modified or removed during + provisioning. +* R-19768 The VNF **SHOULD** support L3 VPNs that enable segregation of + traffic by application (dropping packets not belonging to the VPN) (i.e., + AVPN, IPSec VPN for Internet routes). +* R-33981 The VNF **SHOULD** interoperate with various access control + mechanisms for the Network Cloud execution environment (e.g., + Hypervisors, containers). +* R-40813 The VNF **SHOULD** support the use of virtual trusted platform + module, hypervisor security testing and standards scanning tools. +* R-56904 The VNF **MUST** interoperate with the ONAP (SDN) Controller so that + it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual + routing and forwarding rules. +* R-26586 The VNF **SHOULD** support the ability to work with aliases + (e.g., gateways, proxies) to protect and encapsulate resources. +* R-49956 The VNF **MUST** pass all access to applications (Bearer, + signaling and OA&M) through various security tools and platforms from + ACLs, stateful firewalls and application layer gateways depending on + manner of deployment. The application is expected to function (and in + some cases, interwork) with these security tools. +* R-69649 The VNF **MUST** have all vulnerabilities patched as soon + as possible. Patching shall be controlled via change control process + with vulnerabilities disclosed along with mitigation recommendations. +* R-78010 The VNF **MUST** use the NCSP’s IDAM API for Identification, + authentication and access control of customer or VNF application users. +* R-42681 The VNF **MUST** use the NCSP’s IDAM API or comply with + the requirements if not using the NCSP’s IDAM API, for identification, + authentication and access control of OA&M and other system level + functions. +* R-68589 The VNF **MUST**, if not using the NCSP’s IDAM API, support + User-IDs and passwords to uniquely identify the user/application. VNF + needs to have appropriate connectors to the Identity, Authentication + and Authorization systems that enables access at OS, Database and + Application levels as appropriate. +* R-52085 The VNF **MUST**, if not using the NCSP’s IDAM API, provide + the ability to support Multi-Factor Authentication (e.g., 1st factor = + Software token on device (RSA SecureID); 2nd factor = User Name+Password, + etc.) for the users. +* R-98391 The VNF **MUST**, if not using the NCSP’s IDAM API, support + Role-Based Access Control to permit/limit the user/application to + performing specific activities. +* R-63217 The VNF **MUST**, if not using the NCSP’s IDAM API, support + logging via ONAP for a historical view of “who did what and when”. +* R-62498 The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt + OA&M access (e.g., SSH, SFTP). +* R-79107 The VNF **MUST**, if not using the NCSP’s IDAM API, enforce + a configurable maximum number of Login attempts policy for the users. + VNF provider must comply with "terminate idle sessions" policy. + Interactive sessions must be terminated, or a secure, locking screensaver + must be activated requiring authentication, after a configurable period + of inactivity. The system-based inactivity timeout for the enterprise + identity and access management system must also be configurable. +* R-35144 The VNF **MUST**, if not using the NCSP’s IDAM API, comply + with the NCSP’s credential management policy. +* R-75041 The VNF **MUST**, if not using the NCSP’s IDAM API, expire + passwords at regular configurable intervals. +* R-46908 The VNF **MUST**, if not using the NCSP’s IDAM API, comply + with "password complexity" policy. When passwords are used, they shall + be complex and shall at least meet the following password construction + requirements: (1) be a minimum configurable number of characters in + length, (2) include 3 of the 4 following types of characters: + upper-case alphabetic, lower-case alphabetic, numeric, and special, + (3) not be the same as the UserID with which they are associated or + other common strings as specified by the environment, (4) not contain + repeating or sequential characters or numbers, (5) not to use special + characters that may have command functions, and (6) new passwords must + not contain sequences of three or more characters from the previous + password. +* R-39342 The VNF **MUST**, if not using the NCSP’s IDAM API, comply + with "password changes (includes default passwords)" policy. Products + will support password aging, syntax and other credential management + practices on a configurable basis. +* R-40521 The VNF **MUST**, if not using the NCSP’s IDAM API, support + use of common third party authentication and authorization tools such + as TACACS+, RADIUS. +* R-41994 The VNF **MUST**, if not using the NCSP’s IDAM API, comply + with "No Self-Signed Certificates" policy. Self-signed certificates + must be used for encryption only, using specified and approved + encryption protocols such as TLS 1.2 or higher or equivalent security + protocols such as IPSec, AES. +* R-23135 The VNF **MUST**, if not using the NCSP’s IDAM API, + authenticate system to system communications where one system + accesses the resources of another system, and must never conceal + individual accountability. VNF Identity and Access Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -310,42 +550,102 @@ management need to be met by the solution in a virtual environment: Identity and Access Management Requirements -* R-95105 The VNF **MUST** host connectors for access to the application layer. -* R-45496 The VNF **MUST** host connectors for access to the OS (Operating System) layer. +* R-95105 The VNF **MUST** host connectors for access to the application + layer. +* R-45496 The VNF **MUST** host connectors for access to the OS + (Operating System) layer. * R-05470 The VNF **MUST** host connectors for access to the database layer. -* R-99174 The VNF **MUST** comply with Individual Accountability (each person must be assigned a unique ID) when persons or non-person entities access VNFs. -* R-42874 The VNF **MUST** comply with Least Privilege (no more privilege than required to perform job functions) when persons or non-person entities access VNFs. -* R-71787 The VNF **MUST** comply with Segregation of Duties (access to a single layer and no developer may access production without special oversight) when persons or non-person entities access VNFs. +* R-99174 The VNF **MUST** comply with Individual Accountability + (each person must be assigned a unique ID) when persons or non-person + entities access VNFs. +* R-42874 The VNF **MUST** comply with Least Privilege (no more + privilege than required to perform job functions) when persons + or non-person entities access VNFs. +* R-71787 The VNF **MUST** comply with Segregation of Duties (access to a + single layer and no developer may access production without special + oversight) when persons or non-person entities access VNFs. * R-86261 The VNF **MUST NOT** allow VNF provider access to VNFs remotely. -* R-49945 The VNF **MUST** authorize VNF provider access through a client application API by the client application owner and the resource owner of the VNF before provisioning authorization through Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), or other policy based mechanism. -* R-31751 The VNF **MUST** subject VNF provider access to privilege reconciliation tools to prevent access creep and ensure correct enforcement of access policies. -* R-34552 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for OWASP Top 10. -* R-29301 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Password Attacks. -* R-72243 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Phishing / SMishing. -* R-58998 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Malware (Key Logger). -* R-14025 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Session Hijacking. -* R-31412 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for XSS / CSRF. -* R-51883 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Replay. -* R-44032 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Man in the Middle (MITM). -* R-58977 The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Eavesdropping. -* R-24825 The VNF **MUST** provide Context awareness data (device, location, time, etc.) and be able to integrate with threat detection system. -* R-59391 The VNF provider **MUST**, where a VNF provider requires the assumption of permissions, such as root or administrator, first log in under their individual user login ID then switch to the other higher level account; or where the individual user login is infeasible, must login with an account with admin privileges in a way that uniquely identifies the individual performing the function. -* R-85028 The VNF **MUST** authenticate system to system access and do not conceal a VNF provider user’s individual accountability for transactions. -* R-80335 The VNF **MUST** make visible a Warning Notice: A formal statement of resource intent, i.e., a warning notice, upon initial access to a VNF provider user who accesses private internal networks or Company computer resources, e.g., upon initial logon to an internal web site, system or application which requires authentication. -* R-73541 The VNF **MUST** use access controls for VNFs and their supporting computing systems at all times to restrict access to authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. -* R-64503 The VNF **MUST** provide minimum privileges for initial and default settings for new user accounts. -* R-86835 The VNF **MUST** set the default settings for user access to sensitive commands and data to deny authorization. -* R-77157 The VNF **MUST** conform to approved request, workflow authorization, and authorization provisioning requirements when creating privileged users. -* R-81147 The VNF **MUST** have greater restrictions for access and execution, such as up to 3 factors of authentication and restricted authorization, for commands affecting network services, such as commands relating to VNFs. -* R-49109 The VNF **MUST** encrypt TCP/IP--HTTPS (e.g., TLS v1.2) transmission of data on internal and external networks. +* R-49945 The VNF **MUST** authorize VNF provider access through a + client application API by the client application owner and the resource + owner of the VNF before provisioning authorization through Role Based + Access Control (RBAC), Attribute Based Access Control (ABAC), or other + policy based mechanism. +* R-31751 The VNF **MUST** subject VNF provider access to privilege + reconciliation tools to prevent access creep and ensure correct + enforcement of access policies. +* R-34552 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for OWASP Top 10. +* R-29301 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Password Attacks. +* R-72243 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Phishing / SMishing. +* R-58998 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Malware (Key Logger). +* R-14025 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Session Hijacking. +* R-31412 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for XSS / CSRF. +* R-51883 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Replay. +* R-44032 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Man in the Middle (MITM). +* R-58977 The VNF **MUST** provide or support the Identity and Access + Management (IDAM) based threat detection data for Eavesdropping. +* R-24825 The VNF **MUST** provide Context awareness data (device, + location, time, etc.) and be able to integrate with threat detection system. +* R-59391 The VNF provider **MUST**, where a VNF provider requires + the assumption of permissions, such as root or administrator, first + log in under their individual user login ID then switch to the other + higher level account; or where the individual user login is infeasible, + must login with an account with admin privileges in a way that + uniquely identifies the individual performing the function. +* R-85028 The VNF **MUST** authenticate system to system access and + do not conceal a VNF provider user’s individual accountability for + transactions. +* R-80335 The VNF **MUST** make visible a Warning Notice: A formal + statement of resource intent, i.e., a warning notice, upon initial + access to a VNF provider user who accesses private internal networks + or Company computer resources, e.g., upon initial logon to an internal + web site, system or application which requires authentication. +* R-73541 The VNF **MUST** use access controls for VNFs and their + supporting computing systems at all times to restrict access to + authorized personnel only, e.g., least privilege. These controls + could include the use of system configuration or access control + software. +* R-64503 The VNF **MUST** provide minimum privileges for initial + and default settings for new user accounts. +* R-86835 The VNF **MUST** set the default settings for user access + to sensitive commands and data to deny authorization. +* R-77157 The VNF **MUST** conform to approved request, workflow + authorization, and authorization provisioning requirements when + creating privileged users. +* R-81147 The VNF **MUST** have greater restrictions for access and + execution, such as up to 3 factors of authentication and restricted + authorization, for commands affecting network services, such as + commands relating to VNFs. +* R-49109 The VNF **MUST** encrypt TCP/IP--HTTPS (e.g., TLS v1.2) + transmission of data on internal and external networks. * R-39562 The VNF **MUST** disable unnecessary or vulnerable cgi-bin programs. -* R-15671 The VNF **MUST NOT** provide public or unrestricted access to any data without the permission of the data owner. All data classification and access controls must be followed. -* R-89753 The VNF **MUST NOT** install or use systems, tools or utilities capable of capturing or logging data that was not created by them or sent specifically to them in production, without authorization of the VNF system owner. -* R-19082 The VNF **MUST NOT** run security testing tools and programs, e.g., password cracker, port scanners, hacking tools in production, without authorization of the VNF system owner. -* R-19790 The VNF **MUST NOT** include authentication credentials in security audit logs, even if encrypted. -* R-85419 The VNF **SHOULD** use REST APIs exposed to Client Applications for the implementation of OAuth 2.0 Authorization Code Grant and Client Credentials Grant, as the standard interface for a VNF. -* R-86455 The VNF **SHOULD** support hosting connectors for OS Level and Application Access. -* R-48080 The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). +* R-15671 The VNF **MUST NOT** provide public or unrestricted access + to any data without the permission of the data owner. All data + classification and access controls must be followed. +* R-89753 The VNF **MUST NOT** install or use systems, tools or + utilities capable of capturing or logging data that was not created + by them or sent specifically to them in production, without + authorization of the VNF system owner. +* R-19082 The VNF **MUST NOT** run security testing tools and + programs, e.g., password cracker, port scanners, hacking tools + in production, without authorization of the VNF system owner. +* R-19790 The VNF **MUST NOT** include authentication credentials + in security audit logs, even if encrypted. +* R-85419 The VNF **SHOULD** use REST APIs exposed to Client + Applications for the implementation of OAuth 2.0 Authorization + Code Grant and Client Credentials Grant, as the standard interface + for a VNF. +* R-86455 The VNF **SHOULD** support hosting connectors for OS + Level and Application Access. +* R-48080 The VNF **SHOULD** support SCEP (Simple Certificate + Enrollment Protocol). VNF API Security Requirements @@ -364,21 +664,49 @@ security requirements: API Requirements -* R-37608 The VNF **MUST** provide a mechanism to restrict access based on the attributes of the VNF and the attributes of the subject. -* R-43884 The VNF **MUST** integrate with external authentication and authorization services (e.g., IDAM). -* R-25878 The VNF **MUST** use certificates issued from publicly recognized Certificate Authorities (CA) for the authentication process where PKI-based authentication is used. -* R-19804 The VNF **MUST** validate the CA signature on the certificate, ensure that the date is within the validity period of the certificate, check the Certificate Revocation List (CRL), and recognize the identity represented by the certificate where PKI-based authentication is used. -* R-47204 The VNF **MUST** protect the confidentiality and integrity of data at rest and in transit from unauthorized access and modification. -* R-33488 The VNF **MUST** protect against all denial of service attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools. -* R-21652 The VNF **MUST** implement the following input validation control: Check the size (length) of all input. Do not permit an amount of input so great that it would cause the VNF to fail. Where the input may be a file, the VNF API must enforce a size limit. -* R-54930 The VNF **MUST** implement the following input validation control: Do not permit input that contains content or characters inappropriate to the input expected by the design. Inappropriate input, such as SQL insertions, may cause the system to execute undesirable and unauthorized transactions against the database or allow other inappropriate access to the internal network. -* R-21210 The VNF **MUST** implement the following input validation control: Validate that any input file has a correct and valid Multipurpose Internet Mail Extensions (MIME) type. Input files should be tested for spoofed MIME types. +* R-37608 The VNF **MUST** provide a mechanism to restrict access based + on the attributes of the VNF and the attributes of the subject. +* R-43884 The VNF **MUST** integrate with external authentication + and authorization services (e.g., IDAM). +* R-25878 The VNF **MUST** use certificates issued from publicly + recognized Certificate Authorities (CA) for the authentication process + where PKI-based authentication is used. +* R-19804 The VNF **MUST** validate the CA signature on the certificate, + ensure that the date is within the validity period of the certificate, + check the Certificate Revocation List (CRL), and recognize the identity + represented by the certificate where PKI-based authentication is used. +* R-47204 The VNF **MUST** protect the confidentiality and integrity of + data at rest and in transit from unauthorized access and modification. +* R-33488 The VNF **MUST** protect against all denial of service + attacks, both volumetric and non-volumetric, or integrate with external + denial of service protection tools. +* R-21652 The VNF **MUST** implement the following input validation + control: Check the size (length) of all input. Do not permit an amount + of input so great that it would cause the VNF to fail. Where the input + may be a file, the VNF API must enforce a size limit. +* R-54930 The VNF **MUST** implement the following input validation + control: Do not permit input that contains content or characters + inappropriate to the input expected by the design. Inappropriate input, + such as SQL insertions, may cause the system to execute undesirable + and unauthorized transactions against the database or allow other + inappropriate access to the internal network. +* R-21210 The VNF **MUST** implement the following input validation + control: Validate that any input file has a correct and valid + Multipurpose Internet Mail Extensions (MIME) type. Input files + should be tested for spoofed MIME types. * R-23772 The VNF **MUST** validate input at all layers implementing VNF APIs. -* R-87135 The VNF **MUST** comply with NIST standards and industry best practices for all implementations of cryptography. -* R-02137 The VNF **MUST** implement all monitoring and logging as described in the Security Analytics section. -* R-15659 The VNF **MUST** restrict changing the criticality level of a system security alarm to administrator(s). -* R-19367 The VNF **MUST** monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. -* R-78066 The VNF **MUST** support requests for information from law enforcement and government agencies. +* R-87135 The VNF **MUST** comply with NIST standards and industry + best practices for all implementations of cryptography. +* R-02137 The VNF **MUST** implement all monitoring and logging as + described in the Security Analytics section. +* R-15659 The VNF **MUST** restrict changing the criticality level of + a system security alarm to administrator(s). +* R-19367 The VNF **MUST** monitor API invocation patterns to detect + anomalous access patterns that may represent fraudulent access or + other types of attacks, or integrate with tools that implement anomaly + and abuse detection. +* R-78066 The VNF **MUST** support requests for information from law + enforcement and government agencies. VNF Security Analytics Requirements @@ -428,50 +756,111 @@ solution in a virtual environment. Security Analytics Requirements -* R-48470 The VNF **MUST** support Real-time detection and notification of security events. -* R-22286 The VNF **MUST** support Integration functionality via API/Syslog/SNMP to other functional modules in the network (e.g., PCRF, PCEF) that enable dynamic security control by blocking the malicious traffic or malicious end users -* R-32636 The VNF **MUST** support API-based monitoring to take care of the scenarios where the control interfaces are not exposed, or are optimized and proprietary in nature. -* R-61648 The VNF **MUST** support event logging, formats, and delivery tools to provide the required degree of event data to ONAP -* R-22367 The VNF **MUST** support detection of malformed packets due to software misconfiguration or software vulnerability. -* R-31961 The VNF **MUST** support integrated DPI/monitoring functionality as part of VNFs (e.g., PGW, MME). -* R-20912 The VNF **MUST** support alternative monitoring capabilities when VNFs do not expose data or control traffic or use proprietary and optimized protocols for inter VNF communication. -* R-73223 The VNF **MUST** support proactive monitoring to detect and report the attacks on resources so that the VNFs and associated VMs can be isolated, such as detection techniques for resource exhaustion, namely OS resource attacks, CPU attacks, consumption of kernel memory, local storage attacks. -* R-58370 The VNF **MUST** coexist and operate normally with commercial anti-virus software which shall produce alarms every time when there is a security incident. -* R-56920 The VNF **MUST** protect all security audit logs (including API, OS and application-generated logs), security audit software, data, and associated documentation from modification, or unauthorized viewing, by standard OS access control mechanisms, by sending to a remote system, or by encryption. +* R-48470 The VNF **MUST** support Real-time detection and + notification of security events. +* R-22286 The VNF **MUST** support Integration functionality via + API/Syslog/SNMP to other functional modules in the network (e.g., + PCRF, PCEF) that enable dynamic security control by blocking the + malicious traffic or malicious end users +* R-32636 The VNF **MUST** support API-based monitoring to take care of + the scenarios where the control interfaces are not exposed, or are + optimized and proprietary in nature. +* R-61648 The VNF **MUST** support event logging, formats, and delivery + tools to provide the required degree of event data to ONAP +* R-22367 The VNF **MUST** support detection of malformed packets due to + software misconfiguration or software vulnerability. +* R-31961 The VNF **MUST** support integrated DPI/monitoring functionality + as part of VNFs (e.g., PGW, MME). +* R-20912 The VNF **MUST** support alternative monitoring capabilities + when VNFs do not expose data or control traffic or use proprietary and + optimized protocols for inter VNF communication. +* R-73223 The VNF **MUST** support proactive monitoring to detect and + report the attacks on resources so that the VNFs and associated VMs can + be isolated, such as detection techniques for resource exhaustion, namely + OS resource attacks, CPU attacks, consumption of kernel memory, local + storage attacks. +* R-58370 The VNF **MUST** coexist and operate normally with commercial + anti-virus software which shall produce alarms every time when there is a + security incident. +* R-56920 The VNF **MUST** protect all security audit logs (including + API, OS and application-generated logs), security audit software, data, + and associated documentation from modification, or unauthorized viewing, + by standard OS access control mechanisms, by sending to a remote system, + or by encryption. * R-54520 The VNF **MUST** log successful and unsuccessful login attempts. * R-55478 The VNF **MUST** log logoffs. -* R-08598 The VNF **MUST** log successful and unsuccessful changes to a privilege level. -* R-13344 The VNF **MUST** log starting and stopping of security logging -* R-07617 The VNF **MUST** log creating, removing, or changing the inherent privilege level of users. -* R-94525 The VNF **MUST** log connections to a network listener of the resource. -* R-31614 The VNF **MUST** log the field “event type” in the security audit logs. -* R-97445 The VNF **MUST** log the field “date/time” in the security audit logs. +* R-08598 The VNF **MUST** log successful and unsuccessful changes to + a privilege level. +* R-13344 The VNF **MUST** log starting and stopping of security + logging. +* R-07617 The VNF **MUST** log creating, removing, or changing the + inherent privilege level of users. +* R-94525 The VNF **MUST** log connections to a network listener of the + resource. +* R-31614 The VNF **MUST** log the field “event type” in the security + audit logs. +* R-97445 The VNF **MUST** log the field “date/time” in the security + audit logs. * R-25547 The VNF **MUST** log the field “protocol” in the security audit logs. -* R-06413 The VNF **MUST** log the field “service or program used for access” in the security audit logs. -* R-15325 The VNF **MUST** log the field “success/failure” in the security audit logs. +* R-06413 The VNF **MUST** log the field “service or program used for + access” in the security audit logs. +* R-15325 The VNF **MUST** log the field “success/failure” in the + security audit logs. * R-89474 The VNF **MUST** log the field “Login ID” in the security audit logs. -* R-04982 The VNF **MUST NOT** include an authentication credential, e.g., password, in the security audit logs, even if encrypted. -* R-63330 The VNF **MUST** detect when the security audit log storage medium is approaching capacity (configurable) and issue an alarm via SMS or equivalent as to allow time for proper actions to be taken to pre-empt loss of audit data. -* R-41252 The VNF **MUST** support the capability of online storage of security audit logs. -* R-41825 The VNF **MUST** activate security alarms automatically when the following event is detected: configurable number of consecutive unsuccessful login attempts -* R-43332 The VNF **MUST** activate security alarms automatically when the following event is detected: successful modification of critical system or application files -* R-74958 The VNF **MUST** activate security alarms automatically when the following event is detected: unsuccessful attempts to gain permissions or assume the identity of another user -* R-15884 The VNF **MUST** include the field “date” in the Security alarms (where applicable and technically feasible). -* R-23957 The VNF **MUST** include the field “time” in the Security alarms (where applicable and technically feasible). -* R-71842 The VNF **MUST** include the field “service or program used for access” in the Security alarms (where applicable and technically feasible). -* R-57617 The VNF **MUST** include the field “success/failure” in the Security alarms (where applicable and technically feasible). -* R-99730 The VNF **MUST** include the field “Login ID” in the Security alarms (where applicable and technically feasible). -* R-29705 The VNF **MUST** restrict changing the criticality level of a system security alarm to administrator(s). -* R-13627 The VNF **MUST** monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. -* R-21819 The VNF **MUST** support requests for information from law enforcement and government agencies. -* R-56786 The VNF **MUST** implement “Closed Loop” automatic implementation (without human intervention) for Known Threats with detection rate in low false positives. +* R-04982 The VNF **MUST NOT** include an authentication credential, + e.g., password, in the security audit logs, even if encrypted. +* R-63330 The VNF **MUST** detect when the security audit log storage + medium is approaching capacity (configurable) and issue an alarm via + SMS or equivalent as to allow time for proper actions to be taken to + pre-empt loss of audit data. +* R-41252 The VNF **MUST** support the capability of online storage of + security audit logs. +* R-41825 The VNF **MUST** activate security alarms automatically when + the following event is detected: configurable number of consecutive + unsuccessful login attempts +* R-43332 The VNF **MUST** activate security alarms automatically when + the following event is detected: successful modification of critical + system or application files +* R-74958 The VNF **MUST** activate security alarms automatically when + the following event is detected: unsuccessful attempts to gain permissions + or assume the identity of another user +* R-15884 The VNF **MUST** include the field “date” in the Security alarms + (where applicable and technically feasible). +* R-23957 The VNF **MUST** include the field “time” in the Security alarms + (where applicable and technically feasible). +* R-71842 The VNF **MUST** include the field “service or program used for + access” in the Security alarms (where applicable and technically feasible). +* R-57617 The VNF **MUST** include the field “success/failure” in the + Security alarms (where applicable and technically feasible). +* R-99730 The VNF **MUST** include the field “Login ID” in the Security + alarms (where applicable and technically feasible). +* R-29705 The VNF **MUST** restrict changing the criticality level of a + system security alarm to administrator(s). +* R-13627 The VNF **MUST** monitor API invocation patterns to detect + anomalous access patterns that may represent fraudulent access or other + types of attacks, or integrate with tools that implement anomaly and + abuse detection. +* R-21819 The VNF **MUST** support requests for information from law + enforcement and government agencies. +* R-56786 The VNF **MUST** implement “Closed Loop” automatic implementation + (without human intervention) for Known Threats with detection rate in low + false positives. * R-25094 The VNF **MUST** perform data capture for security functions. -* R-04492 The VNF **MUST** generate security audit logs that must be sent to Security Analytics Tools for analysis. -* R-19219 The VNF **MUST** provide audit logs that include user ID, dates, times for log-on and log-off, and terminal location at minimum. -* R-30932 The VNF **MUST** provide security audit logs including records of successful and rejected system access data and other resource access attempts. -* R-54816 The VNF **MUST** support the storage of security audit logs for agreed period of time for forensic analysis. -* R-57271 The VNF **MUST** provide the capability of generating security audit logs by interacting with the operating system (OS) as appropriate. -* R-84160 The VNF **MUST** have security logging for VNFs and their OSs be active from initialization. Audit logging includes automatic routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. +* R-04492 The VNF **MUST** generate security audit logs that must be sent + to Security Analytics Tools for analysis. +* R-19219 The VNF **MUST** provide audit logs that include user ID, dates, + times for log-on and log-off, and terminal location at minimum. +* R-30932 The VNF **MUST** provide security audit logs including records + of successful and rejected system access data and other resource access + attempts. +* R-54816 The VNF **MUST** support the storage of security audit logs + for agreed period of time for forensic analysis. +* R-57271 The VNF **MUST** provide the capability of generating security + audit logs by interacting with the operating system (OS) as appropriate. +* R-84160 The VNF **MUST** have security logging for VNFs and their + OSs be active from initialization. Audit logging includes automatic + routines to maintain activity records and cleanup programs to ensure + the integrity of the audit/logging systems. VNF Data Protection Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -482,28 +871,61 @@ applicable to security monitoring. Data Protection Requirements -* R-58964 The VNF **MUST** provide the capability to restrict read and write access to data. -* R-99112 The VNF **MUST** provide the capability to restrict access to data to specific users. -* R-83227 The VNF **MUST** Provide the capability to encrypt data in transit on a physical or virtual network. -* R-32641 The VNF **MUST** provide the capability to encrypt data on non-volatile memory. -* R-13151 The VNF **SHOULD** disable the paging of the data requiring encryption, if possible, where the encryption of non-transient data is required on a device for which the operating system performs paging to virtual memory. If not possible to disable the paging of the data requiring encryption, the virtual memory should be encrypted. -* R-93860 The VNF **MUST** provide the capability to integrate with an external encryption service. -* R-73067 The VNF **MUST** use industry standard cryptographic algorithms and standard modes of operations when implementing cryptography. -* R-22645 The VNF **SHOULD** use commercial algorithms only when there are no applicable governmental standards for specific cryptographic functions, e.g., public key cryptography, message digests. -* R-12467 The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and Skipjack algorithms or other compromised encryption. -* R-02170 The VNF **MUST** use, whenever possible, standard implementations of security applications, protocols, and format, e.g., S/MIME, TLS, SSH, IPSec, X.509 digital certificates for cryptographic implementations. These implementations must be purchased from reputable vendors and must not be developed in-house. -* R-70933 The VNF **MUST** provide the ability to migrate to newer versions of cryptographic algorithms and protocols with no impact. +* R-58964 The VNF **MUST** provide the capability to restrict read + and write access to data. +* R-99112 The VNF **MUST** provide the capability to restrict access + to data to specific users. +* R-83227 The VNF **MUST** Provide the capability to encrypt data in + transit on a physical or virtual network. +* R-32641 The VNF **MUST** provide the capability to encrypt data on + non-volatile memory. +* R-13151 The VNF **SHOULD** disable the paging of the data requiring + encryption, if possible, where the encryption of non-transient data is + required on a device for which the operating system performs paging to + virtual memory. If not possible to disable the paging of the data + requiring encryption, the virtual memory should be encrypted. +* R-93860 The VNF **MUST** provide the capability to integrate with an + external encryption service. +* R-73067 The VNF **MUST** use industry standard cryptographic algorithms + and standard modes of operations when implementing cryptography. +* R-22645 The VNF **SHOULD** use commercial algorithms only when there + are no applicable governmental standards for specific cryptographic + functions, e.g., public key cryptography, message digests. +* R-12467 The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and + Skipjack algorithms or other compromised encryption. +* R-02170 The VNF **MUST** use, whenever possible, standard implementations + of security applications, protocols, and format, e.g., S/MIME, TLS, SSH, + IPSec, X.509 digital certificates for cryptographic implementations. + These implementations must be purchased from reputable vendors and must + not be developed in-house. +* R-70933 The VNF **MUST** provide the ability to migrate to newer + versions of cryptographic algorithms and protocols with no impact. * R-44723 The VNF **MUST** use symmetric keys of at least 112 bits in length. * R-25401 The VNF **MUST** use asymmetric keys of at least 2048 bits in length. -* R-95864 The VNF **MUST** use commercial tools that comply with X.509 standards and produce x.509 compliant keys for public/private key generation. -* R-12110 The VNF **MUST NOT** use keys generated or derived from predictable functions or values, e.g., values considered predictable include user identity information, time of day, stored/transmitted data. -* R-52060 The VNF **MUST** provide the capability to configure encryption algorithms or devices so that they comply with the laws of the jurisdiction in which there are plans to use data encryption. -* R-69610 The VNF **MUST** provide the capability of using certificates issued from a Certificate Authority not provided by the VNF provider. -* R-83500 The VNF **MUST** provide the capability of allowing certificate renewal and revocation. -* R-29977 The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the CA signature on the certificate. -* R-24359 The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the date the certificate is being used is within the validity period for the certificate. -* R-39604 The VNF **MUST** provide the capability of testing the validity of a digital certificate by checking the Certificate Revocation List (CRL) for the certificates of that type to ensure that the certificate has not been revoked. -* R-75343 The VNF **MUST** provide the capability of testing the validity of a digital certificate by recognizing the identity represented by the certificate — the "distinguished name". +* R-95864 The VNF **MUST** use commercial tools that comply with X.509 + standards and produce x.509 compliant keys for public/private key generation. +* R-12110 The VNF **MUST NOT** use keys generated or derived from + predictable functions or values, e.g., values considered predictable + include user identity information, time of day, stored/transmitted data. +* R-52060 The VNF **MUST** provide the capability to configure encryption + algorithms or devices so that they comply with the laws of the jurisdiction + in which there are plans to use data encryption. +* R-69610 The VNF **MUST** provide the capability of using certificates + issued from a Certificate Authority not provided by the VNF provider. +* R-83500 The VNF **MUST** provide the capability of allowing certificate + renewal and revocation. +* R-29977 The VNF **MUST** provide the capability of testing the validity + of a digital certificate by validating the CA signature on the certificate. +* R-24359 The VNF **MUST** provide the capability of testing the validity + of a digital certificate by validating the date the certificate is being + used is within the validity period for the certificate. +* R-39604 The VNF **MUST** provide the capability of testing the + validity of a digital certificate by checking the Certificate Revocation + List (CRL) for the certificates of that type to ensure that the + certificate has not been revoked. +* R-75343 The VNF **MUST** provide the capability of testing the + validity of a digital certificate by recognizing the identity represented + by the certificate — the "distinguished name". VNF Modularity --------------------------- @@ -534,7 +956,8 @@ types: * R-37028 The VNF **MUST** be composed of one “base” module. * R-41215 The VNF **MAY** have zero to many “incremental” modules. -* R-20974 The VNF **MUST** deploy the base module first, prior to the incremental modules. +* R-20974 The VNF **MUST** deploy the base module first, prior to + the incremental modules. ONAP also supports the concept of an optional, independently deployed Cinder volume via a separate Heat Orchestration Templates, referred to @@ -543,11 +966,15 @@ Virtual Machine (VM) (i.e., OS::Nova::Server) is deleted, allowing the volume to be reused on another instance (e.g., during a failover activity). -* R-11200 The VNF **MUST** keep the scope of a Cinder volume module, when it exists, to be 1:1 with the VNF Base Module or Incremental Module. +* R-11200 The VNF **MUST** keep the scope of a Cinder volume module, + when it exists, to be 1:1 with the VNF Base Module or Incremental Module. -* R-38474 The VNF **MUST** have a corresponding environment file for a Base Module. -* R-81725 The VNF **MUST** have a corresponding environment file for an Incremental Module. -* R-53433 The VNF **MUST** have a corresponding environment file for a Cinder Volume Module. +* R-38474 The VNF **MUST** have a corresponding environment file for + a Base Module. +* R-81725 The VNF **MUST** have a corresponding environment file for + an Incremental Module. +* R-53433 The VNF **MUST** have a corresponding environment file for + a Cinder Volume Module. These concepts will be described in more detail throughout the document. This overview is provided to set the stage and help clarify the concepts @@ -866,19 +1293,50 @@ the DevOps guidelines for VNFs. DevOps Requirements -* R-46960 NCSPs **MAY** operate a limited set of Guest OS and CPU architectures and families, virtual machines, etc. -* R-23475 VNFCs **SHOULD** be agnostic to the details of the Network Cloud (such as hardware, host OS, Hypervisor or container technology) and must run on the Network Cloud with acknowledgement to the paradigm that the Network Cloud will continue to rapidly evolve and the underlying components of the platform will change regularly. -* R-33846 The VNF **MUST** install the NCSP required software on Guest OS images when not using the NCSP provided Guest OS images. [1]_ +* R-46960 NCSPs **MAY** operate a limited set of Guest OS and CPU + architectures and families, virtual machines, etc. +* R-23475 VNFCs **SHOULD** be agnostic to the details of the Network Cloud + (such as hardware, host OS, Hypervisor or container technology) and must run + on the Network Cloud with acknowledgement to the paradigm that the Network + Cloud will continue to rapidly evolve and the underlying components of + the platform will change regularly. +* R-33846 The VNF **MUST** install the NCSP required software on Guest OS + images when not using the NCSP provided Guest OS images. [1]_ * R-09467 The VNF **MUST** utilize only NCSP standard compute flavors. [1]_ -* R-02997 The VNF **MUST** preserve their persistent data. Running VMs will not be backed up in the Network Cloud infrastructure. -* R-29760 The VNFC **MUST** be installed on non-root file systems, unless software is specifically included with the operating system distribution of the guest image. -* R-20860 The VNF **MUST** be agnostic to the underlying infrastructure (such as hardware, host OS, Hypervisor), any requirements should be provided as specification to be fulfilled by any hardware. -* R-89800 The VNF **MUST NOT** require Hypervisor-level customization from the cloud provider. -* R-86758 The VNF **SHOULD** provide an automated test suite to validate every new version of the software on the target environment(s). The tests should be of sufficient granularity to independently test various representative VNF use cases throughout its lifecycle. Operations might choose to invoke these tests either on a scheduled basis or on demand to support various operations functions including test, turn-up and troubleshooting. -* R-39650 The VNF **SHOULD** provide the ability to test incremental growth of the VNF. -* R-14853 The VNF **MUST** respond to a "move traffic" [2]_ command against a specific VNFC, moving all existing session elsewhere with minimal disruption if a VNF provides a load balancing function across multiple instances of its VNFCs. Note: Individual VNF performance aspects (e.g., move duration or disruption scope) may require further constraints. -* R-06327 The VNF **MUST** respond to a "drain VNFC" [2]_ command against a specific VNFC, preventing new session from reaching the targeted VNFC, with no disruption to active sessions on the impacted VNFC, if a VNF provides a load balancing function across multiple instances of its VNFCs. This is used to support scenarios such as proactive maintenance with no user impact. -* R-64713 The VNF **SHOULD** support a software promotion methodology from dev/test -> pre-prod -> production in software, development & testing and operations. +* R-02997 The VNF **MUST** preserve their persistent data. Running VMs + will not be backed up in the Network Cloud infrastructure. +* R-29760 The VNFC **MUST** be installed on non-root file systems, + unless software is specifically included with the operating system + distribution of the guest image. +* R-20860 The VNF **MUST** be agnostic to the underlying infrastructure + (such as hardware, host OS, Hypervisor), any requirements should be + provided as specification to be fulfilled by any hardware. +* R-89800 The VNF **MUST NOT** require Hypervisor-level customization + from the cloud provider. +* R-86758 The VNF **SHOULD** provide an automated test suite to validate + every new version of the software on the target environment(s). The tests + should be of sufficient granularity to independently test various + representative VNF use cases throughout its lifecycle. Operations might + choose to invoke these tests either on a scheduled basis or on demand to + support various operations functions including test, turn-up and + troubleshooting. +* R-39650 The VNF **SHOULD** provide the ability to test incremental + growth of the VNF. +* R-14853 The VNF **MUST** respond to a "move traffic" [2]_ command + against a specific VNFC, moving all existing session elsewhere with + minimal disruption if a VNF provides a load balancing function across + multiple instances of its VNFCs. Note: Individual VNF performance + aspects (e.g., move duration or disruption scope) may require further + constraints. +* R-06327 The VNF **MUST** respond to a "drain VNFC" [2]_ command against + a specific VNFC, preventing new session from reaching the targeted VNFC, + with no disruption to active sessions on the impacted VNFC, if a VNF + provides a load balancing function across multiple instances of its VNFCs. + This is used to support scenarios such as proactive maintenance with no + user impact. +* R-64713 The VNF **SHOULD** support a software promotion methodology + from dev/test -> pre-prod -> production in software, development & + testing and operations. VNF Develop Steps -------------------------------- diff --git a/docs/Chapter6.rst b/docs/Chapter6.rst index 8bfd04c..ee56ee1 100644 --- a/docs/Chapter6.rst +++ b/docs/Chapter6.rst @@ -6,7 +6,14 @@ **Infrastructure Requirements** ===================================== -This Amsterdam release of the requirements is targeted for those implementations that consist of Network Clouds: Vanilla OpenStack (based on Ocata_) and commercial Clouds for example: OpenStack (including `Titanium - Mitaka from Wind River`_ and `VIO - Ocata from VMware`_). Future versions of ONAP are envisioned to include other targeted cloud infrastructure implementations, for example, on-premise private cloud, public cloud, or hybrid cloud implementations, and related network backends, e.g. `Microsoft Azure`_ et al. +This Amsterdam release of the requirements is targeted for those +implementations that consist of Network Clouds: Vanilla OpenStack +(based on Ocata_) and commercial Clouds for example: OpenStack +(including `Titanium - Mitaka from Wind River`_ and +`VIO - Ocata from VMware`_). Future versions of ONAP are +envisioned to include other targeted cloud infrastructure implementations, +for example, on-premise private cloud, public cloud, or hybrid cloud +implementations, and related network backends, e.g. `Microsoft Azure`_ et al. .. _Ocata: https://releases.openstack.org/ocata/ .. _Titanium - Mitaka from Wind River: https://www.windriver.com/products/titanium-cloud/ diff --git a/docs/Chapter7.rst b/docs/Chapter7.rst index 880be3e..257f19f 100644 --- a/docs/Chapter7.rst +++ b/docs/Chapter7.rst @@ -6,13 +6,55 @@ **ONAP Management Requirements** ===================================== -The ONAP platform is the part of the larger Network Function Virtualization/Software Defined Network (NFV/SDN) ecosystem that is responsible for the efficient control, operation and management of Virtual Network Function (VNF) capabilities and functions. It specifies standardized abstractions and interfaces that enable efficient interoperation of the NVF/SDN ecosystem components. It enables product/service independent capabilities for design, creation and runtime lifecycle management (includes all aspects of installation, change management, assurance, and retirement) of resources in NFV/SDN environment (see ECOMP white paper ). These capabilities are provided using two major architectural frameworks: (1) a Design Time Framework to design, define and program the platform (uniform onboarding), and (2) a Runtime Execution Framework to execute the logic programmed in the design environment (uniform delivery and runtime lifecycle management). The platform delivers an integrated information model based on the VNF package to express the characteristics and behavior of these resources in the Design Time Framework. The information model is utilized by Runtime Execution Framework to manage the runtime lifecycle of the VNFs. The management processes are orchestrated across various modules of ONAP to instantiate, configure, scale, monitor, and reconfigure the VNFs using a set of standard APIs provided by the VNF developers. - -Although the guidelines and requirements specified in this document were originally driven by the need to standardize and automate the management of the virtualized environments (with VNFs) operated by Service Providers, we believe that most of the requirements are equally applicable to the operation of the physical network functions (PNFs), those network functions provided by traditional physical network elements (e.g. whitebox switches) or customized peripherals (e.g. a video rendering engine for augmented reality). The primary area of difference will be in how the network function is orchestrated into place – VNFs can be much more dynamically created & placed by ONAP to support varying geographic, availability and scalability needs, whereas the PNFs have to be deployed a priori in specific locations based on planning and engineering – their availability and scalability will be determined by the capabilities offered by the PNFs. - -**PNF** is a vendor-provided Network Function(s) implemented using a bundled set of hardware and software while VNFs utilize cloud resources to provide Network Functions through virtualized software modules. PNF can be supplied by a vendor as a Black BOX (provides no knowledge of its internal characteristics, logic, and software design/architecture) or as a White Box (provides detailed knowledge and access of its internal components and logic) or as a Grey Box (provides limited knowledge and access to its internal components). - -* Requirements that equally apply to both VNFs and PNFs are defined as "The xNF MUST/SHOULD/..." +The ONAP platform is the part of the larger Network Function +Virtualization/Software Defined Network (NFV/SDN) ecosystem that +is responsible for the efficient control, operation and management +of Virtual Network Function (VNF) capabilities and functions. It +specifies standardized abstractions and interfaces that enable +efficient interoperation of the NVF/SDN ecosystem components. It +enables product/service independent capabilities for design, creation +and runtime lifecycle management (includes all aspects of installation, +change management, assurance, and retirement) of resources in NFV/SDN +environment (see ECOMP white paper ). These capabilities are provided +using two major architectural frameworks: (1) a Design Time Framework +to design, define and program the platform (uniform onboarding), and +(2) a Runtime Execution Framework to execute the logic programmed in +the design environment (uniform delivery and runtime lifecycle +management). The platform delivers an integrated information model +based on the VNF package to express the characteristics and behavior +of these resources in the Design Time Framework. The information model +is utilized by Runtime Execution Framework to manage the runtime +lifecycle of the VNFs. The management processes are orchestrated +across various modules of ONAP to instantiate, configure, scale, +monitor, and reconfigure the VNFs using a set of standard APIs +provided by the VNF developers. + +Although the guidelines and requirements specified in this document +were originally driven by the need to standardize and automate the +management of the virtualized environments (with VNFs) operated by +Service Providers, we believe that most of the requirements are equally +applicable to the operation of the physical network functions (PNFs), +those network functions provided by traditional physical network +elements (e.g. whitebox switches) or customized peripherals (e.g. a +video rendering engine for augmented reality). The primary area of +difference will be in how the network function is orchestrated into +place – VNFs can be much more dynamically created & placed by ONAP +to support varying geographic, availability and scalability needs, +whereas the PNFs have to be deployed a priori in specific locations +based on planning and engineering – their availability and scalability +will be determined by the capabilities offered by the PNFs. + +**PNF** is a vendor-provided Network Function(s) implemented using a +bundled set of hardware and software while VNFs utilize cloud resources +to provide Network Functions through virtualized software modules. PNF +can be supplied by a vendor as a Black BOX (provides no knowledge of its +internal characteristics, logic, and software design/architecture) or as +a White Box (provides detailed knowledge and access of its internal +components and logic) or as a Grey Box (provides limited knowledge and +access to its internal components). + +* Requirements that equally apply to both VNFs and PNFs are defined as + "The xNF MUST/SHOULD/..." * Requirements that only apply to VNFs are defined as "The VNF MUST/SHOULD/..." * Requirements that only apply to PNFs are defined as "The PNF MUST/SHOULD/..." @@ -20,7 +62,10 @@ Although the guidelines and requirements specified in this document were origina Service Design ------------------------------------ -This section, Service Design, has been left intentionally blank. It is out-of-scope for the VNF Requirements project for the Amsterdam release and no numbered requirements are expected. Content may be added in future updates of this document. +This section, Service Design, has been left intentionally blank. It +is out-of-scope for the VNF Requirements project for the Amsterdam +release and no numbered requirements are expected. Content may be +added in future updates of this document. VNF On-boarding and package management ----------------------------------------------------------------------------- @@ -46,115 +91,222 @@ and GS NFV IFA011 V0.3.0 (2015-10) - Network Functions Virtualization Resource Description ^^^^^^^^^^^^^^^^^^^^^^ -* R-77707 The VNF provider **MUST** include a Manifest File that contains a list of all the components in the VNF package. -* R-66070 The xNF Package **MUST** include xNF Identification Data to uniquely identify the resource for a given xNF provider. The identification data must include: an identifier for the xNF, the name of the xNF as was given by the xNF provider, xNF description, xNF provider, and version. -* R-69565 The xNF Package **MUST** include documentation describing xNF Management APIs. The document must include information and tools for: - - - ONAP to deploy and configure (initially and ongoing) the xNF application(s) (e.g., NETCONF APIs). Includes description of configurable parameters for the xNF and whether the parameters can be configured after xNF instantiation. - - ONAP to monitor the health of the xNF (conditions that require healing and/or scaling responses). Includes a description of: - - - Parameters that can be monitored for the xNF and event records (status, fault, flow, session, call, control plane, etc.) generated by the xNF after instantiation. - - Runtime lifecycle events and related actions (e.g., control responses, tests) which can be performed for the xNF. - -* R-84366 The xNF Package **MUST** include documentation describing xNF Functional APIs that are utilized to build network and application services. This document describes the externally exposed functional inputs and outputs for the xNF, including interface format and protocols supported. -* R-36280 The xNF provider **MUST** provide documentation describing xNF Functional Capabilities that are utilized to operationalize the xNF and compose complex services. -* R-98617 The xNF provider **MUST** provide information regarding any dependency (e.g., affinity, anti-affinity) with other xNFs and resources. +* R-77707 The VNF provider **MUST** include a Manifest File that + contains a list of all the components in the VNF package. +* R-66070 The xNF Package **MUST** include xNF Identification Data to + uniquely identify the resource for a given xNF provider. The identification + data must include: an identifier for the xNF, the name of the xNF as was + given by the xNF provider, xNF description, xNF provider, and version. +* R-69565 The xNF Package **MUST** include documentation describing + xNF Management APIs. The document must include information and + tools for: + + - ONAP to deploy and configure (initially and ongoing) the xNF + application(s) (e.g., NETCONF APIs). Includes description of + configurable parameters for the xNF and whether the parameters + can be configured after xNF instantiation. + - ONAP to monitor the health of the xNF (conditions that require + healing and/or scaling responses). Includes a description of: + + - Parameters that can be monitored for the xNF and event records + (status, fault, flow, session, call, control plane, etc.) generated + by the xNF after instantiation. + - Runtime lifecycle events and related actions (e.g., control + responses, tests) which can be performed for the xNF. + +* R-84366 The xNF Package **MUST** include documentation describing + xNF Functional APIs that are utilized to build network and + application services. This document describes the externally exposed + functional inputs and outputs for the xNF, including interface + format and protocols supported. +* R-36280 The xNF provider **MUST** provide documentation describing + xNF Functional Capabilities that are utilized to operationalize the + xNF and compose complex services. +* R-98617 The xNF provider **MUST** provide information regarding any + dependency (e.g., affinity, anti-affinity) with other xNFs and resources. Resource Configuration ^^^^^^^^^^^^^^^^^^^^^^^ -* R-89571 The xNF **MUST** support and provide artifacts for configuration management using at least one of the following technologies: +* R-89571 The xNF **MUST** support and provide artifacts for + configuration management using at least one of the following + technologies: - Netconf/YANG - Chef - Ansible - Note: The requirements for Netconf/YANG, Chef, and Ansible protocols are provided separately and must be supported only if the corresponding protocol option is provided by the xNF providor. + Note: The requirements for Netconf/YANG, Chef, and Ansible protocols + are provided separately and must be supported only if the corresponding + protocol option is provided by the xNF providor. Configuration Management via Netconf/YANG ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * R-30278 The xNF provider **MUST** provide a Resource/Device YANG model as a foundation for creating the YANG model for configuration. This will include xNF attributes/parameters and valid values/attributes configurable by policy. + * R-30278 The xNF provider **MUST** provide a Resource/Device YANG model + as a foundation for creating the YANG model for configuration. This will + include xNF attributes/parameters and valid values/attributes configurable + by policy. Configuration Management via Chef ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * R-13390 The xNF provider **MUST** provide cookbooks to be loaded on the appropriate Chef Server. - * R-18525 The xNF provider **MUST** provide a JSON file for each supported action for the xNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix A. + * R-13390 The xNF provider **MUST** provide cookbooks to be loaded + on the appropriate Chef Server. + * R-18525 The xNF provider **MUST** provide a JSON file for each + supported action for the xNF. The JSON file must contain key value + pairs with all relevant values populated with sample data that illustrates + its usage. The fields and their description are defined in Appendix A. Note: Chef support in ONAP is not currently available and planned for 4Q 2017. Configuration Management via Ansible ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * R-75608 The xNF provider **MUST** provide playbooks to be loaded on the appropriate Ansible Server. - * R-16777 The xNF provider **MUST** provide a JSON file for each supported action for the xNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix B. + * R-75608 The xNF provider **MUST** provide playbooks to be loaded + on the appropriate Ansible Server. + * R-16777 The xNF provider **MUST** provide a JSON file for each + supported action for the xNF. The JSON file must contain key value + pairs with all relevant values populated with sample data that illustrates + its usage. The fields and their description are defined in Appendix B. -* R-46567 The xNF Package **MUST** include configuration scripts for boot sequence and configuration. -* R-16065 The xNF provider **MUST** provide configurable parameters (if unable to conform to YANG model) including xNF attributes/parameters and valid values, dynamic attributes and cross parameter dependencies (e.g., customer provisioning data). +* R-46567 The xNF Package **MUST** include configuration scripts + for boot sequence and configuration. +* R-16065 The xNF provider **MUST** provide configurable parameters + (if unable to conform to YANG model) including xNF attributes/parameters + and valid values, dynamic attributes and cross parameter dependencies + (e.g., customer provisioning data). Resource Control Loop ^^^^^^^^^^^^^^^^^^^^^^^ -* R-22888 The xNF provider **MUST** provide documentation for the xNF Policy Description to manage the xNF runtime lifecycle. The document must include a description of how the policies (conditions and actions) are implemented in the xNF. -* R-01556 The xNF Package **MUST** include documentation describing the fault, performance, capacity events/alarms and other event records that are made available by the xNF. The document must include: - - - A unique identification string for the specific xNF, a description of the problem that caused the error, and steps or procedures to perform Root Cause Analysis and resolve the issue. - - All events, severity level (e.g., informational, warning, error) and descriptions including causes/fixes if applicable for the event. +* R-22888 The xNF provider **MUST** provide documentation for the xNF + Policy Description to manage the xNF runtime lifecycle. The document + must include a description of how the policies (conditions and actions) + are implemented in the xNF. +* R-01556 The xNF Package **MUST** include documentation describing the + fault, performance, capacity events/alarms and other event records that + are made available by the xNF. The document must include: + + - A unique identification string for the specific xNF, a description + of the problem that caused the error, and steps or procedures to + perform Root Cause Analysis and resolve the issue. + - All events, severity level (e.g., informational, warning, error) + and descriptions including causes/fixes if applicable for the event. - All events (fault, measurement for xNF Scaling, Syslogs, State Change and Mobile Flow), that need to be collected at each VM, VNFC (defined in `VNF Guidelines <http://onap.readthedocs.io/en/latest/submodules/vnfrqts/guidelines.git/docs/vnf_guidelines/vnf_guidelines.html#a-glossary>`__ ) and for the overall xNF. -* R-27711 The xNF provider **MUST** provide an XML file that contains a list of xNF error codes, descriptions of the error, and possible causes/corrective action. -* R-01478 The xNF Package **MUST** include documentation describing all parameters that are available to monitor the xNF after instantiation (includes all counters, OIDs, PM data, KPIs, etc.) that must be collected for reporting purposes. The documentation must include a list of: - - - Monitoring parameters/counters exposed for virtual resource management and xNF application management. - - KPIs and metrics that need to be collected at each VM for capacity planning and performance management purposes. - - The monitoring parameters must include latencies, success rates, retry rates, load and quality (e.g., DPM) for the key transactions/functions supported by the xNF and those that must be exercised by the xNF in order to perform its function. +* R-27711 The xNF provider **MUST** provide an XML file that contains a + list of xNF error codes, descriptions of the error, and possible + causes/corrective action. +* R-01478 The xNF Package **MUST** include documentation describing all + parameters that are available to monitor the xNF after instantiation + (includes all counters, OIDs, PM data, KPIs, etc.) that must be collected + for reporting purposes. The documentation must include a list of: + + - Monitoring parameters/counters exposed for virtual resource + management and xNF application management. + - KPIs and metrics that need to be collected at each VM for capacity + planning and performance management purposes. + - The monitoring parameters must include latencies, success rates, + retry rates, load and quality (e.g., DPM) for the key + transactions/functions supported by the xNF and those that must + be exercised by the xNF in order to perform its function. - For each KPI, provide lower and upper limits. - - When relevant, provide a threshold crossing alert point for each KPI and describe the significance of the threshold crossing. - - For each KPI, identify the suggested actions that need to be performed when a threshold crossing alert event is recorded. - - Describe any requirements for the monitoring component of tools for Network Cloud automation and management to provide these records to components of the xNF. - - When applicable, provide calculators needed to convert raw data into appropriate reporting artifacts. - -* R-56815 The xNF Package **MUST** include documentation describing supported xNF scaling capabilities and capacity limits (e.g., number of users, bandwidth, throughput, concurrent calls). -* R-48596 The xNF Package **MUST** include documentation describing the characteristics for the xNF reliability and high availability. -* R-74763 The xNF provider **MUST** provide an artifact per xNF that contains all of the xNF Event Records supported. The artifact should include reference to the specific release of the xNF Event Stream Common Event Data Model document it is based on. (e.g., `VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__) + - When relevant, provide a threshold crossing alert point for + each KPI and describe the significance of the threshold crossing. + - For each KPI, identify the suggested actions that need to be + performed when a threshold crossing alert event is recorded. + - Describe any requirements for the monitoring component of tools + for Network Cloud automation and management to provide these records + to components of the xNF. + - When applicable, provide calculators needed to convert raw data + into appropriate reporting artifacts. + +* R-56815 The xNF Package **MUST** include documentation describing + supported xNF scaling capabilities and capacity limits (e.g., number + of users, bandwidth, throughput, concurrent calls). +* R-48596 The xNF Package **MUST** include documentation describing + the characteristics for the xNF reliability and high availability. +* R-74763 The xNF provider **MUST** provide an artifact per xNF that contains + all of the xNF Event Records supported. The artifact should include + reference to the specific release of the xNF Event Stream Common Event + Data Model document it is based on. (e.g., + `VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__) Compute, Network, and Storage Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -* R-35851 The xNF Package **MUST** include xNF topology that describes basic network and application connectivity internal and external to the xNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if applicable) for each interface. -* R-97102 The VNF Package **MUST** include VM requirements via a Heat template that provides the necessary data for: +* R-35851 The xNF Package **MUST** include xNF topology that describes + basic network and application connectivity internal and external to the + xNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if + applicable) for each interface. +* R-97102 The VNF Package **MUST** include VM requirements via a Heat + template that provides the necessary data for: - - VM specifications for all VNF components - for hypervisor, CPU, memory, storage. + - VM specifications for all VNF components - for hypervisor, CPU, + memory, storage. - Network connections, interface connections, internal and external to VNF. - High availability redundancy model. - Scaling/growth VM specifications. Note: Must comply with the *Heat requirements in 5.b*. -* R-26881 The xNF provider **MUST** provide the binaries and images needed to instantiate the xNF (xNF and VNFC images). -* R-96634 The VNF provider **MUST** describe scaling capabilities to manage scaling characteristics of the VNF. +* R-26881 The xNF provider **MUST** provide the binaries and images + needed to instantiate the xNF (xNF and VNFC images). +* R-96634 The VNF provider **MUST** describe scaling capabilities + to manage scaling characteristics of the VNF. Testing ^^^^^^^^^^ -* R-43958 The xNF Package **MUST** include documentation describing the tests that were conducted by the xNF providor and the test results. -* R-04298 The xNF provider **MUST** provide their testing scripts to support testing. -* R-58775 The xNF provider **MUST** provide software components that can be packaged with/near the xNF, if needed, to simulate any functions or systems that connect to the xNF system under test. This component is necessary only if the existing testing environment does not have the necessary simulators. +* R-43958 The xNF Package **MUST** include documentation describing + the tests that were conducted by the xNF providor and the test results. +* R-04298 The xNF provider **MUST** provide their testing scripts to + support testing. +* R-58775 The xNF provider **MUST** provide software components that + can be packaged with/near the xNF, if needed, to simulate any functions + or systems that connect to the xNF system under test. This component is + necessary only if the existing testing environment does not have the + necessary simulators. Licensing Requirements ^^^^^^^^^^^^^^^^^^^^^^^ -* R-85653 The xNF **MUST** provide metrics (e.g., number of sessions, number of subscribers, number of seats, etc.) to ONAP for tracking every license. -* R-44125 The xNF provider **MUST** agree to the process that can be met by Service Provider reporting infrastructure. The Contract shall define the reporting process and the available reporting tools. -* R-40827 The xNF provider **MUST** enumerate all of the open source licenses their xNF(s) incorporate. -* R-97293 The xNF provider **MUST NOT** require audits of Service Provider’s business. -* R-44569 The xNF provider **MUST NOT** require additional infrastructure such as a xNF provider license server for xNF provider functions and metrics. -* R-13613 The VNF **MUST** provide clear measurements for licensing purposes to allow automated scale up/down by the management system. -* R-27511 The VNF provider **MUST** provide the ability to scale up a VNF provider supplied product during growth and scale down a VNF provider supplied product during decline without “real-time” restrictions based upon VNF provider permissions. -* R-85991 The xNF provider **MUST** provide a universal license key per xNF to be used as needed by services (i.e., not tied to a VM instance) as the recommended solution. The xNF provider may provide pools of Unique xNF License Keys, where there is a unique key for each xNF instance as an alternate solution. Licensing issues should be resolved without interrupting in-service xNFs. -* R-47849 The xNF provider **MUST** support the metadata about licenses (and their applicable entitlements) as defined in this document for xNF software, and any license keys required to authorize use of the xNF software. This metadata will be used to facilitate onboarding the xNF into the ONAP environment and automating processes for putting the licenses into use and managing the full lifecycle of the licenses. The details of this license model are described in Appendix C. Note: License metadata support in ONAP is not currently available and planned for 1Q 2018. +* R-85653 The xNF **MUST** provide metrics (e.g., number of sessions, + number of subscribers, number of seats, etc.) to ONAP for tracking + every license. +* R-44125 The xNF provider **MUST** agree to the process that can + be met by Service Provider reporting infrastructure. The Contract + shall define the reporting process and the available reporting tools. +* R-40827 The xNF provider **MUST** enumerate all of the open + source licenses their xNF(s) incorporate. +* R-97293 The xNF provider **MUST NOT** require audits of + Service Provider’s business. +* R-44569 The xNF provider **MUST NOT** require additional + infrastructure such as a xNF provider license server for xNF provider + functions and metrics. +* R-13613 The VNF **MUST** provide clear measurements for licensing + purposes to allow automated scale up/down by the management system. +* R-27511 The VNF provider **MUST** provide the ability to scale + up a VNF provider supplied product during growth and scale down a + VNF provider supplied product during decline without “real-time” + restrictions based upon VNF provider permissions. +* R-85991 The xNF provider **MUST** provide a universal license key + per xNF to be used as needed by services (i.e., not tied to a VM + instance) as the recommended solution. The xNF provider may provide + pools of Unique xNF License Keys, where there is a unique key for + each xNF instance as an alternate solution. Licensing issues should + be resolved without interrupting in-service xNFs. +* R-47849 The xNF provider **MUST** support the metadata about + licenses (and their applicable entitlements) as defined in this + document for xNF software, and any license keys required to authorize + use of the xNF software. This metadata will be used to facilitate + onboarding the xNF into the ONAP environment and automating processes + for putting the licenses into use and managing the full lifecycle of + the licenses. The details of this license model are described in + Appendix C. Note: License metadata support in ONAP is not currently + available and planned for 1Q 2018. Configuration Management --------------------------------------------------- @@ -185,66 +337,162 @@ VNF Configuration via NETCONF Requirements Configuration Management +++++++++++++++++++++++++++ -* R-88026 The xNF **MUST** include a NETCONF server enabling runtime configuration and lifecycle management capabilities. -* R-95950 The xNF **MUST** provide a NETCONF interface fully defined by supplied YANG models for the embedded NETCONF server. +* R-88026 The xNF **MUST** include a NETCONF server enabling + runtime configuration and lifecycle management capabilities. +* R-95950 The xNF **MUST** provide a NETCONF interface fully defined + by supplied YANG models for the embedded NETCONF server. NETCONF Server Requirements ++++++++++++++++++++++++++++++ -* R-73468 The xNF **MUST** allow the NETCONF server connection parameters to be configurable during virtual machine instantiation through Heat templates where SSH keys, usernames, passwords, SSH service and SSH port numbers are Heat template parameters. -* R-90007 The xNF **MUST** implement the protocol operation: **close-session()**- Gracefully close the current session. -* R-70496 The xNF **MUST** implement the protocol operation: **commit(confirmed, confirm-timeout)** - Commit candidate configuration datastore to the running configuration. -* R-18733 The xNF **MUST** implement the protocol operation: **discard-changes()** - Revert the candidate configuration datastore to the running configuration. -* R-44281 The xNF **MUST** implement the protocol operation: **edit-config(target, default-operation, test-option, error-option, config)** - Edit the target configuration datastore by merging, replacing, creating, or deleting new config elements. -* R-60106 The xNF **MUST** implement the protocol operation: **get(filter)** - Retrieve (a filtered subset of) the running configuration and device state information. This should include the list of xNF supported schemas. -* R-29488 The xNF **MUST** implement the protocol operation: **get-config(source, filter)** - Retrieve a (filtered subset of a) configuration from the configuration datastore source. -* R-11235 The xNF **MUST** implement the protocol operation: **kill-session(session)** - Force the termination of **session**. -* R-02597 The xNF **MUST** implement the protocol operation: **lock(target)** - Lock the configuration datastore target. -* R-96554 The xNF **MUST** implement the protocol operation: **unlock(target)** - Unlock the configuration datastore target. -* R-29324 The xNF **SHOULD** implement the protocol operation: **copy-config(target, source) -** Copy the content of the configuration datastore source to the configuration datastore target. -* R-88031 The xNF **SHOULD** implement the protocol operation: **delete-config(target) -** Delete the named configuration datastore target. -* R-97529 The xNF **SHOULD** implement the protocol operation: **get-schema(identifier, version, format) -** Retrieve the YANG schema. -* R-62468 The xNF **MUST** allow all configuration data to be edited through a NETCONF <edit-config> operation. Proprietary NETCONF RPCs that make configuration changes are not sufficient. -* R-01382 The xNF **MUST** allow the entire configuration of the xNF to be retrieved via NETCONF's <get-config> and <edit-config>, independently of whether it was configured via NETCONF or other mechanisms. -* R-28756 The xNF **MUST** support **:partial-lock** and **:partial-unlock** capabilities, defined in RFC 5717. This allows multiple independent clients to each write to a different part of the <running> configuration at the same time. -* R-83873 The xNF **MUST** support **:rollback-on-error** value for the <error-option> parameter to the <edit-config> operation. If any error occurs during the requested edit operation, then the target database (usually the running configuration) will be left unaffected. This provides an 'all-or-nothing' edit mode for a single <edit-config> request. -* R-68990 The xNF **MUST** support the **:startup** capability. It will allow the running configuration to be copied to this special database. It can also be locked and unlocked. -* R-68200 The xNF **MUST** support the **:url** value to specify protocol operation source and target parameters. The capability URI for this feature will indicate which schemes (e.g., file, https, sftp) that the server supports within a particular URL value. The 'file' scheme allows for editable local configuration databases. The other schemes allow for remote storage of configuration databases. -* R-20353 The xNF **MUST** implement at least one of the capabilities **:candidate** or **:writable-running**. If both **:candidate** and **:writable-running** are provided then two locks should be supported. -* R-11499 The xNF **MUST** fully support the XPath 1.0 specification for filtered retrieval of configuration and other database contents. The 'type' attribute within the <filter> parameter for <get> and <get-config> operations may be set to 'xpath'. The 'select' attribute (which contains the XPath expression) will also be supported by the server. A server may support partial XPath retrieval filtering, but it cannot advertise the **:xpath** capability unless the entire XPath 1.0 specification is supported. +* R-73468 The xNF **MUST** allow the NETCONF server connection + parameters to be configurable during virtual machine instantiation + through Heat templates where SSH keys, usernames, passwords, SSH + service and SSH port numbers are Heat template parameters. +* R-90007 The xNF **MUST** implement the protocol operation: + **close-session()**- Gracefully close the current session. +* R-70496 The xNF **MUST** implement the protocol operation: + **commit(confirmed, confirm-timeout)** - Commit candidate + configuration datastore to the running configuration. +* R-18733 The xNF **MUST** implement the protocol operation: + **discard-changes()** - Revert the candidate configuration + datastore to the running configuration. +* R-44281 The xNF **MUST** implement the protocol operation: + **edit-config(target, default-operation, test-option, error-option, + config)** - Edit the target configuration datastore by merging, + replacing, creating, or deleting new config elements. +* R-60106 The xNF **MUST** implement the protocol operation: + **get(filter)** - Retrieve (a filtered subset of) the running + configuration and device state information. This should include + the list of xNF supported schemas. +* R-29488 The xNF **MUST** implement the protocol operation: + **get-config(source, filter)** - Retrieve a (filtered subset of + a) configuration from the configuration datastore source. +* R-11235 The xNF **MUST** implement the protocol operation: + **kill-session(session)** - Force the termination of **session**. +* R-02597 The xNF **MUST** implement the protocol operation: + **lock(target)** - Lock the configuration datastore target. +* R-96554 The xNF **MUST** implement the protocol operation: + **unlock(target)** - Unlock the configuration datastore target. +* R-29324 The xNF **SHOULD** implement the protocol operation: + **copy-config(target, source) -** Copy the content of the + configuration datastore source to the configuration datastore target. +* R-88031 The xNF **SHOULD** implement the protocol operation: + **delete-config(target) -** Delete the named configuration + datastore target. +* R-97529 The xNF **SHOULD** implement the protocol operation: + **get-schema(identifier, version, format) -** Retrieve the YANG schema. +* R-62468 The xNF **MUST** allow all configuration data to be + edited through a NETCONF <edit-config> operation. Proprietary + NETCONF RPCs that make configuration changes are not sufficient. +* R-01382 The xNF **MUST** allow the entire configuration of the + xNF to be retrieved via NETCONF's <get-config> and <edit-config>, + independently of whether it was configured via NETCONF or other + mechanisms. +* R-28756 The xNF **MUST** support **:partial-lock** and + **:partial-unlock** capabilities, defined in RFC 5717. This + allows multiple independent clients to each write to a different + part of the <running> configuration at the same time. +* R-83873 The xNF **MUST** support **:rollback-on-error** value for + the <error-option> parameter to the <edit-config> operation. If any + error occurs during the requested edit operation, then the target + database (usually the running configuration) will be left unaffected. + This provides an 'all-or-nothing' edit mode for a single <edit-config> + request. +* R-68990 The xNF **MUST** support the **:startup** capability. It + will allow the running configuration to be copied to this special + database. It can also be locked and unlocked. +* R-68200 The xNF **MUST** support the **:url** value to specify + protocol operation source and target parameters. The capability URI + for this feature will indicate which schemes (e.g., file, https, sftp) + that the server supports within a particular URL value. The 'file' + scheme allows for editable local configuration databases. The other + schemes allow for remote storage of configuration databases. +* R-20353 The xNF **MUST** implement at least one of the capabilities + **:candidate** or **:writable-running**. If both **:candidate** and + **:writable-running** are provided then two locks should be supported. +* R-11499 The xNF **MUST** fully support the XPath 1.0 specification + for filtered retrieval of configuration and other database contents. + The 'type' attribute within the <filter> parameter for <get> and + <get-config> operations may be set to 'xpath'. The 'select' attribute + (which contains the XPath expression) will also be supported by the + server. A server may support partial XPath retrieval filtering, but + it cannot advertise the **:xpath** capability unless the entire XPath + 1.0 specification is supported. * R-83790 The xNF **MUST** implement the **:validate** capability -* R-49145 The xNF **MUST** implement **:confirmed-commit** If **:candidate** is supported. -* R-58358 The xNF **MUST** implement the **:with-defaults** capability [RFC6243]. -* R-59610 The xNF **MUST** implement the data model discovery and download as defined in [RFC6022]. -* R-87662 The xNF **SHOULD** implement the NETCONF Event Notifications [RFC5277]. -* R-93443 The xNF **MUST** define all data models in YANG [RFC6020], and the mapping to NETCONF shall follow the rules defined in this RFC. -* R-26115 The xNF **MUST** follow the data model upgrade rules defined in [RFC6020] section 10. All deviations from section 10 rules shall be handled by a built-in automatic upgrade mechanism. -* R-10716 The xNF **MUST** support parallel and simultaneous configuration of separate objects within itself. -* R-29495 The xNF **MUST** support locking if a common object is being manipulated by two simultaneous NETCONF configuration operations on the same xNF within the context of the same writable running data store (e.g., if an interface parameter is being configured then it should be locked out for configuration by a simultaneous configuration operation on that same interface parameter). -* R-53015 The xNF **MUST** apply locking based on the sequence of NETCONF operations, with the first configuration operation locking out all others until completed. -* R-02616 The xNF **MUST** permit locking at the finest granularity if a xNF needs to lock an object for configuration to avoid blocking simultaneous configuration operations on unrelated objects (e.g., BGP configuration should not be locked out if an interface is being configured or entire Interface configuration should not be locked out if a non-overlapping parameter on the interface is being configured). -* R-41829 The xNF **MUST** be able to specify the granularity of the lock via a restricted or full XPath expression. -* R-66793 The xNF **MUST** guarantee the xNF configuration integrity for all simultaneous configuration operations (e.g., if a change is attempted to the BUM filter rate from multiple interfaces on the same EVC, then they need to be sequenced in the xNF without locking either configuration method out). -* R-54190 The xNF **MUST** release locks to prevent permanent lock-outs when/if a session applying the lock is terminated (e.g., SSH session is terminated). -* R-03465 The xNF **MUST** release locks to prevent permanent lock-outs when the corresponding <partial-unlock> operation succeeds. -* R-63935 The xNF **MUST** release locks to prevent permanent lock-outs when a user configured timer has expired forcing the NETCONF SSH Session termination (i.e., product must expose a configuration knob for a user setting of a lock expiration timer) -* R-10173 The xNF **MUST** allow another NETCONF session to be able to initiate the release of the lock by killing the session owning the lock, using the <kill-session> operation to guard against hung NETCONF sessions. -* R-88899 The xNF **MUST** support simultaneous <commit> operations within the context of this locking requirements framework. -* R-07545 The xNF **MUST** support all operations, administration and management (OAM) functions available from the supplier for xNFs using the supplied YANG code and associated NETCONF servers. +* R-49145 The xNF **MUST** implement **:confirmed-commit** If + **:candidate** is supported. +* R-58358 The xNF **MUST** implement the **:with-defaults** capability + [RFC6243]. +* R-59610 The xNF **MUST** implement the data model discovery and + download as defined in [RFC6022]. +* R-87662 The xNF **SHOULD** implement the NETCONF Event Notifications + [RFC5277]. +* R-93443 The xNF **MUST** define all data models in YANG [RFC6020], + and the mapping to NETCONF shall follow the rules defined in this RFC. +* R-26115 The xNF **MUST** follow the data model upgrade rules defined + in [RFC6020] section 10. All deviations from section 10 rules shall + be handled by a built-in automatic upgrade mechanism. +* R-10716 The xNF **MUST** support parallel and simultaneous + configuration of separate objects within itself. +* R-29495 The xNF **MUST** support locking if a common object is + being manipulated by two simultaneous NETCONF configuration operations + on the same xNF within the context of the same writable running data + store (e.g., if an interface parameter is being configured then it + should be locked out for configuration by a simultaneous configuration + operation on that same interface parameter). +* R-53015 The xNF **MUST** apply locking based on the sequence of + NETCONF operations, with the first configuration operation locking + out all others until completed. +* R-02616 The xNF **MUST** permit locking at the finest granularity + if a xNF needs to lock an object for configuration to avoid blocking + simultaneous configuration operations on unrelated objects (e.g., BGP + configuration should not be locked out if an interface is being + configured or entire Interface configuration should not be locked out + if a non-overlapping parameter on the interface is being configured). +* R-41829 The xNF **MUST** be able to specify the granularity of the + lock via a restricted or full XPath expression. +* R-66793 The xNF **MUST** guarantee the xNF configuration integrity + for all simultaneous configuration operations (e.g., if a change is + attempted to the BUM filter rate from multiple interfaces on the same + EVC, then they need to be sequenced in the xNF without locking either + configuration method out). +* R-54190 The xNF **MUST** release locks to prevent permanent lock-outs + when/if a session applying the lock is terminated (e.g., SSH session + is terminated). +* R-03465 The xNF **MUST** release locks to prevent permanent lock-outs + when the corresponding <partial-unlock> operation succeeds. +* R-63935 The xNF **MUST** release locks to prevent permanent lock-outs + when a user configured timer has expired forcing the NETCONF SSH Session + termination (i.e., product must expose a configuration knob for a user + setting of a lock expiration timer) +* R-10173 The xNF **MUST** allow another NETCONF session to be able to + initiate the release of the lock by killing the session owning the lock, + using the <kill-session> operation to guard against hung NETCONF sessions. +* R-88899 The xNF **MUST** support simultaneous <commit> operations + within the context of this locking requirements framework. +* R-07545 The xNF **MUST** support all operations, administration and + management (OAM) functions available from the supplier for xNFs using + the supplied YANG code and associated NETCONF servers. * R-60656 The xNF **MUST** support sub tree filtering. * R-80898 The xNF **MUST** support heartbeat via a <get> with null filter. -* R-06617 The xNF **MUST** support get-schema (ietf-netconf-monitoring) to pull YANG model over session. -* R-25238 The xNF PACKAGE **MUST** validated YANG code using the open source pyang [1]_ program using the following commands: +* R-06617 The xNF **MUST** support get-schema (ietf-netconf-monitoring) + to pull YANG model over session. +* R-25238 The xNF PACKAGE **MUST** validated YANG code using the open + source pyang [1]_ program using the following commands: .. code-block:: python $ pyang --verbose --strict <YANG-file-name(s)> $ echo $! -* R-63953 The xNF **MUST** have the echo command return a zero value otherwise the validation has failed -* R-26508 The xNF **MUST** support NETCONF server that can be mounted on OpenDaylight (client) and perform the following operations: +* R-63953 The xNF **MUST** have the echo command return a zero value + otherwise the validation has failed +* R-26508 The xNF **MUST** support NETCONF server that can be + mounted on OpenDaylight (client) and perform the following operations: -- Modify, update, change, rollback configurations using each configuration data element. +- Modify, update, change, rollback configurations using each + configuration data element. - Query each state (non-configuration) data element. - Execute each YANG RPC. - Receive data through each notification statement. @@ -254,43 +502,68 @@ NETCONF Server Requirements The following requirements provides the Yang models that suppliers must conform, and those where applicable, that suppliers need to use. -* R-28545 The xNF **MUST** conform its YANG model to RFC 6060, “YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)” -* R-29967 The xNF **MUST** conform its YANG model to RFC 6022, “YANG module for NETCONF monitoring”. -* R-22700 The xNF **MUST** conform its YANG model to RFC 6470, “NETCONF Base Notifications”. -* R-10353 The xNF **MUST** conform its YANG model to RFC 6244, “An Architecture for Network Management Using NETCONF and YANG”. -* R-53317 The xNF **MUST** conform its YANG model to RFC 6087, “Guidelines for Authors and Reviewers of YANG Data Model Documents”. -* R-33955 The xNF **SHOULD** conform its YANG model to RFC 6991, “Common YANG Data Types”. -* R-22946 The xNF **SHOULD** conform its YANG model to RFC 6536, “NETCONF Access Control Model”. -* R-10129 The xNF **SHOULD** conform its YANG model to RFC 7223, “A YANG Data Model for Interface Management”. -* R-12271 The xNF **SHOULD** conform its YANG model to RFC 7223, “IANA Interface Type YANG Module”. -* R-49036 The xNF **SHOULD** conform its YANG model to RFC 7277, “A YANG Data Model for IP Management”. -* R-87564 The xNF **SHOULD** conform its YANG model to RFC 7317, “A YANG Data Model for System Management”. -* R-24269 The xNF **SHOULD** conform its YANG model to RFC 7407, “A YANG Data Model for SNMP Configuration”. +* R-28545 The xNF **MUST** conform its YANG model to RFC 6060, + “YANG - A Data Modeling Language for the Network Configuration + Protocol (NETCONF)” +* R-29967 The xNF **MUST** conform its YANG model to RFC 6022, + “YANG module for NETCONF monitoring”. +* R-22700 The xNF **MUST** conform its YANG model to RFC 6470, + “NETCONF Base Notifications”. +* R-10353 The xNF **MUST** conform its YANG model to RFC 6244, + “An Architecture for Network Management Using NETCONF and YANG”. +* R-53317 The xNF **MUST** conform its YANG model to RFC 6087, + “Guidelines for Authors and Reviewers of YANG Data Model Documents”. +* R-33955 The xNF **SHOULD** conform its YANG model to RFC 6991, + “Common YANG Data Types”. +* R-22946 The xNF **SHOULD** conform its YANG model to RFC 6536, + “NETCONF Access Control Model”. +* R-10129 The xNF **SHOULD** conform its YANG model to RFC 7223, + “A YANG Data Model for Interface Management”. +* R-12271 The xNF **SHOULD** conform its YANG model to RFC 7223, + “IANA Interface Type YANG Module”. +* R-49036 The xNF **SHOULD** conform its YANG model to RFC 7277, + “A YANG Data Model for IP Management”. +* R-87564 The xNF **SHOULD** conform its YANG model to RFC 7317, + “A YANG Data Model for System Management”. +* R-24269 The xNF **SHOULD** conform its YANG model to RFC 7407, + “A YANG Data Model for SNMP Configuration”. The NETCONF server interface shall fully conform to the following NETCONF RFCs. -* R-33946 The xNF **MUST** conform to the NETCONF RFC 4741, “NETCONF Configuration Protocol”. -* R-04158 The xNF **MUST** conform to the NETCONF RFC 4742, “Using the NETCONF Configuration Protocol over Secure Shell (SSH)”. -* R-13800 The xNF **MUST** conform to the NETCONF RFC 5277, “NETCONF Event Notification”. -* R-01334 The xNF **MUST** conform to the NETCONF RFC 5717, “Partial Lock Remote Procedure Call”. -* R-08134 The xNF **MUST** conform to the NETCONF RFC 6241, “NETCONF Configuration Protocol”. -* R-78282 The xNF **MUST** conform to the NETCONF RFC 6242, “Using the Network Configuration Protocol over Secure Shell”. +* R-33946 The xNF **MUST** conform to the NETCONF RFC 4741, + “NETCONF Configuration Protocol”. +* R-04158 The xNF **MUST** conform to the NETCONF RFC 4742, + “Using the NETCONF Configuration Protocol over Secure Shell (SSH)”. +* R-13800 The xNF **MUST** conform to the NETCONF RFC 5277, + “NETCONF Event Notification”. +* R-01334 The xNF **MUST** conform to the NETCONF RFC 5717, + “Partial Lock Remote Procedure Call”. +* R-08134 The xNF **MUST** conform to the NETCONF RFC 6241, + “NETCONF Configuration Protocol”. +* R-78282 The xNF **MUST** conform to the NETCONF RFC 6242, + “Using the Network Configuration Protocol over Secure Shell”. VNF REST APIs ^^^^^^^^^^^^^^^ -Healthcheck is a command for which no NETCONF support exists. Therefore, this must be supported using a RESTful interface (defined in this section) or -with a Chef cookbook/Ansible playbook (defined in sections `Chef Standards and Capabilities`_ and `Ansible Standards and Capabilities`_). +Healthcheck is a command for which no NETCONF support exists. +Therefore, this must be supported using a RESTful interface +(defined in this section) or with a Chef cookbook/Ansible playbook +(defined in sections `Chef Standards and Capabilities`_ and +`Ansible Standards and Capabilities`_). -HealthCheck Definition: The VNF level HealthCheck is a check over the entire scope of the VNF. -The VNF must be 100% healthy, ready to take requests and provide services, with all VNF required -capabilities ready to provide services and with all active and standby resources fully ready with -no open MINOR, MAJOR or CRITICAL alarms. NOTE: A switch may need to be turned on, but the VNF -should be ready to take service requests or be already processing service requests successfully. +HealthCheck Definition: The VNF level HealthCheck is a check over +the entire scope of the VNF. The VNF must be 100% healthy, ready +to take requests and provide services, with all VNF required +capabilities ready to provide services and with all active and +standby resources fully ready with no open MINOR, MAJOR or CRITICAL +alarms. NOTE: A switch may need to be turned on, but the VNF should +be ready to take service requests or be already processing service +requests successfully. -The VNF must provide a REST formatted GET RPCs to support Healthcheck queries via the GET method -over HTTP(s). +The VNF must provide a REST formatted GET RPCs to support Healthcheck +queries via the GET method over HTTP(s). The port number, url, and other authentication information is provided by the VNF provider. @@ -298,7 +571,14 @@ by the VNF provider. REST APIs ~~~~~~~~~ -* R-31809 The xNF **MUST** support the HealthCheck RPC. The HealthCheck RPC executes a xNF Provider-defined xNF Healthcheck over the scope of the entire xNF (e.g., if there are multiple VNFCs, then run a health check, as appropriate, for all VNFCs). It returns a 200 OK if the test completes. A JSON object is returned indicating state (healthy, unhealthy), scope identifier, time-stamp and one or more blocks containing info and fault information. If the xNF is unable to run the HealthCheck, return a standard http error code and message. +* R-31809 The xNF **MUST** support the HealthCheck RPC. The HealthCheck + RPC executes a xNF Provider-defined xNF Healthcheck over the scope of + the entire xNF (e.g., if there are multiple VNFCs, then run a health check, + as appropriate, for all VNFCs). It returns a 200 OK if the test completes. + A JSON object is returned indicating state (healthy, unhealthy), scope + identifier, time-stamp and one or more blocks containing info and fault + information. If the xNF is unable to run the HealthCheck, return a + standard http error code and message. Examples: @@ -352,9 +632,15 @@ VNF Configuration via Chef Requirements Chef Client Requirements +++++++++++++++++++++++++ -* R-79224 The xNF **MUST** have the chef-client be preloaded with validator keys and configuration to register with the designated Chef Server as part of the installation process. -* R-72184 The xNF **MUST** have routable FQDNs for all the endpoints (VMs) of a xNF that contain chef-clients which are used to register with the Chef Server. As part of invoking xNF actions, ONAP will trigger push jobs against FQDNs of endpoints for a xNF, if required. -* R-47068 The xNF **MAY** expose a single endpoint that is responsible for all functionality. +* R-79224 The xNF **MUST** have the chef-client be preloaded with + validator keys and configuration to register with the designated + Chef Server as part of the installation process. +* R-72184 The xNF **MUST** have routable FQDNs for all the endpoints + (VMs) of a xNF that contain chef-clients which are used to register + with the Chef Server. As part of invoking xNF actions, ONAP will + trigger push jobs against FQDNs of endpoints for a xNF, if required. +* R-47068 The xNF **MAY** expose a single endpoint that is + responsible for all functionality. * R-67114 The xNF **MUST** be installed with: - Chef-Client >= 12.0 @@ -363,23 +649,54 @@ Chef Client Requirements Chef Roles/Requirements ++++++++++++++++++++++++++ -* R-27310 The xNF Package **MUST** include all relevant Chef artifacts (roles/cookbooks/recipes) required to execute xNF actions requested by ONAP for loading on appropriate Chef Server. -* R-26567 The xNF Package **MUST** include a run list of roles/cookbooks/recipes, for each supported xNF action, that will perform the desired xNF action in its entirety as specified by ONAP (see Section 7.c, ONAP Controller APIs and Behavior, for list of xNF actions and requirements), when triggered by a chef-client run list in JSON file. -* R-98911 The xNF **MUST NOT** use any instance specific parameters for the xNF in roles/cookbooks/recipes invoked for a xNF action. -* R-37929 The xNF **MUST** accept all necessary instance specific data from the environment or node object attributes for the xNF in roles/cookbooks/recipes invoked for a xNF action. -* R-62170 The xNF **MUST** over-ride any default values for configurable parameters that can be set by ONAP in the roles, cookbooks and recipes. -* R-78116 The xNF **MUST** update status on the Chef Server appropriately (e.g., via a fail or raise an exception) if the chef-client run encounters any critical errors/failures when executing a xNF action. -* R-44013 The xNF **MUST** populate an attribute, defined as node[‘PushJobOutput’] with the desired output on all nodes in the push job that execute chef-client run if the xNF action requires the output of a chef-client run be made available (e.g., get running configuration). -* R-30654 The xNF Package **MUST** have appropriate cookbooks that are designed to automatically ‘rollback’ to the original state in case of any errors for actions that change state of the xNF (e.g., configure). -* R-65755 The xNF **SHOULD** support callback URLs to return information to ONAP upon completion of the chef-client run for any chef-client run associated with a xNF action. - -- As part of the push job, ONAP will provide two parameters in the environment of the push job JSON object: +* R-27310 The xNF Package **MUST** include all relevant Chef artifacts + (roles/cookbooks/recipes) required to execute xNF actions requested by + ONAP for loading on appropriate Chef Server. +* R-26567 The xNF Package **MUST** include a run list of + roles/cookbooks/recipes, for each supported xNF action, that will + perform the desired xNF action in its entirety as specified by ONAP + (see Section 7.c, ONAP Controller APIs and Behavior, for list of xNF + actions and requirements), when triggered by a chef-client run list + in JSON file. +* R-98911 The xNF **MUST NOT** use any instance specific parameters + for the xNF in roles/cookbooks/recipes invoked for a xNF action. +* R-37929 The xNF **MUST** accept all necessary instance specific + data from the environment or node object attributes for the xNF + in roles/cookbooks/recipes invoked for a xNF action. +* R-62170 The xNF **MUST** over-ride any default values for + configurable parameters that can be set by ONAP in the roles, + cookbooks and recipes. +* R-78116 The xNF **MUST** update status on the Chef Server + appropriately (e.g., via a fail or raise an exception) if the + chef-client run encounters any critical errors/failures when + executing a xNF action. +* R-44013 The xNF **MUST** populate an attribute, defined as node + [‘PushJobOutput’] with the desired output on all nodes in the push job + that execute chef-client run if the xNF action requires the output of a + chef-client run be made available (e.g., get running configuration). +* R-30654 The xNF Package **MUST** have appropriate cookbooks that are + designed to automatically ‘rollback’ to the original state in case of + any errors for actions that change state of the xNF (e.g., configure). +* R-65755 The xNF **SHOULD** support callback URLs to return information + to ONAP upon completion of the chef-client run for any chef-client run + associated with a xNF action. + +- As part of the push job, ONAP will provide two parameters in the + environment of the push job JSON object: + - ‘RequestId’ a unique Id to be used to identify the request, - ‘CallbackUrl’, the URL to post response back. -- If the CallbackUrl field is empty or missing in the push job, then the chef-client run need not post the results back via callback. +- If the CallbackUrl field is empty or missing in the push job,then + the chef-client run need not post the results back via callback. -* R-15885 The xNF **MUST** Upon completion of the chef-client run, POST back on the callback URL, a JSON object as described in Table A2 if the chef-client run list includes a cookbook/recipe that is callback capable. Failure to POST on the Callback Url should not be considered a critical error. That is, if the chef-client successfully completes the xNF action, it should reflect this status on the Chef Server regardless of whether the Callback succeeded or not. +* R-15885 The xNF **MUST** Upon completion of the chef-client run, + POST back on the callback URL, a JSON object as described in Table + A2 if the chef-client run list includes a cookbook/recipe that is + callback capable. Failure to POST on the Callback Url should not be + considered a critical error. That is, if the chef-client successfully + completes the xNF action, it should reflect this status on the Chef + Server regardless of whether the Callback succeeded or not. ONAP Chef API Usage ~~~~~~~~~~~~~~~~~~~ @@ -440,10 +757,11 @@ Ansible Standards and Capabilities ONAP will support configuration of VNFs via Ansible subject to the requirements and guidelines defined in this section. -Ansible allows agentless management of VNFs/VMs/VNFCs via execution of ‘playbooks’ -over ssh. The ‘playbooks’ are a structured set of tasks which contain all the necessary -data and execution capabilities to take the necessary action on one or more target VMs -(and/or VNFCs) of the VNF. ONAP will utilize the framework of an Ansible Server that +Ansible allows agentless management of VNFs/VMs/VNFCs via execution +of ‘playbooks’ over ssh. The ‘playbooks’ are a structured set of +tasks which contain all the necessary data and execution capabilities +to take the necessary action on one or more target VMs (and/or VNFCs) +of the VNF. ONAP will utilize the framework of an Ansible Server that will host and run playbooks to manage VNFs that support Ansible. VNF Configuration via Ansible Requirements @@ -452,53 +770,133 @@ VNF Configuration via Ansible Requirements Ansible Client Requirements +++++++++++++++++++++++++++++ -* R-32217 The xNF **MUST** have routable FQDNs that are reachable via the Ansible Server for the endpoints (VMs) of a xNF on which playbooks will be executed. ONAP will initiate requests to the Ansible Server for invocation of playbooks against these end points [3]_. -* R-54373 The xNF **MUST** have Python >= 2.7 on the endpoint VM(s) of a xNF on which an Ansible playbook will be executed. -* R-35401 The xNF **MUST** support SSH and allow SSH access to the Ansible server for the endpoint VM(s) and comply with the Network Cloud Service Provider guidelines for authentication and access. -* R-82018 The VNF **SHOULD** load the SSH key onto VNF VM(s) as part of instantiation. This will allow the Ansible Server to authenticate to perform post-instantiation configuration without manual intervention and without requiring specific VNF login IDs and passwords. - - CAUTION: For VNFs configured using Ansible, to eliminate the need for manual steps, post-instantiation and pre-configuration, to upload of SSH keys, SSH keys loaded during (heat) instantiation shall be preserved and not removed by (heat) embedded scripts. - -* R-92866 The VNF **MUST** include as part of post-instantiation configuration done by Ansible Playbooks the removal/update of SSH keys loaded through instantiation to support Ansible. This may include download and install of new SSH keys. -* R-91745 The VNF **MUST** update the Ansible Server and other entities storing and using the SSH key for authentication when the SSH key used by Ansible is regenerated/updated. +* R-32217 The xNF **MUST** have routable FQDNs that are reachable via + the Ansible Server for the endpoints (VMs) of a xNF on which playbooks + will be executed. ONAP will initiate requests to the Ansible Server + for invocation of playbooks against these end points [3]_. +* R-54373 The xNF **MUST** have Python >= 2.7 on the endpoint VM(s) + of a xNF on which an Ansible playbook will be executed. +* R-35401 The xNF **MUST** support SSH and allow SSH access to the + Ansible server for the endpoint VM(s) and comply with the Network + Cloud Service Provider guidelines for authentication and access. +* R-82018 The VNF **SHOULD** load the SSH key onto VNF VM(s) as part + of instantiation. This will allow the Ansible Server to authenticate + to perform post-instantiation configuration without manual intervention + and without requiring specific VNF login IDs and passwords. + + CAUTION: For VNFs configured using Ansible, to eliminate the need + for manual steps, post-instantiation and pre-configuration, to upload + of SSH keys, SSH keys loaded during (heat) instantiation shall be + preserved and not removed by (heat) embedded scripts. + +* R-92866 The VNF **MUST** include as part of post-instantiation + configuration done by Ansible Playbooks the removal/update of SSH + keys loaded through instantiation to support Ansible. This may + include download and install of new SSH keys. +* R-91745 The VNF **MUST** update the Ansible Server and other entities + storing and using the SSH key for authentication when the SSH key used + by Ansible is regenerated/updated. Ansible Playbook Requirements +++++++++++++++++++++++++++++++ -An Ansible playbook is a collection of tasks that is executed on the Ansible server (local host) and/or the target VM (s) in order to complete the desired action. - -* R-40293 The xNF **MUST** make available playbooks that conform to the ONAP requirement. -* R-49396 The xNF **MUST** support each xNF action by invocation of **one** playbook [4]_. The playbook will be responsible for executing all necessary tasks (as well as calling other playbooks) to complete the request. -* R-33280 The xNF **MUST NOT** use any instance specific parameters in a playbook. -* R-48698 The xNF **MUST** utilize information from key value pairs that will be provided by the Ansible Server as extra-vars during invocation to execute the desired xNF action. If the playbook requires files, they must also be supplied using the methodology detailed in the Ansible Server API. - -The Ansible Server will determine if a playbook invoked to execute a xNF action finished successfully or not using the “PLAY_RECAP” summary in Ansible log. The playbook will be considered to successfully finish only if the “PLAY RECAP” section at the end of playbook execution output has no unreachable hosts and no failed tasks. Otherwise, the playbook will be considered to have failed. - -* R-43253 The xNF **MUST** use playbooks designed to allow Ansible Server to infer failure or success based on the “PLAY_RECAP” capability. -* R-50252 The xNF **MUST** write to a specific set of text files that will be retrieved and made available by the Ansible Server if, as part of a xNF action (e.g., audit), a playbook is required to return any xNF information. The text files must be written in the same directory as the one from which the playbook is being executed. A text file must be created for each host the playbook run targets/affects, with the name ‘<hostname>_results.txt’ into which any desired output from each respective VM/xNF must be written. -* R-51442 The xNF **SHOULD** use playbooks that are designed to automatically ‘rollback’ to the original state in case of any errors for actions that change state of the xNF (e.g., configure). - - NOTE: In case rollback at the playbook level is not supported or possible, the xNF provider shall provide alternative locking mechanism (e.g., for a small xNF the rollback mechanism may rely on workflow to terminate and re-instantiate VNF VMs and then re-run playbook(s)). Backing up updated files also recommended to support rollback when soft rollback is feasible. - -* R-58301 The VNF **SHOULD NOT** use playbooks that make requests to Cloud resources e.g. Openstack (nova, neutron, glance, heat, etc.); therefore, there is no use for Cloud specific variables like Openstack UUIDs in Ansible Playbooks. - - Rationale: Flows that require interactions with Cloud services e.g. Openstack shall rely on workflows run by an Orchestrator or other capability (such as a control loop or Operations GUI) outside Ansible Server which can be executed by a Controller such as APPC. There are policies, as part of Control Loop models, that send remediation action requests to APPC; these are triggered as a response to an event or correlated events published to Event Bus. - -* R-02651 The VNF **SHOULD** use the Ansible backup feature to save a copy of configuration files before implementing changes to support operations such as backing out of software upgrades, configuration changes or other work as this will help backing out of configuration changes when needed. -* R-43353 The VNF **MUST** return control from Ansible Playbooks only after tasks are fully complete, signaling that the playbook completed all tasks. When starting services, return control only after all services are up. This is critical for workflows where the next steps are dependent on prior tasks being fully completed. +An Ansible playbook is a collection of tasks that is executed on the +Ansible server (local host) and/or the target VM (s) in order to +complete the desired action. + +* R-40293 The xNF **MUST** make available playbooks that conform + to the ONAP requirement. +* R-49396 The xNF **MUST** support each xNF action by invocation of + **one** playbook [4]_. The playbook will be responsible for executing + all necessary tasks (as well as calling other playbooks) to complete + the request. +* R-33280 The xNF **MUST NOT** use any instance specific parameters + in a playbook. +* R-48698 The xNF **MUST** utilize information from key value pairs + that will be provided by the Ansible Server as extra-vars during + invocation to execute the desired xNF action. If the playbook requires + files, they must also be supplied using the methodology detailed in + the Ansible Server API. + +The Ansible Server will determine if a playbook invoked to execute a +xNF action finished successfully or not using the “PLAY_RECAP” summary +in Ansible log. The playbook will be considered to successfully finish +only if the “PLAY RECAP” section at the end of playbook execution output +has no unreachable hosts and no failed tasks. Otherwise, the playbook +will be considered to have failed. + +* R-43253 The xNF **MUST** use playbooks designed to allow Ansible + Server to infer failure or success based on the “PLAY_RECAP” capability. +* R-50252 The xNF **MUST** write to a specific set of text files that + will be retrieved and made available by the Ansible Server if, as part + of a xNF action (e.g., audit), a playbook is required to return any + xNF information. The text files must be written in the same directory as + the one from which the playbook is being executed. A text file must be + created for each host the playbook run targets/affects, with the name + ‘<hostname>_results.txt’ into which any desired output from each + respective VM/xNF must be written. +* R-51442 The xNF **SHOULD** use playbooks that are designed to + automatically ‘rollback’ to the original state in case of any errors + for actions that change state of the xNF (e.g., configure). + + NOTE: In case rollback at the playbook level is not supported or possible, + the xNF provider shall provide alternative locking mechanism (e.g., for a + small xNF the rollback mechanism may rely on workflow to terminate and + re-instantiate VNF VMs and then re-run playbook(s)). Backing up updated + files also recommended to support rollback when soft rollback is feasible. + +* R-58301 The VNF **SHOULD NOT** use playbooks that make requests to + Cloud resources e.g. Openstack (nova, neutron, glance, heat, etc.); + therefore, there is no use for Cloud specific variables like Openstack + UUIDs in Ansible Playbooks. + + Rationale: Flows that require interactions with Cloud services + e.g. Openstack shall rely on workflows run by an Orchestrator or + other capability (such as a control loop or Operations GUI) outside + Ansible Server which can be executed by a Controller such as APPC. + There are policies, as part of Control Loop models, that send remediation + action requests to APPC; these are triggered as a response to an event + or correlated events published to Event Bus. + +* R-02651 The VNF **SHOULD** use the Ansible backup feature to save a + copy of configuration files before implementing changes to support + operations such as backing out of software upgrades, configuration + changes or other work as this will help backing out of configuration + changes when needed. +* R-43353 The VNF **MUST** return control from Ansible Playbooks only + after tasks are fully complete, signaling that the playbook completed + all tasks. When starting services, return control only after all services + are up. This is critical for workflows where the next steps are dependent + on prior tasks being fully completed. Detailed examples: - StopApplication Playbook – StopApplication Playbook shall return control and a completion status only after VNF application is fully stopped, all processes/services stopped. - StartApplication Playbook – StartApplication Playbook shall return control and a completion status only after all VNF application services are fully up, all processes/services started and ready to provide services. NOTE: Start Playbook should not be declared complete/done after starting one or several processes that start the other processes. + StopApplication Playbook – StopApplication Playbook shall return control + and a completion status only after VNF application is fully stopped, all + processes/services stopped. + StartApplication Playbook – StartApplication Playbook shall return control + and a completion status only after all VNF application services are fully up, + all processes/services started and ready to provide services. NOTE: Start + Playbook should not be declared complete/done after starting one or several + processes that start the other processes. HealthCheck Playbook: - SUCCESS – HealthCheck success shall be returned (return code 0) by a Playbook or Cookbook only when VNF is 100% healthy, ready to take requests and provide services, with all VNF required capabilities ready to provide services and with all active and standby resources fully ready with no open MINOR, MAJOR or CRITICAL alarms. + SUCCESS – HealthCheck success shall be returned (return code 0) by a + Playbook or Cookbook only when VNF is 100% healthy, ready to take requests + and provide services, with all VNF required capabilities ready to provide + services and with all active and standby resources fully ready with no + open MINOR, MAJOR or CRITICAL alarms. - NOTE: In some cases, a switch may need to be turned on, but a VNF reported as healthy, should be ready to take service requests or be already processing service requests successfully. + NOTE: In some cases, a switch may need to be turned on, but a VNF + reported as healthy, should be ready to take service requests or be + already processing service requests successfully. - A successful execution of a health-check playbook shall also create one file per VNF VM, named using IP address or VM name followed by “_results.txt (<hostname>_results.txt) to indicate health-check was executed and completed successfully, example: 1xx.2yy.zzz.105_results.txt, with the following contents: + A successful execution of a health-check playbook shall also create one + file per VNF VM, named using IP address or VM name followed by + “_results.txt (<hostname>_results.txt) to indicate health-check was + executed and completed successfully, example: 1xx.2yy.zzz.105_results.txt, + with the following contents: "status”:"healthy” @@ -508,9 +906,19 @@ The Ansible Server will determine if a playbook invoked to execute a xNF action "status”:"healthy” - FAILURE – A health check playbook shall return a non-zero return code in case VNF is not 100% healthy because one or more VNF application processes are stopped or not ready to take service requests or because critical or non-critical resources are not ready or because there are open MINOR, MAJOR or CRITICAL traps/alarms or because there are issues with the VNF that need attention even if they do not impact services provided by the VNF. + FAILURE – A health check playbook shall return a non-zero return code in + case VNF is not 100% healthy because one or more VNF application processes + are stopped or not ready to take service requests or because critical or + non-critical resources are not ready or because there are open MINOR, MAJOR + or CRITICAL traps/alarms or because there are issues with the VNF that + need attention even if they do not impact services provided by the VNF. - A failed health-check playbook shall also create one file per VNF VM, named using Playbook Name plus IP address or VM name, followed by “_results.txt to indicate health-check was executed and found issues in the health of the VNF. This is to differentiate from failure to run health-check playbook or tasks to verify the health of the VNF, example: 1xx.2yy.zzz.105_results.txt, with the following contents: + A failed health-check playbook shall also create one file per VNF VM, + named using Playbook Name plus IP address or VM name, followed by + “_results.txt to indicate health-check was executed and found issues + in the health of the VNF. This is to differentiate from failure to + run health-check playbook or tasks to verify the health of the VNF, + example: 1xx.2yy.zzz.105_results.txt, with the following contents: "status”:"unhealthy” @@ -525,20 +933,37 @@ The Ansible Server will determine if a playbook invoked to execute a xNF action ONAP Controller / Ansible API Usage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -This section outlines the workflow that ONAP Controller invokes when it receives an action request against an Ansible managed VNF. - - #. When ONAP Controller receives a request for an action for an AnsibleManaged VNF, it retrieves the corresponding template (based on **action** and **VNF**) from its database and sets necessary values (such as an Id, NodeList, and EnvParameters) from either information in the request or data obtained from other sources. This is referred to as the payload that is sent as a JSON object to the Ansible server. - #. The ONAP Controller sends a request to the Ansible server to execute the action. - #. The ONAP Controller polls the Ansible Server for result (success or failure). The ONAP Controllers has a timeout value which is contained in the template. If the result is not available when the timeout is reached, the ONAP Controller stops polling and returns a timeout error to the requester. The Ansible Server continues to process the request. +This section outlines the workflow that ONAP Controller invokes when +it receives an action request against an Ansible managed VNF. + + #. When ONAP Controller receives a request for an action for an + AnsibleManaged VNF, it retrieves the corresponding template (based + on **action** and **VNF**) from its database and sets necessary + values (such as an Id, NodeList, and EnvParameters) from either + information in the request or data obtained from other sources. + This is referred to as the payload that is sent as a JSON object + to the Ansible server. + #. The ONAP Controller sends a request to the Ansible server to + execute the action. + #. The ONAP Controller polls the Ansible Server for result (success + or failure). The ONAP Controllers has a timeout value which is + contained in the template. If the result is not available when the + timeout is reached, the ONAP Controller stops polling and returns a + timeout error to the requester. The Ansible Server continues to + process the request. ONAP Controller APIs and Behavior ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -ONAP Controllers such as APPC expose a northbound API to clients which offer a set of commands. The following commands are expected to be supported -on all VNF’s if applicable, either directly (via the Netconf interface) or indirectly (via a Chef or Ansible server). There are additional commands -offered to northbound clients that are not listed here, as these commands either act internally on the Controller itself or depend upon network cloud -components for implementation (thus, these actions do not put any special requirement on the VNF provider). +ONAP Controllers such as APPC expose a northbound API to clients +which offer a set of commands. The following commands are expected +to be supported on all VNF’s if applicable, either directly (via the +Netconf interface) or indirectly (via a Chef or Ansible server). +There are additional commands offered to northbound clients that are +not listed here, as these commands either act internally on the Controller +itself or depend upon network cloud components for implementation +(thus, these actions do not put any special requirement on the VNF provider). The following table summarizes how the VNF must act in response to commands from ONAP. @@ -649,37 +1074,43 @@ Table 10. Planned ONAP Controller Functions Monitoring & Management -------------------------------------------------- -This section addresses data collection and event processing functionality that is directly -dependent on the interfaces provided by the VNFs’ APIs. These can be in the form of asynchronous -interfaces for event, fault notifications, and autonomous data streams. They can also be -synchronous interfaces for on-demand requests to retrieve various performance, usage, -and other event information. - -The target direction for VNF interfaces is to employ APIs that are implemented -utilizing standardized messaging and modeling protocols over standardized transports. -Migrating to a virtualized environment presents a tremendous opportunity to eliminate -the need for proprietary interfaces for VNF provider equipment while removing the traditional -boundaries between Network Management Systems and Element Management Systems. Additionally, -VNFs provide the ability to instrument the networking applications by creating event -records to test and monitor end-to-end data flow through the network, similar to what -physical or virtual probes provide without the need to insert probes at various points -in the network. The VNF providers must be able to provide the aforementioned set of required -data directly to the ONAP collection layer using standardized interfaces. +This section addresses data collection and event processing +functionality that is directly dependent on the interfaces +provided by the VNFs’ APIs. These can be in the form of asynchronous +interfaces for event, fault notifications, and autonomous data streams. +They can also be synchronous interfaces for on-demand requests to +retrieve various performance, usage, and other event information. + +The target direction for VNF interfaces is to employ APIs that are +implemented utilizing standardized messaging and modeling protocols +over standardized transports. Migrating to a virtualized environment +presents a tremendous opportunity to eliminate the need for proprietary +interfaces for VNF provider equipment while removing the traditional +boundaries between Network Management Systems and Element Management +Systems. Additionally, VNFs provide the ability to instrument the +networking applications by creating event records to test and monitor +end-to-end data flow through the network, similar to what physical or +virtual probes provide without the need to insert probes at various +points in the network. The VNF providers must be able to provide the +aforementioned set of required data directly to the ONAP collection +layer using standardized interfaces. Data Model for Event Records ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This section describes the data model for the collection of telemetry data from VNFs -by Service Providers (SPs) to manage VNF health and runtime lifecycle. This data -model is referred to as the VNF Event Streaming (VES) specifications. While this -document is focused on specifying some of the records from the ONAP perspective, -there may be other external bodies using the same framework to specify additional -records. For example, OPNFV has a VES project that is looking to specify records -for OpenStack’s internal telemetry to manage Application (VNFs), physical and -virtual infrastructure (compute, storage, network devices), and virtual infrastructure -managers (cloud controllers, SDN controllers). Note that any configurable parameters -for these data records (e.g., frequency, granularity, policy-based configuration) -will be managed using the “Configuration” framework described in the prior sections +This section describes the data model for the collection of telemetry +data from VNFs by Service Providers (SPs) to manage VNF health and +runtime lifecycle. This data model is referred to as the VNF Event +Streaming (VES) specifications. While this document is focused on +specifying some of the records from the ONAP perspective, there may +be other external bodies using the same framework to specify additional +records. For example, OPNFV has a VES project that is looking to specify +records for OpenStack’s internal telemetry to manage Application (VNFs), +physical and virtual infrastructure (compute, storage, network devices), +and virtual infrastructure managers (cloud controllers, SDN controllers). +Note that any configurable parameters for these data records (e.g., +frequency, granularity, policy-based configuration) will be managed +using the “Configuration” framework described in the prior sections of this document. The Data Model consists of: @@ -688,23 +1119,26 @@ The Data Model consists of: Technology Independent and Technology Specific records sections of the data model. -- Technology Independent Records: This version of the document specifies - the model for Fault, Heartbeat, State Change, Syslog, Threshold Crossing - Alerts, and VNF Scaling* (short for measurementForVfScalingFields – actual - name used in JSON specification) records. In the future, these may be - extended to support other types of technology independent records. Each - of these records allows additional fields (name/ value pairs) for extensibility. - The VNF provider can use these VNF Provider-specific additional fields to provide +- Technology Independent Records: This version of the document + specifies the model for Fault, Heartbeat, State Change, Syslog, + Threshold Crossing Alerts, and VNF Scaling* (short for + measurementForVfScalingFields – actual name used in JSON + specification) records. In the future, these may be extended to + support other types of technology independent records. Each of + these records allows additional fields (name/ value pairs) for + extensibility. The VNF provider can use these VNF Provider-specific + additional fields to provide additional information that may be + relevant to the managing systems. + +- Technology Specific Records: This version of the document specifies + the model for Mobile Flow records, Signaling and Voice Quality records. + In the future, these may be extended to support other types of records + (e.g. Network Fabric, Security records, etc.). Each of these records + allows additional fields (name/value pairs) for extensibility. The VNF + providers can use these VNF-specific additional fields to provide additional information that may be relevant to the managing systems. - -- Technology Specific Records: This version of the document specifies the model - for Mobile Flow records, Signaling and Voice Quality records. In the future, - these may be extended to support other types of records (e.g. Network Fabric, - Security records, etc.). Each of these records allows additional fields - (name/value pairs) for extensibility. The VNF providers can use these VNF-specific - additional fields to provide additional information that may be relevant to the - managing systems. A placeholder for additional technology specific areas of - interest to be defined in the future documents has been depicted. + A placeholder for additional technology specific areas of interest to + be defined in the future documents has been depicted. |image0| @@ -835,65 +1269,77 @@ Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interf Transports and Protocols Supporting Resource Interfaces ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -Delivery of data from VNFs to ONAP must use the common transport mechanisms and protocols -for all VNFs as defined in this document. Transport mechanisms and protocols have been -selected to enable both high volume and moderate volume datasets, as well as asynchronous -and synchronous communications over secure connections. The specified encoding provides -self-documenting content, so data fields can be changed as needs evolve, while minimizing -changes to data delivery. - -The term ‘Event Record’ is used throughout this document to represent various forms of -telemetry or instrumentation made available by the VNF including, faults, status events, -various other types of VNF measurements and logs. Headers received by themselves must be -used as heartbeat indicators. Common structures and delivery protocols for other types of -data will be given in future versions of this document as we get more insight into data -volumes and required processing. - -In the following sections, we provide options for encoding, serialization and data -delivery. Agreements between Service Providers and VNF providers shall determine which -encoding, serialization and delivery method to use for particular data sets. The selected -methods must be agreed to prior to the on-boarding of the VNF into ONAP design studio. +Delivery of data from VNFs to ONAP must use the common transport +mechanisms and protocols for all VNFs as defined in this document. +Transport mechanisms and protocols have been selected to enable both +high volume and moderate volume datasets, as well as asynchronous and +synchronous communications over secure connections. The specified +encoding provides self-documenting content, so data fields can be +changed as needs evolve, while minimizing changes to data delivery. + +The term ‘Event Record’ is used throughout this document to represent +various forms of telemetry or instrumentation made available by the +VNF including, faults, status events, various other types of VNF +measurements and logs. Headers received by themselves must be used +as heartbeat indicators. Common structures and delivery protocols for +other types of data will be given in future versions of this document +as we get more insight into data volumes and required processing. + +In the following sections, we provide options for encoding, serialization +and data delivery. Agreements between Service Providers and VNF providers +shall determine which encoding, serialization and delivery method to use +for particular data sets. The selected methods must be agreed to prior to +the on-boarding of the VNF into ONAP design studio. VNF Telemetry using VES/JSON Model ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The preferred model for data delivery from a VNF to ONAP DCAE is the JSON driven model as depicted in Figure 2. +The preferred model for data delivery from a VNF to ONAP DCAE is +the JSON driven model as depicted in Figure 2. |image1| Figure 2. VES/JSON Driven Model -VNF providers will provide a YAML artifact to the Service Provider that describes: +VNF providers will provide a YAML artifact to the Service Provider +that describes: -* standard VES/JSON model information elements (key/values) that the VNF provides -* any additional non-standard (custom) VES/JSON model information elements (key/values) that the VNF provides +* standard VES/JSON model information elements (key/values) that + the VNF provides +* any additional non-standard (custom) VES/JSON model information + elements (key/values) that the VNF provides -Using the semantics and syntax supported by YAML, VNF providers will indicate specific conditions that may -arise, and recommend actions that should be taken at specific thresholds, or if specific conditions -repeat within a specified time interval. +Using the semantics and syntax supported by YAML, VNF providers +will indicate specific conditions that may arise, and recommend +actions that should be taken at specific thresholds, or if specific +conditions repeat within a specified time interval. -Based on the VNF provider's recommendations, the Service Provider may create additional YAML artifacts -(using ONAP design Studio), which finalizes Service Provider engineering rules for the processing of -the VNF events. The Service Provider may alter the threshold levels recommended by the VNF providor, -and may modify and more clearly specify actions that should be taken when specified conditions arise. -The Service Provider-created version of the YAML artifact will be distributed to ONAP applications -by the Design framework. +Based on the VNF provider's recommendations, the Service Provider may +create additional YAML artifacts (using ONAP design Studio), which +finalizes Service Provider engineering rules for the processing of +the VNF events. The Service Provider may alter the threshold levels +recommended by the VNF providor, and may modify and more clearly +specify actions that should be taken when specified conditions arise. +The Service Provider-created version of the YAML artifact will be +distributed to ONAP applications by the Design framework. VNF Telemetry using YANG Model ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -In addition to the JSON driven model described above, a YANG driven model can also be -supported, as depicted in Figure 3. +In addition to the JSON driven model described above, a YANG +driven model can also be supported, as depicted in Figure 3. |image2| Figure 3. YANG Driven Model -VNF providers will provide to the Service Provider the following YANG model artifacts: +VNF providers will provide to the Service Provider the following +YANG model artifacts: * common IETF YANG modules that support the VNF * native (VNF provider-supplied) YANG modules that support the VNF -* open (OpenConfig) YANG modules and the following configuration-related information, including: +* open (OpenConfig) YANG modules and the following + configuration-related information, including: * telemetry configuration and operational state data; such as: @@ -904,52 +1350,63 @@ VNF providers will provide to the Service Provider the following YANG model arti * transport mechanisms * data encodings -* a YAML artifact that provides all necessary mapping relationships between YANG model data types to VES/JSON information elements -* YANG helper or decoder functions that automate the conversion between YANG model data types to VES/JSON information elements +* a YAML artifact that provides all necessary mapping relationships + between YANG model data types to VES/JSON information elements +* YANG helper or decoder functions that automate the conversion between + YANG model data types to VES/JSON information elements * OPTIONAL: YANG Telemetry modules in JSON format per RFC 7951 -Using the semantics and syntax supported by YANG, VNF providers will indicate specific conditions that may -arise, and recommend actions that should be taken at specific thresholds, or if specific conditions -repeat within a specified time interval. - -Based on the VNF provider's recommendations, the Service Provider may create additional YAML artifacts -(using ONAP design Studio), which finalizes Service Provider engineering rules for the processing -of the VNF events. The Service Provider may alter the threshold levels recommended by the -VNF provider, and may modify and more clearly specify actions that should be taken when specified -conditions arise. The Service Provided-created version of the YAML will be distributed to ONAP +Using the semantics and syntax supported by YANG, VNF providers +will indicate specific conditions that may arise, and recommend +actions that should be taken at specific thresholds, or if specific +conditions repeat within a specified time interval. + +Based on the VNF provider's recommendations, the Service Provider may +create additional YAML artifacts (using ONAP design Studio), which +finalizes Service Provider engineering rules for the processing of the +VNF events. The Service Provider may alter the threshold levels recommended +by the VNF provider, and may modify and more clearly specify actions that +should be taken when specified conditions arise. The Service +Provided-created version of the YAML will be distributed to ONAP applications by the Design framework. -Note: While supporting the YANG model described above, we are still leveraging the VES JSON -based model in DCAE. The purpose of the diagram above is to illustrate the concept only and -not to imply a specific implementation. +Note: While supporting the YANG model described above, we are still +leveraging the VES JSON based model in DCAE. The purpose of the +diagram above is to illustrate the concept only and not to imply a +specific implementation. VNF Telemetry using Google Protocol Buffers ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -In addition to the data delivery models described above, support for delivery of VNF telemetry -using Google Protocol Buffers (GPB) can also be supported, as depicted in Figure 4. +In addition to the data delivery models described above, support for +delivery of VNF telemetry using Google Protocol Buffers (GPB) can +also be supported, as depicted in Figure 4. -VNF providers will provide to the Service Provider the additional following artifacts to -support the delivery of VNF telemetry to DCAE via the open-source gRPC mechanism using -Google's Protocol Buffers: +VNF providers will provide to the Service Provider the additional +following artifacts to support the delivery of VNF telemetry to DCAE +via the open-source gRPC mechanism using Google's Protocol Buffers: -* the YANG model artifacts described in support of the "VNF Telemetry using YANG Model" +* the YANG model artifacts described in support of the + "VNF Telemetry using YANG Model" * valid definition file(s) for all GPB / KV-GPB encoded messages * valid definition file(s) for all gRPC services -* gRPC method parameters and return types specified as Protocol Buffers messages +* gRPC method parameters and return types specified as Protocol + Buffers messages |image3| Figure 4. Protocol Buffers Driven Model -Note: if Google Protocol Buffers are employed for delivery of VNF telemetry, Key-Value -Google Protocol Buffers (KV-GPB) is the preferred serialization method. Details of -specifications and versioning corresponding to a release can be found -at: `VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__. +Note: if Google Protocol Buffers are employed for delivery of VNF +telemetry, Key-Value Google Protocol Buffers (KV-GPB) is the +preferred serialization method. Details of specifications and +versioning corresponding to a release can be found at: +`VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__. -Note: While supporting the VNF telemetry delivery approach described above, we are -still leveraging the VES JSON based model in DCAE. The purpose of the diagram above -is to illustrate the concept only and not to imply a specific implementation. +Note: While supporting the VNF telemetry delivery approach described above, +we are still leveraging the VES JSON based model in DCAE. The purpose of +the diagram above is to illustrate the concept only and not to imply a +specific implementation. Monitoring & Management Requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -957,7 +1414,9 @@ Monitoring & Management Requirements VNF telemetry via standardized interface ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -* R-51910 The xNF **MUST** provide all telemetry (e.g., fault event records, syslog records, performance records etc.) to ONAP using the model, format and mechanisms described in this section. +* R-51910 The xNF **MUST** provide all telemetry (e.g., fault event + records, syslog records, performance records etc.) to ONAP using the + model, format and mechanisms described in this section. Encoding and Serialization ~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -970,79 +1429,180 @@ JSON * R-19624 The xNF **MUST** encode and serialize content delivered to ONAP using JSON (RFC 7159) plain text format. High-volume data is to be encoded and serialized using `Avro <http://avro.apache.org/>`_, where the Avro [5]_ data format are described using JSON. - - JSON plain text format is preferred for moderate volume data sets (option 1), as JSON has the advantage of having well-understood simple processing and being human-readable without additional decoding. Examples of moderate volume data sets include the fault alarms and performance alerts, heartbeat messages, measurements used for xNF scaling and syslogs. - - Binary format using Avro is preferred for high volume data sets (option 2) such as mobility flow measurements and other high-volume streaming events (such as mobility signaling events or SIP signaling) or bulk data, as this will significantly reduce the volume of data to be transmitted. As of the date of this document, all events are reported using plain text JSON and REST. - - Avro content is self-documented, using a JSON schema. The JSON schema is delivered along with the data content (http://avro.apache.org/docs/current/ ). This means the presence and position of data fields can be recognized automatically, as well as the data format, definition and other attributes. Avro content can be serialized as JSON tagged text or as binary. In binary format, the JSON schema is included as a separate data block, so the content is not tagged, further compressing the volume. For streaming data, Avro will read the schema when the stream is established and apply the schema to the received content. - -In addition to the preferred method (JSON), content can be delivered from xNFs to ONAP can be encoded and serialized using Google Protocol Buffers (GPB). + - JSON plain text format is preferred for moderate volume data sets + (option 1), as JSON has the advantage of having well-understood simple + processing and being human-readable without additional decoding. Examples + of moderate volume data sets include the fault alarms and performance + alerts, heartbeat messages, measurements used for xNF scaling and syslogs. + - Binary format using Avro is preferred for high volume data sets + (option 2) such as mobility flow measurements and other high-volume + streaming events (such as mobility signaling events or SIP signaling) + or bulk data, as this will significantly reduce the volume of data + to be transmitted. As of the date of this document, all events are + reported using plain text JSON and REST. + - Avro content is self-documented, using a JSON schema. The JSON schema is + delivered along with the data content + (http://avro.apache.org/docs/current/ ). This means the presence and + position of data fields can be recognized automatically, as well as the + data format, definition and other attributes. Avro content can be + serialized as JSON tagged text or as binary. In binary format, the + JSON schema is included as a separate data block, so the content is + not tagged, further compressing the volume. For streaming data, Avro + will read the schema when the stream is established and apply the + schema to the received content. + +In addition to the preferred method (JSON), content can be delivered +from xNFs to ONAP can be encoded and serialized using Google Protocol +Buffers (GPB). KV-GPB/GPB ~~~~~~~~~~~~~~~~~~ -Telemetry data delivered using Google Protocol Buffers v3 (proto3) can be serialized in one of the following methods: +Telemetry data delivered using Google Protocol Buffers v3 (proto3) +can be serialized in one of the following methods: -* Key-value Google Protocol Buffers (KV-GPB) is also known as self-describing GPB: +* Key-value Google Protocol Buffers (KV-GPB) is also known as + self-describing GPB: - * keys are strings that correspond to the path of the system resources for the VNF being monitored. - * values correspond to integers or strings that identify the operational state of the VNF resource, such a statistics counters and the state of a VNF resource. + * keys are strings that correspond to the path of the system + resources for the VNF being monitored. + * values correspond to integers or strings that identify the + operational state of the VNF resource, such a statistics counters + and the state of a VNF resource. -* VNF providers must supply valid KV-GPB definition file(s) to allow for the decoding of all KV-GPB encoded telemetry messages. +* VNF providers must supply valid KV-GPB definition file(s) to allow + for the decoding of all KV-GPB encoded telemetry messages. * Native Google Protocol Buffers (GPB) is also known as compact GPB: - * keys are represented as integers pointing to the system resources for the VNF being monitored. - * values correspond to integers or strings that identify the operational state of the VNF resource, such a statistics counters and the state of a VNF resource. + * keys are represented as integers pointing to the system resources for + the VNF being monitored. + * values correspond to integers or strings that identify the operational + state of the VNF resource, such a statistics counters and the state + of a VNF resource. -* Google Protocol Buffers (GPB) requires metadata in the form of .proto files. VNF providers must supply the necessary GPB .proto files such that GPB telemetry messages can be encoded and decoded. +* Google Protocol Buffers (GPB) requires metadata in the form of .proto + files. VNF providers must supply the necessary GPB .proto files such that + GPB telemetry messages can be encoded and decoded. -* In the future, we may consider support for other types of encoding & serialization methods based on industry demand +* In the future, we may consider support for other types of + encoding & serialization methods based on industry demand. Reporting Frequency ~~~~~~~~~~~~~~~~~~~~~ -* R-98191 The xNF **MUST** vary the frequency that asynchronous data is delivered based on the content and how data may be aggregated or grouped together. For example, alarms and alerts are expected to be delivered as soon as they appear. In contrast, other content, such as performance measurements, KPIs or reported network signaling may have various ways of packaging and delivering content. Some content should be streamed immediately; or content may be monitored over a time interval, then packaged as collection of records and delivered as block; or data may be collected until a package of a certain size has been collected; or content may be summarized statistically over a time interval, or computed as a KPI, with the summary or KPI being delivered. - - - We expect the reporting frequency to be configurable depending on the virtual network function’s needs for management. For example, Service Provider may choose to vary the frequency of collection between normal and trouble-shooting scenarios. - - Decisions about the frequency of data reporting will affect the size of delivered data sets, recommended delivery method, and how the data will be interpreted by ONAP. These considerations should not affect deserialization and decoding of the data, which will be guided by the accompanying JSON schema or GPB definition files. +* R-98191 The xNF **MUST** vary the frequency that asynchronous data + is delivered based on the content and how data may be aggregated or + grouped together. For example, alarms and alerts are expected to be + delivered as soon as they appear. In contrast, other content, such as + performance measurements, KPIs or reported network signaling may have + various ways of packaging and delivering content. Some content should + be streamed immediately; or content may be monitored over a time interval, + then packaged as collection of records and delivered as block; or data + may be collected until a package of a certain size has been collected; + or content may be summarized statistically over a time interval, or + computed as a KPI, with the summary or KPI being delivered. + + - We expect the reporting frequency to be configurable depending + on the virtual network function’s needs for management. For example, + Service Provider may choose to vary the frequency of collection between + normal and trouble-shooting scenarios. + - Decisions about the frequency of data reporting will affect the + size of delivered data sets, recommended delivery method, and how the + data will be interpreted by ONAP. These considerations should not + affect deserialization and decoding of the data, which will be guided + by the accompanying JSON schema or GPB definition files. Addressing and Delivery Protocol ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -ONAP destinations can be addressed by URLs for RESTful data PUT. Future data sets may also be addressed by host name and port number for TCP streaming, or by host name and landing zone directory for SFTP transfer of bulk files. - -* R-88482 The xNF **SHOULD** use REST using HTTPS delivery of plain text JSON for moderate sized asynchronous data sets, and for high volume data sets when feasible. -* R-84879 The xNF **MUST** have the capability of maintaining a primary and backup DNS name (URL) for connecting to ONAP collectors, with the ability to switch between addresses based on conditions defined by policy such as time-outs, and buffering to store messages until they can be delivered. At its discretion, the service provider may choose to populate only one collector address for a xNF. In this case, the network will promptly resolve connectivity problems caused by a collector or network failure transparently to the xNF. -* R-81777 The VNF **MUST** be configured with initial address(es) to use at deployment time. Subsequently, address(es) may be changed through ONAP-defined policies delivered from ONAP to the VNF using PUTs to a RESTful API, in the same manner that other controls over data reporting will be controlled by policy. +ONAP destinations can be addressed by URLs for RESTful data PUT. Future +data sets may also be addressed by host name and port number for TCP +streaming, or by host name and landing zone directory for SFTP transfer +of bulk files. + +* R-88482 The xNF **SHOULD** use REST using HTTPS delivery of plain + text JSON for moderate sized asynchronous data sets, and for high + volume data sets when feasible. +* R-84879 The xNF **MUST** have the capability of maintaining a primary + and backup DNS name (URL) for connecting to ONAP collectors, with the + ability to switch between addresses based on conditions defined by policy + such as time-outs, and buffering to store messages until they can be + delivered. At its discretion, the service provider may choose to populate + only one collector address for a xNF. In this case, the network will + promptly resolve connectivity problems caused by a collector or network + failure transparently to the xNF. +* R-81777 The VNF **MUST** be configured with initial address(es) to use + at deployment time. Subsequently, address(es) may be changed through + ONAP-defined policies delivered from ONAP to the VNF using PUTs to a + RESTful API, in the same manner that other controls over data reporting + will be controlled by policy. * R-08312 The xNF **MAY** use other options which are expected to include - REST delivery of binary encoded data sets. - - TCP for high volume streaming asynchronous data sets and for other high volume data sets. TCP delivery can be used for either JSON or binary encoded data sets. - - SFTP for asynchronous bulk files, such as bulk files that contain large volumes of data collected over a long time interval or data collected across many xNFs. This is not preferred. Preferred is to reorganize the data into more frequent or more focused data sets, and deliver these by REST or TCP as appropriate. + - TCP for high volume streaming asynchronous data sets and for other + high volume data sets. TCP delivery can be used for either + JSON or binary encoded data sets. + - SFTP for asynchronous bulk files, such as bulk files that contain + large volumes of data collected over a long time interval or data + collected across many xNFs. This is not preferred. Preferred is to + reorganize the data into more frequent or more focused data sets, and + deliver these by REST or TCP as appropriate. - REST for synchronous data, using RESTCONF (e.g., for xNF state polling). -* R-03070 The xNF **MUST**, by ONAP Policy, provide the ONAP addresses as data destinations for each xNF, and may be changed by Policy while the xNF is in operation. We expect the xNF to be capable of redirecting traffic to changed destinations with no loss of data, for example from one REST URL to another, or from one TCP host and port to another. +* R-03070 The xNF **MUST**, by ONAP Policy, provide the ONAP addresses + as data destinations for each xNF, and may be changed by Policy while + the xNF is in operation. We expect the xNF to be capable of redirecting + traffic to changed destinations with no loss of data, for example from + one REST URL to another, or from one TCP host and port to another. Asynchronous and Synchronous Data Delivery ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -* R-06924 The xNF **MUST** deliver asynchronous data as data becomes available, or according to the configured frequency. -* R-73285 The xNF **MUST** must encode, address and deliver the data as described in the previous paragraphs. -* R-42140 The xNF **MUST** respond to data requests from ONAP as soon as those requests are received, as a synchronous response. -* R-34660 The xNF **MUST** use the RESTCONF/NETCONF framework used by the ONAP configuration subsystem for synchronous communication. -* R-86585 The VNF **MUST** use the YANG configuration models and RESTCONF [RFC8040] (https://tools.ietf.org/html/rfc8040). -* R-11240 The xNF **MUST** respond with content encoded in JSON, as described in the RESTCONF specification. This way the encoding of a synchronous communication will be consistent with Avro. -* R-70266 The xNF **MUST** respond to an ONAP request to deliver the current data for any of the record types defined in `Event Records - Data Structure Description`_ by returning the requested record, populated with the current field values. (Currently the defined record types include fault fields, mobile flow fields, measurements for xNF scaling fields, and syslog fields. Other record types will be added in the future as they become standardized and are made available.) -* R-46290 The xNF **MUST** respond to an ONAP request to deliver granular data on device or subsystem status or performance, referencing the YANG configuration model for the xNF by returning the requested data elements. -* R-43327 The xNF **SHOULD** use `Modeling JSON text with YANG <https://tools.ietf.org/html/rfc7951>`_, If YANG models need to be translated to and from JSON{RFC7951]. YANG configuration and content can be represented via JSON, consistent with Avro, as described in “Encoding and Serialization” section. +* R-06924 The xNF **MUST** deliver asynchronous data as data becomes + available, or according to the configured frequency. +* R-73285 The xNF **MUST** must encode, address and deliver the data + as described in the previous paragraphs. +* R-42140 The xNF **MUST** respond to data requests from ONAP as soon + as those requests are received, as a synchronous response. +* R-34660 The xNF **MUST** use the RESTCONF/NETCONF framework used by + the ONAP configuration subsystem for synchronous communication. +* R-86585 The VNF **MUST** use the YANG configuration models and RESTCONF + [RFC8040] (https://tools.ietf.org/html/rfc8040). +* R-11240 The xNF **MUST** respond with content encoded in JSON, as + described in the RESTCONF specification. This way the encoding of a + synchronous communication will be consistent with Avro. +* R-70266 The xNF **MUST** respond to an ONAP request to deliver the + current data for any of the record types defined in + `Event Records - Data Structure Description`_ by returning the requested + record, populated with the current field values. (Currently the defined + record types include fault fields, mobile flow fields, measurements for + xNF scaling fields, and syslog fields. Other record types will be added + in the future as they become standardized and are made available.) +* R-46290 The xNF **MUST** respond to an ONAP request to deliver granular + data on device or subsystem status or performance, referencing the YANG + configuration model for the xNF by returning the requested data elements. +* R-43327 The xNF **SHOULD** use `Modeling JSON text with YANG + <https://tools.ietf.org/html/rfc7951>`_, If YANG models need to be + translated to and from JSON{RFC7951]. YANG configuration and content can + be represented via JSON, consistent with Avro, as described in “Encoding + and Serialization” section. Security ~~~~~~~~~~ -* R-42366 The xNF **MUST** support secure connections and transports such as Transport Layer Security (TLS) protocol [`RFC5246 <https://tools.ietf.org/html/rfc5246>`_] and should adhere to the best current practices outlined in `RFC7525 <https://tools.ietf.org/html/rfc7525>`_. -* R-44290 The xNF **MUST** control access to ONAP and to xNFs, and creation of connections, through secure credentials, log-on and exchange mechanisms. +* R-42366 The xNF **MUST** support secure connections and transports such as + Transport Layer Security (TLS) protocol + [`RFC5246 <https://tools.ietf.org/html/rfc5246>`_] and should adhere to + the best current practices outlined in + `RFC7525 <https://tools.ietf.org/html/rfc7525>`_. +* R-44290 The xNF **MUST** control access to ONAP and to xNFs, and creation + of connections, through secure credentials, log-on and exchange mechanisms. * R-47597 The xNF **MUST** carry data in motion only over secure connections. -* R-68165 The xNF **MUST** encrypt any content containing Sensitive Personal Information (SPI) or certain proprietary data, in addition to applying the regular procedures for securing access and delivery. +* R-68165 The xNF **MUST** encrypt any content containing Sensitive Personal + Information (SPI) or certain proprietary data, in addition to applying the + regular procedures for securing access and delivery. .. [1] diff --git a/docs/Chapter8.rst b/docs/Chapter8.rst index b965327..e732e90 100644 --- a/docs/Chapter8.rst +++ b/docs/Chapter8.rst @@ -519,1039 +519,1490 @@ Table C8. Required Fields for Amount | Type of User | Describes the types of users of the functionality offered by the software (e.g., authorized, named). This field is included when Limit Type is user. | String | Optional | +------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------+-------------+ -TOSCA model ------------------------------ - -Table D1. ONAP Resource DM TOSCA/YAML constructs -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| Requirement Number | Resource IM Info Elements | TISCA Constructs as per SOL001 | -+====================+==================================================================================================================================================+===============================================================================================================+ -| R-02454 | VNFD.vnfSoftwareVersion - SwImageDesc.Version | For VDU.Compute - tosca.artifacts.nfv.SwImage - For Virtual Storage - tosca.artifacts.Deployment.Image | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-03070 | vnfExtCpd's with virtualNetworkInterfaceRequirements (vNIC) | tosca.nodes.nfv.VnfExtCp with a property - tosca.datatypes.nfv.VirtualNetworkInterfaceRequirements | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-09467 | VDU.Compute descriptor | tosca.nodes.nfv.Vdu.Compute | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-16065 | VDU.Compute. Configurable Properties | tosca.datatypes.nfv.VnfcConfigurableProperties | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-30654 | VNFD.lifeCycleManagementScript - IFA011 LifeCycleManagementScript | Interface construct tosca.interfaces.nfv.vnf.lifecycle.Nfv with a list of standard LCM operations | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-35851 | CPD: VduCp, VnfExtCp, VnfVirtualLinkDesc, QoS Monitoring info element - TBD | tosca.nodes.nfv.VduCp, tosca.nodes.nfv.VnfVirtualLink, tosca.nodes.nfv.VnfExtCp | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-41215 | VNFD/VDU Profile and scaling aspect | tosca.datatypes.nfv.VduProfile and tosca.datatypes.nfv.ScalingAspect | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-66070 | VNFD meta data | tosca.datatypes.nfv.VnfInfoModifiableAttributes - metadata? | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-96634 | VNFD.configurableProperties describing scaling characteristics. VNFD.autoscale defines the rules for scaling based on specific VNF indications | tosca.datatypes.nfv.VnfConfigurableProperties, tosca.datatypes.nfv.ScaleInfo | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| ? | VDU Virtual Storage | tosca.nodes.nfv.Vdu.VirtualStorage | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ -| R-01478 -R-01556 | Monitoring Info Element (TBD) - SOL001 per VNF/VDU/VLink - memory-consumption, CPU-utilization, bandwidth-consumption, VNFC downtime, etc. | tosca.capabilities.nfv.Metric - type for monitoring - monitoring_parameter of above type per VNF/VDU/VLink | -+--------------------+--------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------+ - -Standard TOSCA/YAML definitions agreed by VNF SDK Modeling team to be used by VNF vendors to create a standard VNF descriptor. - -All definitions are summarized in the table below based on the agreed ONAP Resource DM TOSCA/YAML constructs for Beijing. Their syntax is specified in ETSI GS NFV-SOL001 stable draft for VNF-D. - -Table D2. TOSCA CSAR structure -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ -| Requirement Number | Description | CSAR artifact directory | -+====================+====================================================================================================================================+==========================================================================================+ -| R-26881 | The VNF provider MUST provide the binaries and images needed to instantiate the VNF (VNF and VNFC images). | ROOT\Artifacts\ VNF_Image.bin | -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ -| R-30654 | VNFD.lifeCycleManagementScript that includes a list of events and corresponding management scripts performed for the VNF - SOL001 | ROOT\Artifacts\Informational\ Install.csh | -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ -| R-35851 | All VNF topology related definitions in yaml files - VNFD/Main Service template at the ROOT | ROOT\Definitions\ VNFC.yaml - ROOT\ MainServiceTemplate.yaml | -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ -| R-40827 | CSAR License directory - SOL004 | ROOT\Licenses\ License_term.txt | -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ -| R-77707 | CSAR Manifest file - SOL004 | ROOT\ MainServiceTemplate.mf | -+--------------------+------------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------+ - -Define the CSAR structure, options and security features to be part of ONAP Release 2. - -The below table describes the numbered requirements for CSAR structure as agreed with SDC team. The format of the CSAR is specified in SOL004. - Requirement List -------------------------------- -R-11200: The VNF **MUST** keep the scope of a Cinder volume module, when it exists, to be 1:1 with the VNF Base Module or Incremental Module. +R-11200: The VNF **MUST** keep the scope of a Cinder volume module, +when it exists, to be 1:1 with the VNF Base Module or Incremental Module. -R-01334: The VNF **MUST** conform to the NETCONF RFC 5717, “Partial Lock Remote Procedure Call”. +R-01334: The VNF **MUST** conform to the NETCONF RFC 5717, +“Partial Lock Remote Procedure Call”. -R-51910: The VNF **MUST** provide all telemetry (e.g., fault event records, syslog records, performance records etc.) to ONAP using the model, format and mechanisms described in this section. +R-51910: The VNF **MUST** provide all telemetry (e.g., fault event +records, syslog records, performance records etc.) to ONAP using the +model, format and mechanisms described in this section. -R-29324: The VNF **SHOULD** implement the protocol operation: **copy-config(target, source) -** Copy the content of the configuration datastore source to the configuration datastore target. +R-29324: The VNF **SHOULD** implement the protocol operation: +**copy-config(target, source) -** Copy the content of the configuration +datastore source to the configuration datastore target. -R-72184: The VNF **MUST** have routable FQDNs for all the endpoints (VMs) of a VNF that contain chef-clients which are used to register with the Chef Server. As part of invoking VNF actions, ONAP will trigger push jobs against FQDNs of endpoints for a VNF, if required. +R-72184: The VNF **MUST** have routable FQDNs for all the endpoints +(VMs) of a VNF that contain chef-clients which are used to register +with the Chef Server. As part of invoking VNF actions, ONAP will +trigger push jobs against FQDNs of endpoints for a VNF, if required. -R-23740: The VNF **MUST** accommodate the security principle of “least privilege” during development, implementation and operation. The importance of “least privilege” cannot be overstated and must be observed in all aspects of VNF development and not limited to security. This is applicable to all sections of this document. +R-23740: The VNF **MUST** accommodate the security principle of +“least privilege” during development, implementation and operation. +The importance of “least privilege” cannot be overstated and must be +observed in all aspects of VNF development and not limited to security. +This is applicable to all sections of this document. -R-12709: The VNFC **SHOULD** be independently deployed, configured, upgraded, scaled, monitored, and administered by ONAP. +R-12709: The VNFC **SHOULD** be independently deployed, configured, +upgraded, scaled, monitored, and administered by ONAP. -R-88031: The VNF **SHOULD** implement the protocol operation: **delete-config(target) -** Delete the named configuration datastore target. +R-88031: The VNF **SHOULD** implement the protocol operation: +**delete-config(target) -** Delete the named configuration datastore target. -R-42207: The VNF **MUST** design resiliency into a VNF such that the resiliency deployment model (e.g., active-active) can be chosen at run-time. +R-42207: The VNF **MUST** design resiliency into a VNF such that the +resiliency deployment model (e.g., active-active) can be chosen at run-time. -R-98617: The VNF provider **MUST** provide information regarding any dependency (e.g., affinity, anti-affinity) with other VNFs and resources. +R-98617: The VNF provider **MUST** provide information regarding any +dependency (e.g., affinity, anti-affinity) with other VNFs and resources. -R-62498: The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt OA&M access (e.g., SSH, SFTP). +R-62498: The VNF **MUST**, if not using the NCSP’s IDAM API, encrypt +OA&M access (e.g., SSH, SFTP). R-42366: The VNF **MUST** support secure connections and transports. -R-33955: The VNF **SHOULD** conform its YANG model to RFC 6991, “Common YANG Data Types”. +R-33955: The VNF **SHOULD** conform its YANG model to RFC 6991, +“Common YANG Data Types”. -R-33488: The VNF **MUST** protect against all denial of service attacks, both volumetric and non-volumetric, or integrate with external denial of service protection tools. +R-33488: The VNF **MUST** protect against all denial of service attacks, +both volumetric and non-volumetric, or integrate with external denial +of service protection tools. -R-57617: The VNF **MUST** include the field “success/failure” in the Security alarms (where applicable and technically feasible). +R-57617: The VNF **MUST** include the field “success/failure” in the +Security alarms (where applicable and technically feasible). -R-57271: The VNF **MUST** provide the capability of generating security audit logs by interacting with the operating system (OS) as appropriate. +R-57271: The VNF **MUST** provide the capability of generating security +audit logs by interacting with the operating system (OS) as appropriate. -R-44569: The VNF provider **MUST NOT** require additional infrastructure such as a VNF provider license server for VNF providor functions and metrics.. +R-44569: The VNF provider **MUST NOT** require additional infrastructure +such as a VNF provider license server for VNF providor functions and metrics. -R-67918: The VNF **MUST** handle replication race conditions both locally and geo-located in the event of a data base instance failure to maintain service continuity. +R-67918: The VNF **MUST** handle replication race conditions both locally +and geo-located in the event of a data base instance failure to maintain +service continuity. -R-35532: The VNF **SHOULD** release and clear all shared assets (memory, database operations, connections, locks, etc.) as soon as possible, especially before long running sync and asynchronous operations, so as to not prevent use of these assets by other entities. +R-35532: The VNF **SHOULD** release and clear all shared assets (memory, +database operations, connections, locks, etc.) as soon as possible, +especially before long running sync and asynchronous operations, so as +to not prevent use of these assets by other entities. -R-37692: The VNFC **MUST** provide API versioning to allow for independent upgrades of VNFC. +R-37692: The VNFC **MUST** provide API versioning to allow for +independent upgrades of VNFC. -R-50252: The VNF **MUST** write to a specific set of text files that will be retrieved and made available by the Ansible Server If, as part of a VNF action (e.g., audit), a playbook is required to return any VNF information. +R-50252: The VNF **MUST** write to a specific set of text files that +will be retrieved and made available by the Ansible Server If, as part +of a VNF action (e.g., audit), a playbook is required to return any VNF +information. -R-58977: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Eavesdropping. +R-58977: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Eavesdropping. -R-59391: The VNF provider **MUST**, where a VNF provider requires the assumption of permissions, such as root or administrator, first log in under their individual user login ID then switch to the other higher level account; or where the individual user login is infeasible, must login with an account with admin privileges in a way that uniquely identifies the individual performing the function. +R-59391: The VNF provider **MUST**, where a VNF provider requires the +assumption of permissions, such as root or administrator, first log in +under their individual user login ID then switch to the other higher +level account; or where the individual user login is infeasible, must +login with an account with admin privileges in a way that uniquely +identifies the individual performing the function. -R-93443: The VNF **MUST** define all data models in YANG [RFC6020], and the mapping to NETCONF shall follow the rules defined in this RFC. +R-93443: The VNF **MUST** define all data models in YANG [RFC6020], +and the mapping to NETCONF shall follow the rules defined in this RFC. -R-72243: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Phishing / SMishing. +R-72243: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Phishing / SMishing. -R-33280: The VNF **MUST NOT** use any instance specific parameters in a playbook. +R-33280: The VNF **MUST NOT** use any instance specific parameters in +a playbook. -R-73468: The VNF **MUST** allow the NETCONF server connection parameters to be configurable during virtual machine instantiation through Heat templates where SSH keys, usernames, passwords, SSH service and SSH port numbers are Heat template parameters. +R-73468: The VNF **MUST** allow the NETCONF server connection parameters +to be configurable during virtual machine instantiation through Heat +templates where SSH keys, usernames, passwords, SSH service and SSH port +numbers are Heat template parameters. -R-46908: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "password complexity" policy. When passwords are used, they shall be complex and shall at least meet the following password construction requirements: (1) be a minimum configurable number of characters in length, (2) include 3 of the 4 following types of characters: upper-case alphabetic, lower-case alphabetic, numeric, and special, (3) not be the same as the UserID with which they are associated or other common strings as specified by the environment, (4) not contain repeating or sequential characters or numbers, (5) not to use special characters that may have command functions, and (6) new passwords must not contain sequences of three or more characters from the previous password. +R-46908: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with +"password complexity" policy. When passwords are used, they shall be complex +and shall at least meet the following password construction requirements: +(1) be a minimum configurable number of characters in length, (2) include +3 of the 4 following types of characters: upper-case alphabetic, lower-case +alphabetic, numeric, and special, (3) not be the same as the UserID with +which they are associated or other common strings as specified by the +environment, (4) not contain repeating or sequential characters or numbers, +(5) not to use special characters that may have command functions, and (6) +new passwords must not contain sequences of three or more characters from +the previous password. R-86261: The VNF **MUST NOT** allow VNF provider access to VNFs remotely. -R-75343: The VNF **MUST** provide the capability of testing the validity of a digital certificate by recognizing the identity represented by the certificate — the "distinguished name". +R-75343: The VNF **MUST** provide the capability of testing the validity +of a digital certificate by recognizing the identity represented by the +certificate — the "distinguished name". -R-40813: The VNF **SHOULD** support the use of virtual trusted platform module, hypervisor security testing and standards scanning tools. +R-40813: The VNF **SHOULD** support the use of virtual trusted platform +module, hypervisor security testing and standards scanning tools. -R-02454: The VNF **MUST** support the existence of multiple major/minor versions of the VNF software and/or sub-components and interfaces that support both forward and backward compatibility to be transparent to the Service Provider usage. +R-02454: The VNF **MUST** support the existence of multiple major/minor +versions of the VNF software and/or sub-components and interfaces that +support both forward and backward compatibility to be transparent to the +Service Provider usage. -R-20353: The VNF **MUST** implement at least one of the capabilities **:candidate** or **:writable-running**. If both **:candidate** and **:writable-running** are provided then two locks should be supported. +R-20353: The VNF **MUST** implement at least one of the capabilities +**:candidate** or **:writable-running**. If both **:candidate** and +**:writable-running** are provided then two locks should be supported. -R-01556: The VNF Package **MUST** include documentation describing the fault, performance, capacity events/alarms and other event records that are made available by the VNF. The document must include: +R-01556: The VNF Package **MUST** include documentation describing +the fault, performance, capacity events/alarms and other event records +that are made available by the VNF. The document must include: -R-56815: The VNF Package **MUST** include documentation describing supported VNF scaling capabilities and capacity limits (e.g., number of users, bandwidth, throughput, concurrent calls). +R-56815: The VNF Package **MUST** include documentation describing +supported VNF scaling capabilities and capacity limits (e.g., number +of users, bandwidth, throughput, concurrent calls). -R-56793: The VNF **MUST** test for adherence to the defined performance budgets at each layer, during each delivery cycle with delivered results, so that the performance budget is measured and the code is adjusted to meet performance budget. +R-56793: The VNF **MUST** test for adherence to the defined performance +budgets at each layer, during each delivery cycle with delivered results, +so that the performance budget is measured and the code is adjusted to +meet performance budget. R-54520: The VNF **MUST** log successful and unsuccessful login attempts. -R-10173: The VNF **MUST** allow another NETCONF session to be able to initiate the release of the lock by killing the session owning the lock, using the <kill-session> operation to guard against hung NETCONF sessions. +R-10173: The VNF **MUST** allow another NETCONF session to be able to +initiate the release of the lock by killing the session owning the lock, +using the <kill-session> operation to guard against hung NETCONF sessions. -R-36280: The VNF provider **MUST** provide documentation describing VNF Functional Capabilities that are utilized to operationalize the VNF and compose complex services. +R-36280: The VNF provider **MUST** provide documentation describing VNF +Functional Capabilities that are utilized to operationalize the VNF and +compose complex services. -R-15671: The VNF **MUST NOT** provide public or unrestricted access to any data without the permission of the data owner. All data classification and access controls must be followed. +R-15671: The VNF **MUST NOT** provide public or unrestricted access to any +data without the permission of the data owner. All data classification and +access controls must be followed. -R-39342: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "password changes (includes default passwords)" policy. Products will support password aging, syntax and other credential management practices on a configurable basis. +R-39342: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "password changes (includes default passwords)" policy. Products +will support password aging, syntax and other credential management +practices on a configurable basis. -R-21558: The VNF **SHOULD** use intelligent routing by having knowledge of multiple downstream/upstream endpoints that are exposed to it, to ensure there is no dependency on external services (such as load balancers) to switch to alternate endpoints. +R-21558: The VNF **SHOULD** use intelligent routing by having knowledge +of multiple downstream/upstream endpoints that are exposed to it, to ensure +there is no dependency on external services (such as load balancers) to +switch to alternate endpoints. -R-07545: The VNF **MUST** support all operations, administration and management (OAM) functions available from the supplier for VNFs using the supplied YANG code and associated NETCONF servers. +R-07545: The VNF **MUST** support all operations, administration and +management (OAM) functions available from the supplier for VNFs using +the supplied YANG code and associated NETCONF servers. -R-73541: The VNF **MUST** use access controls for VNFs and their supporting computing systems at all times to restrict access to authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. +R-73541: The VNF **MUST** use access controls for VNFs and their +supporting computing systems at all times to restrict access to +authorized personnel only, e.g., least privilege. These controls +could include the use of system configuration or access control software. -R-97102: The VNF Package **MUST** include VM requirements via a Heat template that provides the necessary data for: +R-97102: The VNF Package **MUST** include VM requirements via a Heat +template that provides the necessary data for: -R-44013: The VNF **MUST** populate an attribute, defined as node[‘PushJobOutput’] with the desired output on all nodes in the push job that execute chef-client run if the VNF action requires the output of a chef-client run be made available (e.g., get running configuration). +R-44013: The VNF **MUST** populate an attribute, defined as +node[‘PushJobOutput’] with the desired output on all nodes in the push +job that execute chef-client run if the VNF action requires the output +of a chef-client run be made available (e.g., get running configuration). -R-40521: The VNF **MUST**, if not using the NCSP’s IDAM API, support use of common third party authentication and authorization tools such as TACACS+, RADIUS. +R-40521: The VNF **MUST**, if not using the NCSP’s IDAM API, support use of +common third party authentication and authorization tools such as TACACS+, +RADIUS. -R-41829: The VNF **MUST** be able to specify the granularity of the lock via a restricted or full XPath expression. +R-41829: The VNF **MUST** be able to specify the granularity of the lock +via a restricted or full XPath expression. -R-19768: The VNF **SHOULD** support L3 VPNs that enable segregation of traffic by application (dropping packets not belonging to the VPN) (i.e., AVPN, IPSec VPN for Internet routes). +R-19768: The VNF **SHOULD** support L3 VPNs that enable segregation of +traffic by application (dropping packets not belonging to the VPN) (i.e., +AVPN, IPSec VPN for Internet routes). R-55478: The VNF **MUST** log logoffs. -R-14853: The VNF **MUST** respond to a "move traffic" [2]_ command against a specific VNFC, moving all existing session elsewhere with minimal disruption if a VNF provides a load balancing function across multiple instances of its VNFCs. Note: Individual VNF performance aspects (e.g., move duration or disruption scope) may require further constraints. +R-14853: The VNF **MUST** respond to a "move traffic" [2]_ command against a +specific VNFC, moving all existing session elsewhere with minimal disruption +if a VNF provides a load balancing function across multiple instances of its +VNFCs. Note: Individual VNF performance aspects (e.g., move duration or +disruption scope) may require further constraints. -R-68165: The VNF **MUST** encrypt any content containing Sensitive Personal Information (SPI) or certain proprietary data, in addition to applying the regular procedures for securing access and delivery. +R-68165: The VNF **MUST** encrypt any content containing Sensitive Personal +Information (SPI) or certain proprietary data, in addition to applying the +regular procedures for securing access and delivery. -R-31614: The VNF **MUST** log the field “event type” in the security audit logs. +R-31614: The VNF **MUST** log the field “event type” in the security audit +logs. -R-87662: The VNF **SHOULD** implement the NETCONF Event Notifications [RFC5277]. +R-87662: The VNF **SHOULD** implement the NETCONF Event Notifications +[RFC5277]. -R-26508: The VNF **MUST** support NETCONF server that can be mounted on OpenDaylight (client) and perform the following operations: +R-26508: The VNF **MUST** support NETCONF server that can be mounted +on OpenDaylight (client) and perform the following operations: -R-26567: The VNF Package **MUST** include a run list of roles/cookbooks/recipes, for each supported VNF action, that will perform the desired VNF action in its entirety as specified by ONAP (see Section 8.c, ONAP Controller APIs and Behavior, for list of VNF actions and requirements), when triggered by a chef-client run list in JSON file. +R-26567: The VNF Package **MUST** include a run list of +roles/cookbooks/recipes, for each supported VNF action, that will perform +the desired VNF action in its entirety as specified by ONAP (see Section +8.c, ONAP Controller APIs and Behavior, for list of VNF actions and +requirements), when triggered by a chef-client run list in JSON file. -R-04158: The VNF **MUST** conform to the NETCONF RFC 4742, “Using the NETCONF Configuration Protocol over Secure Shell (SSH)”. +R-04158: The VNF **MUST** conform to the NETCONF RFC 4742, +“Using the NETCONF Configuration Protocol over Secure Shell (SSH)”. -R-49109: The VNF **MUST** encrypt TCP/IP--HTTPS (e.g., TLS v1.2) transmission of data on internal and external networks. +R-49109: The VNF **MUST** encrypt TCP/IP--HTTPS (e.g., TLS v1.2) transmission +of data on internal and external networks. -R-15884: The VNF **MUST** include the field “date” in the Security alarms (where applicable and technically feasible). +R-15884: The VNF **MUST** include the field “date” in the Security alarms +(where applicable and technically feasible). -R-15885: The VNF **MUST** Upon completion of the chef-client run, POST back on the callback URL, a JSON object as described in Table A2 if the chef-client run list includes a cookbook/recipe that is callback capable. Failure to POST on the Callback Url should not be considered a critical error. That is, if the chef-client successfully completes the VNF action, it should reflect this status on the Chef Server regardless of whether the Callback succeeded or not. +R-15885: The VNF **MUST** Upon completion of the chef-client run, POST +back on the callback URL, a JSON object as described in Table A2 if the +chef-client run list includes a cookbook/recipe that is callback capable. +Failure to POST on the Callback Url should not be considered a critical +error. That is, if the chef-client successfully completes the VNF action, +it should reflect this status on the Chef Server regardless of whether +the Callback succeeded or not. -R-82223: The VNF **MUST** be decomposed if the functions have significantly different scaling characteristics (e.g., signaling versus media functions, control versus data plane functions). +R-82223: The VNF **MUST** be decomposed if the functions have significantly +different scaling characteristics (e.g., signaling versus media functions, +control versus data plane functions). -R-37608: The VNF **MUST** provide a mechanism to restrict access based on the attributes of the VNF and the attributes of the subject. +R-37608: The VNF **MUST** provide a mechanism to restrict access based +on the attributes of the VNF and the attributes of the subject. -R-02170: The VNF **MUST** use, whenever possible, standard implementations of security applications, protocols, and format, e.g., S/MIME, TLS, SSH, IPSec, X.509 digital certificates for cryptographic implementations. These implementations must be purchased from reputable vendors and must not be developed in-house. +R-02170: The VNF **MUST** use, whenever possible, standard implementations +of security applications, protocols, and format, e.g., S/MIME, TLS, SSH, +IPSec, X.509 digital certificates for cryptographic implementations. +These implementations must be purchased from reputable vendors and must +not be developed in-house. -R-11235: The VNF **MUST** implement the protocol operation: **kill-session(session)** - Force the termination of **session**. +R-11235: The VNF **MUST** implement the protocol operation: +**kill-session(session)** - Force the termination of **session**. -R-87564: The VNF **SHOULD** conform its YANG model to RFC 7317, “A YANG Data Model for System Management”. +R-87564: The VNF **SHOULD** conform its YANG model to RFC 7317, +“A YANG Data Model for System Management”. -R-69649: The VNF **MUST** have all vulnerabilities patched as soon as possible. Patching shall be controlled via change control process with vulnerabilities disclosed along with mitigation recommendations. +R-69649: The VNF **MUST** have all vulnerabilities patched as soon as +possible. Patching shall be controlled via change control process with +vulnerabilities disclosed along with mitigation recommendations. -R-75041: The VNF **MUST**, if not using the NCSP’s IDAM API, expire passwords at regular configurable intervals. +R-75041: The VNF **MUST**, if not using the NCSP’s IDAM API, expire passwords +at regular configurable intervals. -R-23035: The VNF **MUST** be designed to scale horizontally (more instances of a VNF or VNFC) and not vertically (moving the existing instances to larger VMs or increasing the resources within a VM) to achieve effective utilization of cloud resources. +R-23035: The VNF **MUST** be designed to scale horizontally (more instances +of a VNF or VNFC) and not vertically (moving the existing instances to larger +VMs or increasing the resources within a VM) to achieve effective utilization +of cloud resources. R-97445: The VNF **MUST** log the field “date/time” in the security audit logs. -R-16777: The VNF provider **MUST** provide a JSON file for each supported action for the VNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix B. +R-16777: The VNF provider **MUST** provide a JSON file for each supported +action for the VNF. The JSON file must contain key value pairs with all +relevant values populated with sample data that illustrates its usage. +The fields and their description are defined in Appendix B. -R-08134: The VNF **MUST** conform to the NETCONF RFC 6241, “NETCONF Configuration Protocol”. +R-08134: The VNF **MUST** conform to the NETCONF RFC 6241, +“NETCONF Configuration Protocol”. -R-01382: The VNF **MUST** allow the entire configuration of the VNF to be retrieved via NETCONF's <get-config> and <edit-config>, independently of whether it was configured via NETCONF or other mechanisms. +R-01382: The VNF **MUST** allow the entire configuration of the VNF to +be retrieved via NETCONF's <get-config> and <edit-config>, independently +of whether it was configured via NETCONF or other mechanisms. R-98929: The VNF **MAY** have a single endpoint. -R-48356: The VNF **MUST** fully exploit exception handling to the extent that resources (e.g., threads and memory) are released when no longer needed regardless of programming language. +R-48356: The VNF **MUST** fully exploit exception handling to the extent +that resources (e.g., threads and memory) are released when no longer +needed regardless of programming language. -R-90007: The VNF **MUST** implement the protocol operation: **close-session()**- Gracefully close the current session. +R-90007: The VNF **MUST** implement the protocol operation: +**close-session()**- Gracefully close the current session. -R-42140: The VNF **MUST** respond to data requests from ONAP as soon as those requests are received, as a synchronous response. +R-42140: The VNF **MUST** respond to data requests from ONAP as soon as +those requests are received, as a synchronous response. -R-27511: The VNF provider **MUST** provide the ability to scale up a VNF provider supplied product during growth and scale down a VNF provider supplied product during decline without “real-time” restrictions based upon VNF provider permissions. +R-27511: The VNF provider **MUST** provide the ability to scale up a VNF +provider supplied product during growth and scale down a VNF provider +supplied product during decline without “real-time” restrictions based +upon VNF provider permissions. R-05470: The VNF **MUST** host connectors for access to the database layer. -R-85633: The VNF **MUST** implement Data Storage Encryption (database/disk encryption) for Sensitive Personal Information (SPI) and other subscriber identifiable data. Note: subscriber’s SPI/data must be encrypted at rest, and other subscriber identifiable data should be encrypted at rest. Other data protection requirements exist and should be well understood by the developer. +R-85633: The VNF **MUST** implement Data Storage Encryption (database/disk +encryption) for Sensitive Personal Information (SPI) and other subscriber +identifiable data. Note: subscriber’s SPI/data must be encrypted at rest, +and other subscriber identifiable data should be encrypted at rest. Other +data protection requirements exist and should be well understood by the +developer. -R-36792: The VNF **MUST** automatically retry/resubmit failed requests made by the software to its downstream system to increase the success rate. +R-36792: The VNF **MUST** automatically retry/resubmit failed requests +made by the software to its downstream system to increase the success rate. -R-49036: The VNF **SHOULD** conform its YANG model to RFC 7277, “A YANG Data Model for IP Management”. +R-49036: The VNF **SHOULD** conform its YANG model to RFC 7277, +“A YANG Data Model for IP Management”. -R-63217: The VNF **MUST**, if not using the NCSP’s IDAM API, support logging via ONAP for a historical view of “who did what and when”. +R-63217: The VNF **MUST**, if not using the NCSP’s IDAM API, support +logging via ONAP for a historical view of “who did what and when”. -R-44125: The VNF provider **MUST** agree to the process that can be met by Service Provider reporting infrastructure. The Contract shall define the reporting process and the available reporting tools. +R-44125: The VNF provider **MUST** agree to the process that can be met +by Service Provider reporting infrastructure. The Contract shall define +the reporting process and the available reporting tools. -R-22700: The VNF **MUST** conform its YANG model to RFC 6470, “NETCONF Base Notifications”. +R-22700: The VNF **MUST** conform its YANG model to RFC 6470, +“NETCONF Base Notifications”. -R-74958: The VNF **MUST** activate security alarms automatically when the following event is detected: unsuccessful attempts to gain permissions or assume the identity of another user +R-74958: The VNF **MUST** activate security alarms automatically when +the following event is detected: unsuccessful attempts to gain permissions +or assume the identity of another user -R-44281: The VNF **MUST** implement the protocol operation: **edit-config(target, default-operation, test-option, error-option, config)** - Edit the target configuration datastore by merging, replacing, creating, or deleting new config elements. +R-44281: The VNF **MUST** implement the protocol operation: +**edit-config(target, default-operation, test-option, error-option, +config)** - Edit the target configuration datastore by merging, +replacing, creating, or deleting new config elements. -R-81777: The VNF **MUST** be configured with initial address(es) to use at deployment time. After that the address(es) may be changed through ONAP-defined policies delivered from ONAP to the VNF using PUTs to a RESTful API, in the same way that other controls over data reporting will be controlled by policy. +R-81777: The VNF **MUST** be configured with initial address(es) to +use at deployment time. After that the address(es) may be changed +through ONAP-defined policies delivered from ONAP to the VNF using +PUTs to a RESTful API, in the same way that other controls over data +reporting will be controlled by policy. -R-07879: The VNF Package **MUST** include all relevant playbooks to ONAP to be loaded on the Ansible Server. +R-07879: The VNF Package **MUST** include all relevant playbooks to +ONAP to be loaded on the Ansible Server. -R-57855: The VNF **MUST** support hitless staggered/rolling deployments between its redundant instances to allow "soak-time/burn in/slow roll" which can enable the support of low traffic loads to validate the deployment prior to supporting full traffic loads. +R-57855: The VNF **MUST** support hitless staggered/rolling deployments +between its redundant instances to allow "soak-time/burn in/slow roll" +which can enable the support of low traffic loads to validate the +deployment prior to supporting full traffic loads. -R-73285: The VNF **MUST** must encode the delivered data using JSON or Avro, addressed and delivered as described in the previous paragraphs. +R-73285: The VNF **MUST** must encode the delivered data using JSON or Avro, +addressed and delivered as described in the previous paragraphs. -R-85028: The VNF **MUST** authenticate system to system access and do not conceal a VNF provider user’s individual accountability for transactions. +R-85028: The VNF **MUST** authenticate system to system access and do not +conceal a VNF provider user’s individual accountability for transactions. -R-28545: The VNF **MUST** conform its YANG model to RFC 6060, “YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF)” +R-28545: The VNF **MUST** conform its YANG model to RFC 6060, “YANG - A +Data Modeling Language for the Network Configuration Protocol (NETCONF)” -R-74712: The VNF **MUST** utilize FQDNs (and not IP address) for both Service Chaining and scaling. +R-74712: The VNF **MUST** utilize FQDNs (and not IP address) for both +Service Chaining and scaling. -R-29760: The VNFC **MUST** be installed on non-root file systems, unless software is specifically included with the operating system distribution of the guest image. +R-29760: The VNFC **MUST** be installed on non-root file systems, unless +software is specifically included with the operating system distribution +of the guest image. -R-08315: The VNF **SHOULD** use redundant connection pooling to connect to any backend data source that can be switched between pools in an automated/scripted fashion to ensure high availability of the connection to the data source. +R-08315: The VNF **SHOULD** use redundant connection pooling to connect +to any backend data source that can be switched between pools in an +automated/scripted fashion to ensure high availability of the connection +to the data source. -R-42874: The VNF **MUST** comply with Least Privilege (no more privilege than required to perform job functions) when persons or non-person entities access VNFs. +R-42874: The VNF **MUST** comply with Least Privilege (no more privilege +than required to perform job functions) when persons or non-person entities +access VNFs. R-08312: The VNF **MAY** use other options which are expected to include -R-19082: The VNF **MUST NOT** run security testing tools and programs, e.g., password cracker, port scanners, hacking tools in production, without authorization of the VNF system owner. +R-19082: The VNF **MUST NOT** run security testing tools and programs, e.g., +password cracker, port scanners, hacking tools in production, without +authorization of the VNF system owner. -R-39650: The VNF **SHOULD** provide the ability to test incremental growth of the VNF. +R-39650: The VNF **SHOULD** provide the ability to test incremental growth +of the VNF. -R-15325: The VNF **MUST** log the field “success/failure” in the security audit logs. +R-15325: The VNF **MUST** log the field “success/failure” in the security +audit logs. -R-07617: The VNF **MUST** log creating, removing, or changing the inherent privilege level of users. +R-07617: The VNF **MUST** log creating, removing, or changing the inherent +privilege level of users. -R-53015: The VNF **MUST** apply locking based on the sequence of NETCONF operations, with the first configuration operation locking out all others until completed. +R-53015: The VNF **MUST** apply locking based on the sequence of NETCONF +operations, with the first configuration operation locking out all others +until completed. -R-83500: The VNF **MUST** provide the capability of allowing certificate renewal and revocation. +R-83500: The VNF **MUST** provide the capability of allowing certificate +renewal and revocation. R-23772: The VNF **MUST** validate input at all layers implementing VNF APIs. -R-83227: The VNF **MUST** Provide the capability to encrypt data in transit on a physical or virtual network. +R-83227: The VNF **MUST** Provide the capability to encrypt data in transit +on a physical or virtual network. -R-36843: The VNF **MUST** support the ability of the VNFC to be deployable in multi-zoned cloud sites to allow for site support in the event of cloud zone failure or upgrades. +R-36843: The VNF **MUST** support the ability of the VNFC to be deployable +in multi-zoned cloud sites to allow for site support in the event of cloud +zone failure or upgrades. -R-10129: The VNF **SHOULD** conform its YANG model to RFC 7223, “A YANG Data Model for Interface Management”. +R-10129: The VNF **SHOULD** conform its YANG model to RFC 7223, +“A YANG Data Model for Interface Management”. -R-18733: The VNF **MUST** implement the protocol operation: **discard-changes()** - Revert the candidate configuration datastore to the running configuration. +R-18733: The VNF **MUST** implement the protocol operation: +**discard-changes()** - Revert the candidate configuration datastore to +the running configuration. -R-21819: The VNF **MUST** support requests for information from law enforcement and government agencies. +R-21819: The VNF **MUST** support requests for information from law +enforcement and government agencies. -R-92207: The VNF **SHOULD** implement a mechanism for automated and frequent "system configuration (automated provisioning / closed loop)" auditing. +R-92207: The VNF **SHOULD** implement a mechanism for automated and frequent +"system configuration (automated provisioning / closed loop)" auditing. -R-63935: The VNF **MUST** release locks to prevent permanent lock-outs when a user configured timer has expired forcing the NETCONF SSH Session termination (i.e., product must expose a configuration knob for a user setting of a lock expiration timer) +R-63935: The VNF **MUST** release locks to prevent permanent lock-outs when +a user configured timer has expired forcing the NETCONF SSH Session +termination (i.e., product must expose a configuration knob for a user +setting of a lock expiration timer) -R-79224: The VNF **MUST** have the chef-client be preloaded with validator keys and configuration to register with the designated Chef Server as part of the installation process. +R-79224: The VNF **MUST** have the chef-client be preloaded with validator +keys and configuration to register with the designated Chef Server as part +of the installation process. -R-12467: The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and Skipjack algorithms or other compromised encryption. +R-12467: The VNF **MUST NOT** use the SHA, DSS, MD5, SHA-1 and Skipjack +algorithms or other compromised encryption. -R-68589: The VNF **MUST**, if not using the NCSP’s IDAM API, support User-IDs and passwords to uniquely identify the user/application. VNF needs to have appropriate connectors to the Identity, Authentication and Authorization systems that enables access at OS, Database and Application levels as appropriate. +R-68589: The VNF **MUST**, if not using the NCSP’s IDAM API, support +User-IDs and passwords to uniquely identify the user/application. VNF +needs to have appropriate connectors to the Identity, Authentication and +Authorization systems that enables access at OS, Database and Application +levels as appropriate. -R-26115: The VNF **MUST** follow the data model upgrade rules defined in [RFC6020] section 10. All deviations from section 10 rules shall be handled by a built-in automatic upgrade mechanism. +R-26115: The VNF **MUST** follow the data model upgrade rules defined in +[RFC6020] section 10. All deviations from section 10 rules shall be handled +by a built-in automatic upgrade mechanism. -R-49145: The VNF **MUST** implement **:confirmed-commit** If **:candidate** is supported. +R-49145: The VNF **MUST** implement **:confirmed-commit** If **:candidate** +is supported. -R-04298: The VNF provider **MUST** provide their testing scripts to support testing. +R-04298: The VNF provider **MUST** provide their testing scripts to +support testing. -R-92935: The VNF **SHOULD** minimize the propagation of state information across multiple data centers to avoid cross data center traffic. +R-92935: The VNF **SHOULD** minimize the propagation of state information +across multiple data centers to avoid cross data center traffic. -R-47204: The VNF **MUST** protect the confidentiality and integrity of data at rest and in transit from unauthorized access and modification. +R-47204: The VNF **MUST** protect the confidentiality and integrity of +data at rest and in transit from unauthorized access and modification. -R-32695: The VNF **MUST** provide the ability to modify the number of retries, the time between retries and the behavior/action taken after the retries have been exhausted for exception handling to allow the NCSP to control that behavior. +R-32695: The VNF **MUST** provide the ability to modify the number of +retries, the time between retries and the behavior/action taken after +the retries have been exhausted for exception handling to allow the NCSP +to control that behavior. -R-58964: The VNF **MUST** provide the capability to restrict read and write access to data. +R-58964: The VNF **MUST** provide the capability to restrict read and +write access to data. -R-73364: The VNF **MUST** support at least two major versions of the VNF software and/or sub-components to co-exist within production environments at any time so that upgrades can be applied across multiple systems in a staggered manner. +R-73364: The VNF **MUST** support at least two major versions of the +VNF software and/or sub-components to co-exist within production +environments at any time so that upgrades can be applied across multiple +systems in a staggered manner. -R-33946: The VNF **MUST** conform to the NETCONF RFC 4741, “NETCONF Configuration Protocol”. +R-33946: The VNF **MUST** conform to the NETCONF RFC 4741, +“NETCONF Configuration Protocol”. -R-24269: The VNF **SHOULD** conform its YANG model to RFC 7407, “A YANG Data Model for SNMP Configuration”. +R-24269: The VNF **SHOULD** conform its YANG model to RFC 7407, +“A YANG Data Model for SNMP Configuration”. -R-16039: The VNF **SHOULD** test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle so that the resiliency rating is measured and feedback is provided where software resiliency requirements are not met. +R-16039: The VNF **SHOULD** test for adherence to the defined resiliency +rating recommendation at each layer, during each delivery cycle so that +the resiliency rating is measured and feedback is provided where software +resiliency requirements are not met. -R-46290: The VNF **MUST** respond to an ONAP request to deliver granular data on device or subsystem status or performance, referencing the YANG configuration model for the VNF by returning the requested data elements. +R-46290: The VNF **MUST** respond to an ONAP request to deliver granular +data on device or subsystem status or performance, referencing the YANG +configuration model for the VNF by returning the requested data elements. -R-11240: The VNF **MUST** respond with content encoded in JSON, as described in the RESTCONF specification. This way the encoding of a synchronous communication will be consistent with Avro. +R-11240: The VNF **MUST** respond with content encoded in JSON, as described +in the RESTCONF specification. This way the encoding of a synchronous +communication will be consistent with Avro. R-83790: The VNF **MUST** implement the **:validate** capability -R-83873: The VNF **MUST** support **:rollback-on-error** value for the <error-option> parameter to the <edit-config> operation. If any error occurs during the requested edit operation, then the target database (usually the running configuration) will be left affected. This provides an 'all-or-nothing' edit mode for a single <edit-config> request. +R-83873: The VNF **MUST** support **:rollback-on-error** value for the +<error-option> parameter to the <edit-config> operation. If any error +occurs during the requested edit operation, then the target database +(usually the running configuration) will be left affected. This provides an +'all-or-nothing' edit mode for a single <edit-config> request. -R-25238: The VNF PACKAGE **MUST** validated YANG code using the open source pyang [3]_ program using the following commands: +R-25238: The VNF PACKAGE **MUST** validated YANG code using the open +source pyang [3]_ program using the following commands: -R-58370: The VNF **MUST** coexist and operate normally with commercial anti-virus software which shall produce alarms every time when there is a security incident. +R-58370: The VNF **MUST** coexist and operate normally with commercial +anti-virus software which shall produce alarms every time when there is +a security incident. -R-39604: The VNF **MUST** provide the capability of testing the validity of a digital certificate by checking the Certificate Revocation List (CRL) for the certificates of that type to ensure that the certificate has not been revoked. +R-39604: The VNF **MUST** provide the capability of testing the validity +of a digital certificate by checking the Certificate Revocation List (CRL) +for the certificates of that type to ensure that the certificate has not +been revoked. -R-06617: The VNF **MUST** support get-schema (ietf-netconf-monitoring) to pull YANG model over session. +R-06617: The VNF **MUST** support get-schema (ietf-netconf-monitoring) +to pull YANG model over session. -R-13344: The VNF **MUST** log starting and stopping of security logging +R-13344: The VNF **MUST** log starting and stopping of security logging. R-02360: The VNFC **MUST** be designed as a standalone, executable process. -R-80070: The VNF **MUST** handle errors and exceptions so that they do not interrupt processing of incoming VNF requests to maintain service continuity. +R-80070: The VNF **MUST** handle errors and exceptions so that they do not +interrupt processing of incoming VNF requests to maintain service continuity. + +R-02137: The VNF **MUST** implement all monitoring and logging as described +in the Security Analytics section. -R-02137: The VNF **MUST** implement all monitoring and logging as described in the Security Analytics section. +R-16496: The VNF **MUST** enable instantiating only the functionality that +is needed for the decomposed VNF (e.g., if transcoding is not needed it +should not be instantiated). -R-16496: The VNF **MUST** enable instantiating only the functionality that is needed for the decomposed VNF (e.g., if transcoding is not needed it should not be instantiated). +R-32217: The VNF **MUST** have routable FQDNs that are reachable via the +Ansible Server for the endpoints (VMs) of a VNF on which playbooks will be +executed. ONAP will initiate requests to the Ansible Server for invocation +of playbooks against these end points [4]_. -R-32217: The VNF **MUST** have routable FQDNs that are reachable via the Ansible Server for the endpoints (VMs) of a VNF on which playbooks will be executed. ONAP will initiate requests to the Ansible Server for invocation of playbooks against these end points [4]_. +R-47849: The VNF provider **MUST** support the metadata about licenses +(and their applicable entitlements) as defined in this document for VNF +software, and any license keys required to authorize use of the VNF software. -R-47849: The VNF provider **MUST** support the metadata about licenses (and their applicable entitlements) as defined in this document for VNF software, and any license keys required to authorize use of the VNF software. This metadata will be used to facilitate onboarding the VNF into the ONAP environment and automating processes for putting the licenses into use and managing the full lifecycle of the licenses. The details of this license model are described in Appendix C. Note: License metadata support in ONAP is not currently available and planned for 1Q 2018. + This metadata will be used to facilitate onboarding the VNF into the ONAP + environment and automating processes for putting the licenses into use and + managing the full lifecycle of the licenses. The details of this license + model are described in Appendix C. Note: License metadata support in ONAP is + not currently available and planned for 1Q 2018. -R-85419: The VNF **SHOULD** use REST APIs exposed to Client Applications for the implementation of OAuth 2.0 Authorization Code Grant and Client Credentials Grant, as the standard interface for a VNF. +R-85419: The VNF **SHOULD** use REST APIs exposed to Client Applications for +the implementation of OAuth 2.0 Authorization Code Grant and Client Credentials +Grant, as the standard interface for a VNF. -R-34660: The VNF **MUST** use the RESTCONF/NETCONF framework used by the ONAP configuration subsystem for synchronous communication. +R-34660: The VNF **MUST** use the RESTCONF/NETCONF framework used by the +ONAP configuration subsystem for synchronous communication. -R-88026: The VNF **MUST** include a NETCONF server enabling runtime configuration and lifecycle management capabilities. +R-88026: The VNF **MUST** include a NETCONF server enabling runtime +configuration and lifecycle management capabilities. -R-48080: The VNF **SHOULD** support SCEP (Simple Certificate Enrollment Protocol). +R-48080: The VNF **SHOULD** support SCEP (Simple Certificate Enrollment +Protocol). -R-43884: The VNF **MUST** integrate with external authentication and authorization services (e.g., IDAM). +R-43884: The VNF **MUST** integrate with external authentication and +authorization services (e.g., IDAM). -R-70933: The VNF **MUST** provide the ability to migrate to newer versions of cryptographic algorithms and protocols with no impact. +R-70933: The VNF **MUST** provide the ability to migrate to newer versions +of cryptographic algorithms and protocols with no impact. -R-48917: The VNF **MUST** monitor for and alert on (both sender and receiver) errant, running longer than expected and missing file transfers, so as to minimize the impact due to file transfer errors. +R-48917: The VNF **MUST** monitor for and alert on (both sender and receiver) +errant, running longer than expected and missing file transfers, so as to +minimize the impact due to file transfer errors. -R-79107: The VNF **MUST**, if not using the NCSP’s IDAM API, enforce a configurable maximum number of Login attempts policy for the users. VNF provider must comply with "terminate idle sessions" policy. Interactive sessions must be terminated, or a secure, locking screensaver must be activated requiring authentication, after a configurable period of inactivity. The system-based inactivity timeout for the enterprise identity and access management system must also be configurable. +R-79107: The VNF **MUST**, if not using the NCSP’s IDAM API, enforce a +configurable maximum number of Login attempts policy for the users. VNF +provider must comply with "terminate idle sessions" policy. Interactive +sessions must be terminated, or a secure, locking screensaver must be +activated requiring authentication, after a configurable period of inactivity. +The system-based inactivity timeout for the enterprise identity and access +management system must also be configurable. -R-75850: The VNF **SHOULD** decouple persistent data from the VNFC and keep it in its own datastore that can be reached by all instances of the VNFC requiring the data. +R-75850: The VNF **SHOULD** decouple persistent data from the VNFC and keep +it in its own datastore that can be reached by all instances of the VNFC +requiring the data. -R-46960: The VNF **MUST** utilize only the Guest OS versions that are supported by the NCSP’s Network Cloud. [5]_ +R-46960: The VNF **MUST** utilize only the Guest OS versions that are +supported by the NCSP’s Network Cloud. [5]_ -R-21210: The VNF **MUST** implement the following input validation control: Validate that any input file has a correct and valid Multipurpose Internet Mail Extensions (MIME) type. Input files should be tested for spoofed MIME types. +R-21210: The VNF **MUST** implement the following input validation control: +Validate that any input file has a correct and valid Multipurpose Internet +Mail Extensions (MIME) type. Input files should be tested for spoofed MIME +types. -R-23823: The VNF Package **MUST** include appropriate credentials so that ONAP can interact with the Chef Server. +R-23823: The VNF Package **MUST** include appropriate credentials so that +ONAP can interact with the Chef Server. -R-24359: The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the date the certificate is being used is within the validity period for the certificate. +R-24359: The VNF **MUST** provide the capability of testing the validity +of a digital certificate by validating the date the certificate is being +used is within the validity period for the certificate. -R-49224: The VNF **MUST** provide unique traceability of a transaction through its life cycle to ensure quick and efficient troubleshooting. +R-49224: The VNF **MUST** provide unique traceability of a transaction +through its life cycle to ensure quick and efficient troubleshooting. -R-04982: The VNF **MUST NOT** include an authentication credential, e.g., password, in the security audit logs, even if encrypted. +R-04982: The VNF **MUST NOT** include an authentication credential, +e.g., password, in the security audit logs, even if encrypted. -R-74481: The VNF **MUST** NOT require the use of a dynamic routing protocol unless necessary to meet functional requirements. +R-74481: The VNF **MUST** NOT require the use of a dynamic routing +protocol unless necessary to meet functional requirements. -R-98911: The VNF **MUST NOT** use any instance specific parameters for the VNF in roles/cookbooks/recipes invoked for a VNF action. +R-98911: The VNF **MUST NOT** use any instance specific parameters for +the VNF in roles/cookbooks/recipes invoked for a VNF action. -R-89571: The VNF **MUST** support and provide artifacts for configuration management using at least one of the following technologies: +R-89571: The VNF **MUST** support and provide artifacts for configuration +management using at least one of the following technologies: -R-87135: The VNF **MUST** comply with NIST standards and industry best practices for all implementations of cryptography. +R-87135: The VNF **MUST** comply with NIST standards and industry best +practices for all implementations of cryptography. -R-04492: The VNF **MUST** generate security audit logs that must be sent to Security Analytics Tools for analysis. +R-04492: The VNF **MUST** generate security audit logs that must be +sent to Security Analytics Tools for analysis. -R-02597: The VNF **MUST** implement the protocol operation: **lock(target)** - Lock the configuration datastore target. +R-02597: The VNF **MUST** implement the protocol operation: +**lock(target)** - Lock the configuration datastore target. -R-13800: The VNF **MUST** conform to the NETCONF RFC 5277, “NETCONF Event Notification”. +R-13800: The VNF **MUST** conform to the NETCONF RFC 5277, “NETCONF +Event Notification”. -R-64445: The VNF **MUST** support the ability of a requestor of the service to determine the version (and therefore capabilities) of the service so that Network Cloud Service Provider can understand the capabilities of the service. +R-64445: The VNF **MUST** support the ability of a requestor of the service +to determine the version (and therefore capabilities) of the service so that +Network Cloud Service Provider can understand the capabilities of the service. -R-64768: The VNF **MUST** limit the size of application data packets to no larger than 9000 bytes for SDN network-based tunneling when guest data packets are transported between tunnel endpoints that support guest logical networks. +R-64768: The VNF **MUST** limit the size of application data packets to +no larger than 9000 bytes for SDN network-based tunneling when guest data +packets are transported between tunnel endpoints that support guest logical +networks. -R-75608: The VNF provider **MUST** provide playbooks to be loaded on the appropriate Ansible Server. +R-75608: The VNF provider **MUST** provide playbooks to be loaded on the +appropriate Ansible Server. -R-61354: The VNF **MUST** implement access control list for OA&M services (e.g., restricting access to certain ports or applications). +R-61354: The VNF **MUST** implement access control list for OA&M services +(e.g., restricting access to certain ports or applications). -R-62468: The VNF **MUST** allow all configuration data to be edited through a NETCONF <edit-config> operation. Proprietary NETCONF RPCs that make configuration changes are not sufficient. +R-62468: The VNF **MUST** allow all configuration data to be edited through +a NETCONF <edit-config> operation. Proprietary NETCONF RPCs that make +configuration changes are not sufficient. -R-34552: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for OWASP Top 10. +R-34552: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for OWASP Top 10. -R-29977: The VNF **MUST** provide the capability of testing the validity of a digital certificate by validating the CA signature on the certificate. +R-29977: The VNF **MUST** provide the capability of testing the validity of +a digital certificate by validating the CA signature on the certificate. -R-67709: The VNF **MUST** be designed, built and packaged to enable deployment across multiple fault zones (e.g., VNFCs deployed in different servers, racks, OpenStack regions, geographies) so that in the event of a planned/unplanned downtime of a fault zone, the overall operation/throughput of the VNF is maintained. +R-67709: The VNF **MUST** be designed, built and packaged to enable +deployment across multiple fault zones (e.g., VNFCs deployed in different +servers, racks, OpenStack regions, geographies) so that in the event of a +planned/unplanned downtime of a fault zone, the overall operation/throughput +of the VNF is maintained. -R-46567: The VNF Package **MUST** include configuration scripts for boot sequence and configuration. +R-46567: The VNF Package **MUST** include configuration scripts for boot +sequence and configuration. -R-55345: The VNF **SHOULD** use techniques such as “lazy loading” when initialization includes loading catalogues and/or lists which can grow over time, so that the VNF startup time does not grow at a rate proportional to that of the list. +R-55345: The VNF **SHOULD** use techniques such as “lazy loading” when +initialization includes loading catalogues and/or lists which can grow over +time, so that the VNF startup time does not grow at a rate proportional to +that of the list. -R-88482: The VNF **SHOULD** use REST using HTTPS delivery of plain text JSON for moderate sized asynchronous data sets, and for high volume data sets when feasible. +R-88482: The VNF **SHOULD** use REST using HTTPS delivery of plain text +JSON for moderate sized asynchronous data sets, and for high volume data +sets when feasible. -R-56786: The VNF **MUST** implement “Closed Loop” automatic implementation (without human intervention) for Known Threats with detection rate in low false positives. +R-56786: The VNF **MUST** implement “Closed Loop” automatic implementation +(without human intervention) for Known Threats with detection rate in low +false positives. -R-94525: The VNF **MUST** log connections to a network listener of the resource. +R-94525: The VNF **MUST** log connections to a network listener of the +resource. -R-85428: The VNF **MUST** meet the same guidelines as Chef Server hosted by ONAP. +R-85428: The VNF **MUST** meet the same guidelines as Chef Server +hosted by ONAP. -R-26371: The VNF **MUST** detect connectivity failure for inter VNFC instance and intra/inter VNF and re-establish connectivity automatically to maintain the VNF without manual intervention to provide service continuity. +R-26371: The VNF **MUST** detect connectivity failure for inter VNFC instance +and intra/inter VNF and re-establish connectivity automatically to maintain +the VNF without manual intervention to provide service continuity. -R-35851: The VNF Package **MUST** include VNF topology that describes basic network and application connectivity internal and external to the VNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if applicable) for each interface. +R-35851: The VNF Package **MUST** include VNF topology that describes basic +network and application connectivity internal and external to the VNF +including Link type, KPIs, Bandwidth, latency, jitter, QoS (if applicable) +for each interface. -R-29301: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Password Attacks. +R-29301: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Password Attacks. -R-23957: The VNF **MUST** include the field “time” in the Security alarms (where applicable and technically feasible). +R-23957: The VNF **MUST** include the field “time” in the Security alarms +(where applicable and technically feasible). -R-32636: The VNF **MUST** support API-based monitoring to take care of the scenarios where the control interfaces are not exposed, or are optimized and proprietary in nature. +R-32636: The VNF **MUST** support API-based monitoring to take care of the +scenarios where the control interfaces are not exposed, or are optimized +and proprietary in nature. R-39562: The VNF **MUST** disable unnecessary or vulnerable cgi-bin programs. -R-77334: The VNF **MUST** allow configurations and configuration parameters to be managed under version control to ensure consistent configuration deployment, traceability and rollback. +R-77334: The VNF **MUST** allow configurations and configuration parameters +to be managed under version control to ensure consistent configuration +deployment, traceability and rollback. R-44723: The VNF **MUST** use symmetric keys of at least 112 bits in length. -R-86585: The VNFC **SHOULD** minimize the use of state within a VNFC to facilitate the movement of traffic from one instance to another. +R-86585: The VNFC **SHOULD** minimize the use of state within a VNFC to +facilitate the movement of traffic from one instance to another. -R-18725: The VNF **MUST** handle the restart of a single VNFC instance without requiring all VNFC instances to be restarted. +R-18725: The VNF **MUST** handle the restart of a single VNFC instance +without requiring all VNFC instances to be restarted. -R-53317: The VNF **MUST** conform its YANG model to RFC 6087, “Guidelines for Authors and Reviewers of YANG Data Model Documents”. +R-53317: The VNF **MUST** conform its YANG model to RFC 6087, +“Guidelines for Authors and Reviewers of YANG Data Model Documents”. R-67114: The VNF **MUST** be installed with: -R-28168: The VNF **SHOULD** use an appropriately configured logging level that can be changed dynamically, so as to not cause performance degradation of the VNF due to excessive logging. +R-28168: The VNF **SHOULD** use an appropriately configured logging level +that can be changed dynamically, so as to not cause performance degradation +of the VNF due to excessive logging. -R-54930: The VNF **MUST** implement the following input validation control: Do not permit input that contains content or characters inappropriate to the input expected by the design. Inappropriate input, such as SQL insertions, may cause the system to execute undesirable and unauthorized transactions against the database or allow other inappropriate access to the internal network. +R-54930: The VNF **MUST** implement the following input validation control: +Do not permit input that contains content or characters inappropriate to the +input expected by the design. Inappropriate input, such as SQL insertions, +may cause the system to execute undesirable and unauthorized transactions +against the database or allow other inappropriate access to the internal +network. -R-55830: The VNF **MUST** distribute all production code from NCSP internal sources only. No production code, libraries, OS images, etc. shall be distributed from publically accessible depots. +R-55830: The VNF **MUST** distribute all production code from NCSP internal +sources only. No production code, libraries, OS images, etc. shall be +distributed from publically accessible depots. -R-22367: The VNF **MUST** support detection of malformed packets due to software misconfiguration or software vulnerability. +R-22367: The VNF **MUST** support detection of malformed packets due to +software misconfiguration or software vulnerability. -R-93860: The VNF **MUST** provide the capability to integrate with an external encryption service. +R-93860: The VNF **MUST** provide the capability to integrate with an +external encryption service. R-09467: The VNF **MUST** utilize only NCSP standard compute flavors. [5]_ -R-62170: The VNF **MUST** over-ride any default values for configurable parameters that can be set by ONAP in the roles, cookbooks and recipes. +R-62170: The VNF **MUST** over-ride any default values for configurable +parameters that can be set by ONAP in the roles, cookbooks and recipes. -R-41994: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with "No Self-Signed Certificates" policy. Self-signed certificates must be used for encryption only, using specified and approved encryption protocols such as TLS 1.2 or higher or equivalent security protocols such as IPSec, AES. +R-41994: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with +"No Self-Signed Certificates" policy. Self-signed certificates must be used +for encryption only, using specified and approved encryption protocols such +as TLS 1.2 or higher or equivalent security protocols such as IPSec, AES. -R-38474: The VNF **MUST** have a corresponding environment file for a Base Module. +R-38474: The VNF **MUST** have a corresponding environment file for +a Base Module. -R-81725: The VNF **MUST** have a corresponding environment file for an Incremental Module. +R-81725: The VNF **MUST** have a corresponding environment file for +an Incremental Module. -R-53433: The VNF **MUST** have a corresponding environment file for a Cinder Volume Module. +R-53433: The VNF **MUST** have a corresponding environment file for a +Cinder Volume Module. -R-84160: The VNF **MUST** have security logging for VNFs and their OSs be active from initialization. Audit logging includes automatic routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems. +R-84160: The VNF **MUST** have security logging for VNFs and their OSs be +active from initialization. Audit logging includes automatic routines to +maintain activity records and cleanup programs to ensure the integrity of +the audit/logging systems. -R-99656: The VNF **MUST** NOT terminate stable sessions if a VNFC instance fails. +R-99656: The VNF **MUST** NOT terminate stable sessions if a VNFC instance +fails. R-80898: The VNF **MUST** support heartbeat via a <get> with null filter. -R-20974: The VNF **MUST** deploy the base module first, prior to the incremental modules. +R-20974: The VNF **MUST** deploy the base module first, prior to the +incremental modules. -R-69610: The VNF **MUST** provide the capability of using certificates issued from a Certificate Authority not provided by the VNF provider. +R-69610: The VNF **MUST** provide the capability of using certificates +issued from a Certificate Authority not provided by the VNF provider. -R-27310: The VNF Package **MUST** include all relevant Chef artifacts (roles/cookbooks/recipes) required to execute VNF actions requested by ONAP for loading on appropriate Chef Server. +R-27310: The VNF Package **MUST** include all relevant Chef artifacts +(roles/cookbooks/recipes) required to execute VNF actions requested by +ONAP for loading on appropriate Chef Server. -R-98191: The VNF **MUST** vary the frequency that asynchronous data is delivered based on the content and how data may be aggregated or grouped together. For example, alarms and alerts are expected to be delivered as soon as they appear. In contrast, other content, such as performance measurements, KPIs or reported network signaling may have various ways of packaging and delivering content. Some content should be streamed immediately; or content may be monitored over a time interval, then packaged as collection of records and delivered as block; or data may be collected until a package of a certain size has been collected; or content may be summarized statistically over a time interval, or computed as a KPI, with the summary or KPI being delivered. +R-98191: The VNF **MUST** vary the frequency that asynchronous data is +delivered based on the content and how data may be aggregated or grouped +together. For example, alarms and alerts are expected to be delivered as +soon as they appear. In contrast, other content, such as performance +measurements, KPIs or reported network signaling may have various ways of +packaging and delivering content. Some content should be streamed immediately; +or content may be monitored over a time interval, then packaged as collection +of records and delivered as block; or data may be collected until a package of +a certain size has been collected; or content may be summarized statistically +over a time interval, or computed as a KPI, with the summary or KPI being +delivered. -R-31412: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for XSS / CSRF. +R-31412: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for XSS / CSRF. -R-58775: The VNF provider **MUST** provide software components that can be packaged with/near the VNF, if needed, to simulate any functions or systems that connect to the VNF system under test. This component is necessary only if the existing testing environment does not have the necessary simulators. +R-58775: The VNF provider **MUST** provide software components that can be +packaged with/near the VNF, if needed, to simulate any functions or systems +that connect to the VNF system under test. This component is necessary only +if the existing testing environment does not have the necessary simulators. -R-45496: The VNF **MUST** host connectors for access to the OS (Operating System) layer. +R-45496: The VNF **MUST** host connectors for access to the OS +(Operating System) layer. -R-13151: The VNF **SHOULD** disable the paging of the data requiring encryption, if possible, where the encryption of non-transient data is required on a device for which the operating system performs paging to virtual memory. If not possible to disable the paging of the data requiring encryption, the virtual memory should be encrypted. +R-13151: The VNF **SHOULD** disable the paging of the data requiring +encryption, if possible, where the encryption of non-transient data is +required on a device for which the operating system performs paging to +virtual memory. If not possible to disable the paging of the data requiring +encryption, the virtual memory should be encrypted. -R-49308: The VNF **SHOULD** test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle with delivered results, so that the resiliency rating is measured and the code is adjusted to meet software resiliency requirements. +R-49308: The VNF **SHOULD** test for adherence to the defined resiliency +rating recommendation at each layer, during each delivery cycle with +delivered results, so that the resiliency rating is measured and the code +is adjusted to meet software resiliency requirements. -R-74763: The VNF provider **MUST** provide an artifact per VNF that contains all of the VNF Event Records supported. The artifact should include reference to the specific release of the VNF Event Stream Common Event Data Model document it is based on. (e.g., `VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__) +R-74763: The VNF provider **MUST** provide an artifact per VNF that contains +all of the VNF Event Records supported. The artifact should include reference +to the specific release of the VNF Event Stream Common Event Data Model +document it is based on. (e.g., `VES Event Listener <https://github.com/att/evel-test-collector/tree/master/docs/att_interface_definition>`__) -R-77786: The VNF Package **MUST** include all relevant cookbooks to be loaded on the ONAP Chef Server. +R-77786: The VNF Package **MUST** include all relevant cookbooks to be loaded +on the ONAP Chef Server. -R-54373: The VNF **MUST** have Python >= 2.7 on the endpoint VM(s) of a VNF on which an Ansible playbook will be executed. +R-54373: The VNF **MUST** have Python >= 2.7 on the endpoint VM(s) of a +VNF on which an Ansible playbook will be executed. -R-60106: The VNF **MUST** implement the protocol operation: **get(filter)** - Retrieve (a filtered subset of) the running configuration and device state information. This should include the list of VNF supported schemas. +R-60106: The VNF **MUST** implement the protocol operation: +**get(filter)** - Retrieve (a filtered subset of) the running configuration +and device state information. This should include the list of VNF supported +schemas. -R-35305: The VNF **MUST** meet the same guidelines as the Ansible Server hosted by ONAP. +R-35305: The VNF **MUST** meet the same guidelines as the Ansible Server +hosted by ONAP. -R-95864: The VNF **MUST** use commercial tools that comply with X.509 standards and produce x.509 compliant keys for public/private key generation. +R-95864: The VNF **MUST** use commercial tools that comply with X.509 +standards and produce x.509 compliant keys for public/private key generation. R-23475: The VNF **SHOULD** utilize only NCSP provided Guest OS images. [5]_ -R-64503: The VNF **MUST** provide minimum privileges for initial and default settings for new user accounts. +R-64503: The VNF **MUST** provide minimum privileges for initial and +default settings for new user accounts. -R-42681: The VNF **MUST** use the NCSP’s IDAM API or comply with the requirements if not using the NCSP’s IDAM API, for identification, authentication and access control of OA&M and other system level functions. +R-42681: The VNF **MUST** use the NCSP’s IDAM API or comply with the +requirements if not using the NCSP’s IDAM API, for identification, +authentication and access control of OA&M and other system level functions. -R-19219: The VNF **MUST** provide audit logs that include user ID, dates, times for log-on and log-off, and terminal location at minimum. +R-19219: The VNF **MUST** provide audit logs that include user ID, dates, +times for log-on and log-off, and terminal location at minimum. -R-73067: The VNF **MUST** use industry standard cryptographic algorithms and standard modes of operations when implementing cryptography. +R-73067: The VNF **MUST** use industry standard cryptographic algorithms +and standard modes of operations when implementing cryptography. -R-25878: The VNF **MUST** use certificates issued from publicly recognized Certificate Authorities (CA) for the authentication process where PKI-based authentication is used. +R-25878: The VNF **MUST** use certificates issued from publicly recognized +Certificate Authorities (CA) for the authentication process where PKI-based +authentication is used. -R-70266: The VNF **MUST** respond to an ONAP request to deliver the current data for any of the record types defined in Section 8.d “Data Model for Event Records” by returning the requested record, populated with the current field values. (Currently the defined record types include the common header record, technology independent records such as Fault, Heartbeat, State Change, Syslog, and technology specific records such as Mobile Flow, Signaling and Voice Quality records. Additional record types will be added in the future as they are standardized and become available.) +R-70266: The VNF **MUST** respond to an ONAP request to deliver the current +data for any of the record types defined in Section 8.d “Data Model for +Event Records” by returning the requested record, populated with the current +field values. (Currently the defined record types include the common header +record, technology independent records such as Fault, Heartbeat, State Change, +Syslog, and technology specific records such as Mobile Flow, Signaling and +Voice Quality records. Additional record types will be added in the future +as they are standardized and become available.) -R-70496: The VNF **MUST** implement the protocol operation: **commit(confirmed, confirm-timeout)** - Commit candidate configuration datastore to the running configuration. +R-70496: The VNF **MUST** implement the protocol operation: +**commit(confirmed, confirm-timeout)** - Commit candidate configuration +datastore to the running configuration. -R-19624: The VNF **MUST** encode and serialize content delivered to ONAP using JSON (option 1). High-volume data is to be encoded and serialized using Avro, where Avro data format are described using JSON (option 2) [6]_. +R-19624: The VNF **MUST** encode and serialize content delivered to ONAP +using JSON (option 1). High-volume data is to be encoded and serialized +using Avro, where Avro data format are described using JSON (option 2) [6]_. R-25094: The VNF **MUST** perform data capture for security functions. -R-44032: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Man in the Middle (MITM). +R-44032: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Man in the Middle (MITM). -R-47068: The VNF **MAY** expose a single endpoint that is responsible for all functionality. +R-47068: The VNF **MAY** expose a single endpoint that is responsible for +all functionality. -R-49396: The VNF **MUST** support each VNF action by invocation of **one** playbook [7]_. The playbook will be responsible for executing all necessary tasks (as well as calling other playbooks) to complete the request. +R-49396: The VNF **MUST** support each VNF action by invocation of **one** +playbook [7]_. The playbook will be responsible for executing all necessary +tasks (as well as calling other playbooks) to complete the request. -R-63953: The VNF **MUST** have the echo command return a zero value otherwise the validation has failed +R-63953: The VNF **MUST** have the echo command return a zero value +otherwise the validation has failed -R-56904: The VNF **MUST** interoperate with the ONAP (SDN) Controller so that it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual routing and forwarding rules. +R-56904: The VNF **MUST** interoperate with the ONAP (SDN) Controller so that +it can dynamically modify the firewall rules, ACL rules, QoS rules, virtual +routing and forwarding rules. -R-37929: The VNF **MUST** accept all necessary instance specific data from the environment or node object attributes for the VNF in roles/cookbooks/recipes invoked for a VNF action. +R-37929: The VNF **MUST** accept all necessary instance specific data +from the environment or node object attributes for the VNF in +roles/cookbooks/recipes invoked for a VNF action. -R-84366: The VNF Package **MUST** include documentation describing VNF Functional APIs that are utilized to build network and application services. This document describes the externally exposed functional inputs and outputs for the VNF, including interface format and protocols supported. +R-84366: The VNF Package **MUST** include documentation describing VNF +Functional APIs that are utilized to build network and application services. +This document describes the externally exposed functional inputs and outputs +for the VNF, including interface format and protocols supported. R-58421: The VNF **SHOULD** be decomposed into granular re-usable VNFCs. -R-27711: The VNF provider **MUST** provide an XML file that contains a list of VNF error codes, descriptions of the error, and possible causes/corrective action. +R-27711: The VNF provider **MUST** provide an XML file that contains a +list of VNF error codes, descriptions of the error, and possible +causes/corrective action. -R-78282: The VNF **MUST** conform to the NETCONF RFC 6242, “Using the Network Configuration Protocol over Secure Shell”. +R-78282: The VNF **MUST** conform to the NETCONF RFC 6242, “Using the +Network Configuration Protocol over Secure Shell”. -R-99766: The VNF **MUST** allow configurations and configuration parameters to be managed under version control to ensure the ability to rollback to a known valid configuration. +R-99766: The VNF **MUST** allow configurations and configuration parameters +to be managed under version control to ensure the ability to rollback to a +known valid configuration. -R-89010: The VNF **MUST** survive any single points of software failure internal to the VNF (e.g., in memory structures, JMS message queues). +R-89010: The VNF **MUST** survive any single points of software failure +internal to the VNF (e.g., in memory structures, JMS message queues). -R-77667: The VNF **MUST** test for adherence to the defined performance budget at each layer, during each delivery cycle so that the performance budget is measured and feedback is provided where the performance budget is not met. +R-77667: The VNF **MUST** test for adherence to the defined performance +budget at each layer, during each delivery cycle so that the performance +budget is measured and feedback is provided where the performance budget +is not met. -R-21652: The VNF **MUST** implement the following input validation control: Check the size (length) of all input. Do not permit an amount of input so great that it would cause the VNF to fail. Where the input may be a file, the VNF API must enforce a size limit. +R-21652: The VNF **MUST** implement the following input validation control: +Check the size (length) of all input. Do not permit an amount of input so +great that it would cause the VNF to fail. Where the input may be a file, +the VNF API must enforce a size limit. -R-54190: The VNF **MUST** release locks to prevent permanent lock-outs when/if a session applying the lock is terminated (e.g., SSH session is terminated). +R-54190: The VNF **MUST** release locks to prevent permanent lock-outs +when/if a session applying the lock is terminated (e.g., SSH session +is terminated). -R-12271: The VNF **SHOULD** conform its YANG model to RFC 7223, “IANA Interface Type YANG Module”. +R-12271: The VNF **SHOULD** conform its YANG model to RFC 7223, +“IANA Interface Type YANG Module”. R-25547: The VNF **MUST** log the field “protocol” in the security audit logs. -R-22286: The VNF **MUST** support Integration functionality via API/Syslog/SNMP to other functional modules in the network (e.g., PCRF, PCEF) that enable dynamic security control by blocking the malicious traffic or malicious end users +R-22286: The VNF **MUST** support Integration functionality via +API/Syslog/SNMP to other functional modules in the network +(e.g., PCRF, PCEF) that enable dynamic security control by blocking the +malicious traffic or malicious end users -R-16560: The VNF **MUST** conduct a resiliency impact assessment for all inter/intra-connectivity points in the VNF to provide an overall resiliency rating for the VNF to be incorporated into the software design and development of the VNF. +R-16560: The VNF **MUST** conduct a resiliency impact assessment for all +inter/intra-connectivity points in the VNF to provide an overall resiliency +rating for the VNF to be incorporated into the software design and +development of the VNF. -R-99112: The VNF **MUST** provide the capability to restrict access to data to specific users. +R-99112: The VNF **MUST** provide the capability to restrict access to +data to specific users. -R-02997: The VNF **MUST** preserve their persistent data. Running VMs will not be backed up in the Network Cloud infrastructure. +R-02997: The VNF **MUST** preserve their persistent data. Running VMs +will not be backed up in the Network Cloud infrastructure. -R-19367: The VNF **MUST** monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. +R-19367: The VNF **MUST** monitor API invocation patterns to detect +anomalous access patterns that may represent fraudulent access or other +types of attacks, or integrate with tools that implement anomaly and abuse +detection. -R-33981: The VNF **SHOULD** interoperate with various access control mechanisms for the Network Cloud execution environment (e.g., Hypervisors, containers). +R-33981: The VNF **SHOULD** interoperate with various access control +mechanisms for the Network Cloud execution environment (e.g., Hypervisors, +containers). -R-26881: The VNF provider **MUST** provide the binaries and images needed to instantiate the VNF (VNF and VNFC images). +R-26881: The VNF provider **MUST** provide the binaries and images +needed to instantiate the VNF (VNF and VNFC images). -R-69565: The VNF Package **MUST** include documentation describing VNF Management APIs. The document must include information and tools for: +R-69565: The VNF Package **MUST** include documentation describing VNF +Management APIs. The document must include information and tools for: -R-92571: The VNF **MUST** provide operational instrumentation such as logging, so as to facilitate quick resolution of issues with the VNF to provide service continuity. +R-92571: The VNF **MUST** provide operational instrumentation such as +logging, so as to facilitate quick resolution of issues with the VNF to +provide service continuity. -R-29488: The VNF **MUST** implement the protocol operation: **get-config(source, filter)** - Retrieve a (filtered subset of a) configuration from the configuration datastore source. +R-29488: The VNF **MUST** implement the protocol operation: +**get-config(source, filter)** - Retrieve a (filtered subset of a) +configuration from the configuration datastore source. -R-03070: The VNF **MUST**, by ONAP Policy, provide the ONAP addresses as data destinations for each VNF, and may be changed by Policy while the VNF is in operation. We expect the VNF to be capable of redirecting traffic to changed destinations with no loss of data, for example from one REST URL to another, or from one TCP host and port to another. +R-03070: The VNF **MUST**, by ONAP Policy, provide the ONAP addresses as +data destinations for each VNF, and may be changed by Policy while the VNF +is in operation. We expect the VNF to be capable of redirecting traffic to +changed destinations with no loss of data, for example from one REST URL +to another, or from one TCP host and port to another. -R-89800: The VNF **MUST NOT** require Hypervisor-level customization from the cloud provider. +R-89800: The VNF **MUST NOT** require Hypervisor-level customization from +the cloud provider. -R-12110: The VNF **MUST NOT** use keys generated or derived from predictable functions or values, e.g., values considered predictable include user identity information, time of day, stored/transmitted data. +R-12110: The VNF **MUST NOT** use keys generated or derived from +predictable functions or values, e.g., values considered predictable +include user identity information, time of day, stored/transmitted data. -R-03954: The VNF **MUST** survive any single points of failure within the Network Cloud (e.g., virtual NIC, VM, disk failure). +R-03954: The VNF **MUST** survive any single points of failure within +the Network Cloud (e.g., virtual NIC, VM, disk failure). -R-98391: The VNF **MUST**, if not using the NCSP’s IDAM API, support Role-Based Access Control to permit/limit the user/application to performing specific activities. +R-98391: The VNF **MUST**, if not using the NCSP’s IDAM API, support +Role-Based Access Control to permit/limit the user/application to performing +specific activities. -R-29967: The VNF **MUST** conform its YANG model to RFC 6022, “YANG module for NETCONF monitoring”. +R-29967: The VNF **MUST** conform its YANG model to RFC 6022, “YANG +module for NETCONF monitoring”. -R-80335: The VNF **MUST** make visible a Warning Notice: A formal statement of resource intent, i.e., a warning notice, upon initial access to a VNF provider user who accesses private internal networks or Company computer resources, e.g., upon initial logon to an internal web site, system or application which requires authentication. +R-80335: The VNF **MUST** make visible a Warning Notice: A formal statement +of resource intent, i.e., a warning notice, upon initial access to a VNF +provider user who accesses private internal networks or Company computer +resources, e.g., upon initial logon to an internal web site, system or +application which requires authentication. -R-48596: The VNF Package **MUST** include documentation describing the characteristics for the VNF reliability and high availability. +R-48596: The VNF Package **MUST** include documentation describing the +characteristics for the VNF reliability and high availability. -R-49956: The VNF **MUST** pass all access to applications (Bearer, signaling and OA&M) through various security tools and platforms from ACLs, stateful firewalls and application layer gateways depending on manner of deployment. The application is expected to function (and in some cases, interwork) with these security tools. +R-49956: The VNF **MUST** pass all access to applications (Bearer, signaling +and OA&M) through various security tools and platforms from ACLs, stateful +firewalls and application layer gateways depending on manner of deployment. +The application is expected to function (and in some cases, interwork) with +these security tools. -R-02616: The VNF **MUST** permit locking at the finest granularity if a VNF needs to lock an object for configuration to avoid blocking simultaneous configuration operations on unrelated objects (e.g., BGP configuration should not be locked out if an interface is being configured or entire Interface configuration should not be locked out if a non-overlapping parameter on the interface is being configured). +R-02616: The VNF **MUST** permit locking at the finest granularity if a VNF +needs to lock an object for configuration to avoid blocking simultaneous +configuration operations on unrelated objects (e.g., BGP configuration +should not be locked out if an interface is being configured or entire +Interface configuration should not be locked out if a non-overlapping +parameter on the interface is being configured). -R-15659: The VNF **MUST** restrict changing the criticality level of a system security alarm to administrator(s). +R-15659: The VNF **MUST** restrict changing the criticality level of a +system security alarm to administrator(s). -R-96634: The VNF provider **MUST** describe scaling capabilities to manage scaling characteristics of the VNF. +R-96634: The VNF provider **MUST** describe scaling capabilities to +manage scaling characteristics of the VNF. -R-32641: The VNF **MUST** provide the capability to encrypt data on non-volatile memory. +R-32641: The VNF **MUST** provide the capability to encrypt data +on non-volatile memory. -R-48470: The VNF **MUST** support Real-time detection and notification of security events. +R-48470: The VNF **MUST** support Real-time detection and notification +of security events. -R-91681: The VNF **MUST** meet the ONAP Ansible Server API Interface requirements. +R-91681: The VNF **MUST** meet the ONAP Ansible Server API Interface +requirements. -R-41825: The VNF **MUST** activate security alarms automatically when the following event is detected: configurable number of consecutive unsuccessful login attempts +R-41825: The VNF **MUST** activate security alarms automatically when the +following event is detected: configurable number of consecutive unsuccessful +login attempts -R-52870: The VNF **MUST** provide a method of metrics gathering and analysis to evaluate the resiliency of the software from both a granular as well as a holistic standpoint. This includes, but is not limited to thread utilization, errors, timeouts, and retries. +R-52870: The VNF **MUST** provide a method of metrics gathering and analysis +to evaluate the resiliency of the software from both a granular as well as a +holistic standpoint. This includes, but is not limited to thread utilization, +errors, timeouts, and retries. R-89474: The VNF **MUST** log the field “Login ID” in the security audit logs. -R-13390: The VNF provider **MUST** provide cookbooks to be loaded on the appropriate Chef Server. +R-13390: The VNF provider **MUST** provide cookbooks to be loaded on +the appropriate Chef Server. -R-24825: The VNF **MUST** provide Context awareness data (device, location, time, etc.) and be able to integrate with threat detection system. +R-24825: The VNF **MUST** provide Context awareness data (device, +location, time, etc.) and be able to integrate with threat detection system. -R-23882: The VNF **SHOULD** be scanned using both network scanning and application scanning security tools on all code, including underlying OS and related configuration. Scan reports shall be provided. Remediation roadmaps shall be made available for any findings. +R-23882: The VNF **SHOULD** be scanned using both network scanning and +application scanning security tools on all code, including underlying OS +and related configuration. Scan reports shall be provided. Remediation +roadmaps shall be made available for any findings. -R-22946: The VNF **SHOULD** conform its YANG model to RFC 6536, “NETCONF Access Control Model”. +R-22946: The VNF **SHOULD** conform its YANG model to RFC 6536, +“NETCONF Access Control Model”. -R-89753: The VNF **MUST NOT** install or use systems, tools or utilities capable of capturing or logging data that was not created by them or sent specifically to them in production, without authorization of the VNF system owner. +R-89753: The VNF **MUST NOT** install or use systems, tools or utilities +capable of capturing or logging data that was not created by them or sent +specifically to them in production, without authorization of the VNF +system owner. -R-88899: The VNF **MUST** support simultaneous <commit> operations within the context of this locking requirements framework. +R-88899: The VNF **MUST** support simultaneous <commit> operations within +the context of this locking requirements framework. -R-96554: The VNF **MUST** implement the protocol operation: **unlock(target)** - Unlock the configuration datastore target. +R-96554: The VNF **MUST** implement the protocol operation: **unlock(target)** +- Unlock the configuration datastore target. -R-27995: The VNF **SHOULD** include control loop mechanisms to notify the consumer of the VNF of their exceeding SLA thresholds so the consumer is able to control its load against the VNF. +R-27995: The VNF **SHOULD** include control loop mechanisms to notify the +consumer of the VNF of their exceeding SLA thresholds so the consumer is +able to control its load against the VNF. -R-31809: The VNF **MUST** support the HealthCheck RPC. The HealthCheck RPC, executes a VNF providor-defined VNF Healthcheck over the scope of the entire VNF (e.g., if there are multiple VNFCs, then run a health check, as appropriate, for all VNFCs). It returns a 200 OK if the test completes. A JSON object is returned indicating state (healthy, unhealthy), scope identifier, time-stamp and one or more blocks containing info and fault information. If the VNF is unable to run the HealthCheck, return a standard http error code and message. +R-31809: The VNF **MUST** support the HealthCheck RPC. The HealthCheck RPC, +executes a VNF providor-defined VNF Healthcheck over the scope of the entire +VNF (e.g., if there are multiple VNFCs, then run a health check, as +appropriate, for all VNFCs). It returns a 200 OK if the test completes. A +JSON object is returned indicating state (healthy, unhealthy), scope +identifier, time-stamp and one or more blocks containing info and fault +information. If the VNF is unable to run the HealthCheck, return a standard +http error code and message. R-25401: The VNF **MUST** use asymmetric keys of at least 2048 bits in length. -R-31961: The VNF **MUST** support integrated DPI/monitoring functionality as part of VNFs (e.g., PGW, MME). +R-31961: The VNF **MUST** support integrated DPI/monitoring functionality +as part of VNFs (e.g., PGW, MME). R-47597: The VNF **MUST** carry data in motion only over secure connections. -R-43253: The VNF **MUST** use playbooks designed to allow Ansible Server to infer failure or success based on the “PLAY_RECAP” capability. +R-43253: The VNF **MUST** use playbooks designed to allow Ansible Server +to infer failure or success based on the “PLAY_RECAP” capability. -R-23135: The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate system to system communications where one system accesses the resources of another system, and must never conceal individual accountability. +R-23135: The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate +system to system communications where one system accesses the resources +of another system, and must never conceal individual accountability. -R-99730: The VNF **MUST** include the field “Login ID” in the Security alarms (where applicable and technically feasible). +R-99730: The VNF **MUST** include the field “Login ID” in the +Security alarms (where applicable and technically feasible). -R-88199: The VNF **MUST** utilize virtualized, scalable open source database software that can meet the performance/latency requirements of the service for all datastores. +R-88199: The VNF **MUST** utilize virtualized, scalable open source +database software that can meet the performance/latency requirements +of the service for all datastores. -R-08598: The VNF **MUST** log successful and unsuccessful changes to a privilege level. +R-08598: The VNF **MUST** log successful and unsuccessful changes to a +privilege level. -R-87352: The VNF **SHOULD** utilize Cloud health checks, when available from the Network Cloud, from inside the application through APIs to check the network connectivity, dropped packets rate, injection, and auto failover to alternate sites if needed. +R-87352: The VNF **SHOULD** utilize Cloud health checks, when available +from the Network Cloud, from inside the application through APIs to check +the network connectivity, dropped packets rate, injection, and auto failover +to alternate sites if needed. -R-56920: The VNF **MUST** protect all security audit logs (including API, OS and application-generated logs), security audit software, data, and associated documentation from modification, or unauthorized viewing, by standard OS access control mechanisms, by sending to a remote system, or by encryption. +R-56920: The VNF **MUST** protect all security audit logs (including API, +OS and application-generated logs), security audit software, data, and +associated documentation from modification, or unauthorized viewing, by +standard OS access control mechanisms, by sending to a remote system, +or by encryption. -R-35291: The VNF **MUST** support the ability to failover a VNFC automatically to other geographically redundant sites if not deployed active-active to increase the overall resiliency of the VNF. +R-35291: The VNF **MUST** support the ability to failover a VNFC automatically +to other geographically redundant sites if not deployed active-active to +increase the overall resiliency of the VNF. -R-43332: The VNF **MUST** activate security alarms automatically when the following event is detected: successful modification of critical system or application files +R-43332: The VNF **MUST** activate security alarms automatically when the +following event is detected: successful modification of critical system +or application files -R-81147: The VNF **MUST** have greater restrictions for access and execution, such as up to 3 factors of authentication and restricted authorization, for commands affecting network services, such as commands relating to VNFs. +R-81147: The VNF **MUST** have greater restrictions for access and +execution, such as up to 3 factors of authentication and restricted +authorization, for commands affecting network services, such as +commands relating to VNFs. R-60656: The VNF **MUST** support sub tree filtering. -R-51883: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Replay. - -R-66070: The VNF Package **MUST** include VNF Identification Data to uniquely identify the resource for a given VNF provider. The identification data must include: an identifier for the VNF, the name of the VNF as was given by the VNF provider, VNF description, VNF provider, and version. - -R-19804: The VNF **MUST** validate the CA signature on the certificate, ensure that the date is within the validity period of the certificate, check the Certificate Revocation List (CRL), and recognize the identity represented by the certificate where PKI-based authentication is used. - -R-06327: The VNF **MUST** respond to a "drain VNFC" [2]_ command against a specific VNFC, preventing new session from reaching the targeted VNFC, with no disruption to active sessions on the impacted VNFC, if a VNF provides a load balancing function across multiple instances of its VNFCs. This is used to support scenarios such as proactive maintenance with no user impact, - -R-43125 The VNF Heat **MUST** indent properties and lists with 1 or more spaces. - -R-67888 The VNF Heat **MUST** contain the following - -R-39402 The VNF Heat **MUST** contain the description section. - -R-35414 The VNF Heat **MUST** contain the parameter section. - -R-90279 The VNF Heat **MUST** use in a resource all parameters declared in a template except for the parameters for the OS::Nova::Server property availability\_zone. See `Property: availability\_zone`_. for more details on availability\_zone. - -R-28657 The VNF Heat **MUST** provide the attribute 'type' on parameters per the OpenStack Heat Orchestration Template standard. - -R-44001 The VNF Heat **MUST** provide the attribute 'description' on parameters. (Note that this attribute is OpenStack optional.) - -R-90526 The VNF Heat **MUST NOT** use the attribute 'default'. If a parameter has a default value, it must be provided in the environment file. (Note that this attribute is OpenStack optional.) - -R-88863 The VNF Heat **MUST** have a constraint of range or allowed\_values for a parameter type 'number'. - -R-23664 The VNF Heat **MUST** have a resources: section with the declaration of at least one resource. - -R-16447 The VNF Heat **MUST** have unique resource IDs across all Heat Orchestration Templates that compose the VNF. This requirement also applies when a VNF is composed of more than one Heat Orchestration Template (see ONAP VNF Modularity Overview). - -R-97199 The VNF Heat **MUST** use the metadata property for OS::Nova::Server resource type. - -R-03324 The VNF Heat **MUST** contain the following sections in the environment file: - -R-19473 The VNF Heat **MUST** include "base" in the filename for the base module - -R-81339 The VNF Heat **MUST** match one of the following options for the base module file name: - -R-91342 The VNF Heat **MUST** name the base module's corresponding environment file to be identical to the base module with ".y[a]ml" replaced with ".env". - -R-87247 The VNF Heat **MUST NOT** use any special characters or the word "base" in the name of the incremental module. - -R-94509 The VNF Heat **MUST** name the incremental module's corresponding environment file to be identical to the incremental module with ".y[a]ml" replaced with ".env". - -R-82732 The VNF Heat **MUST** name the Cinder volume module file name to be the same as the corresponding module it is supporting (base module or incremental module) with "\_volume" appended. - -R-31141 The VNF Heat **MUST** name the volume module's corresponding environment file to be identical to the volume module with ".y[a]ml" replaced with ".env". - -R-76057 The VNF Heat **MUST NOT** use special characters or the word "base" in the file name for the nested template. - -R-18224 The VNF Heat **MUST** pass in as properties all parameter values associated with the nested heat file in the resource definition defined in the parent heat template. - -R-07443 The VNF Heat **MUST** match the Output parameter name and type with the input parameter name and type unless the Output parameter is of the type comma\_delimited\_list. - -R-23983 The VNF **MUST** pass the external networks into the VNF Heat Orchestration Templates as parameters. - -R-63345 The VNF Heat **MUST** pass the appropriate external network IDs into nested VM templates when nested Heat is used. - -R-35666 The VNF Heat **MUST** include the resource(s) to create the internal network. The internal network must be either a Neutron Network or a Contrail Network. - -R-86972 The VNF Heat **MUST** create internal networks in the Base Module, in the modular approach, with their resource IDs exposed as outputs (i.e., ONAP Base Module Output Parameters) for use by all incremental modules. If the Network resource ID is required in the base template, then a get\_resource must be used. - -R-68936 The VNF Heat **SHOULD** assign a unique {network-role} in the context of the VNF, when the internal network is created. `ONAP Resource ID and Parameter Naming Convention`_ provides additional details. - -R-01455 The VNF Heat **MUST** assign a VNF unique {vm-type} for each Virtual Machine type (i.e., OS::Nova::Server) instantiated in the VNF. While the {vm-type} must be unique to the VNF, it does not have to be globally unique across all VNFs that ONAP supports. - -R-82481 The VNF Heat **MUST** include {vm-type} as part of the parameter name for any parameter that is associated with a unique Virtual Machine type. - -R-66729 The VNF Heat **MUST** include {vm-type} as part of the resource ID for any resource ID that is associated with a unique Virtual Machine type in the VNF. - -R-32394 The VNF Heat **MUST** use the same case for {vm-type} for all parameter names in the VNF. - -R-46839 The VNF Heat **MUST** use the same case for {vm-type} for all Resource IDs in the VNF. - -R-05008 The VNF Heat **MUST NOT** be prefixed with a common {vm-type} identifier for the six ONAP Metadata parameters. They are *vnf\_name*, *vnf\_id*, *vf\_module\_id*, *vf\_module\_name, vm\_role*. The ONAP Metadata parameters are described in `Resource: OS::Nova::Server - Metadata Parameters`_. - -R-15422 The VNF Heat **MUST NOT** be prefixed with a common {vm-type} identifier the parameter referring to the OS::Nova::Server property availability\_zone . availability\_zone is described in `Property: availability_zone`_. - -R-21330 The VNF Heat **MUST** include the {network-role} as part of the parameter name for any parameter that is associated with an external network. - -R-11168 The VNF Heat **MUST** include the {network-role} as part of the resource ID for any resource ID that is associated with an external network must. - -R-84322 The VNF Heat **MUST** include int\_{network-role} as part of the parameter name for any parameter that is associated with an internal network. - -R-96983 The VNF Heat **MUST** include int\_{network-role} as part of the resource ID for any resource ID that is associated with an internal network. - -R-58424 The VNF Heat **MUST** use the same case for {network-role} for all parameter names in the VNF. - -R-21511 The VNF Heat **MUST** use the same case for {network-role} for all Resource IDs in the VNF. - -R-59629 The VNF Heat **MUST** have unique resource IDs within the resources section of a Heat Orchestration Template. This is an OpenStack Requirement. - -R-43319 The VNF Heat **MUST** have unique resource IDs across all modules that compose the VNF, when a VNF is composed of more than one Heat Orchestration Template (i.e., modules). - -R-54517 The VNF Heat **MUST** include {vm-type} in the resource ID when a resource is associated with a single {vm-type}. - -R-96482 The VNF Heat **MUST** include {network-role} in the resource ID when a resource is associated with a single external network. - -R-98138 The VNF Heat **MUST** include int\_{network-role} in the resource ID when a resource is associated with a single internal network. - -R-82115 The VNF Heat **MUST** include both the {vm-type} and {network-role} in the resource ID, when a resource is associated with a single {vm-type} and a single external network. - -R-82551 The VNF Heat **MUST** include both the {vm-type} and int\_{network-role} in the resource ID, when a resource is associated with a single {vm-type} and a single internal network. - -R-69287 The VNF Heat **MUST** use only alphanumeric characters and "\_" underscores in the resource ID. Special characters must not be used. - -R-71152 The VNF Heat **MUST** declare as type: string the parameter for property image. - -R-91125 The VNF Heat **MUST** enumerate the parameter for property image in the Heat Orchestration Template environment file. - -R-57282 The VNF Heat **MUST** have a separate parameter for image for Each VM type (i.e., {vm-type}) even if more than one {vm-type} shares the same image. This provides maximum clarity and flexibility. - -R-50436 The VNF Heat **MUST** declare the parameter property for flavor as type: string. - -R-69431 The VNF Heat **MUST** enumerate the parameter for property flavor in the Heat Orchestration Template environment file. - -R-40499 The VNF Heat **MUST** have a separate parameter for flavor for each VM type (i.e., {vm-type}) even if more than one {vm-type} shares the same flavor. This provides maximum clarity and flexibility. - -R-22838 The VNF Heat **MUST NOT** enumerate the parameter for property name in the environment file. - -R-51430 The VNF Heat **MUST** declare the parameter for property name as type: string or type: comma\_delimited\_list - -R-98450 The VNF Heat **MUST** name the parameter availability\_zone\_{index} in the Heat Orchestration Template. - -R-13561 The VNF Heat **MUST** start the {index} at zero. - -R-60204 The VNF Heat **MUST** increment the {index} by one. - -R-36887 The VNF Heat **MUST NOT** include the {vm-type} in the parameter name. - -R-17020 The VNF Heat **MUST** include the following three mandatory metadata parameters for an OS::Nova::Server resource: - -R-55218 The VNF Heat **MUST NOT** have parameter constraints defined for the OS::Nova::Server metadata parameter vnf\_id. - -R-20856 The VNF Heat **MUST NOT** enumerate the OS::Nova::Server metadata parameter vnf\_id in environment file. - -R-98374 The VNF Heat **MUST NOT** have parameter constraints defined for the OS::Nova::Server metadata parameter vf\_module\_id. - -R-72871 The VNF Heat **MUST NOT** enumerate the OS::Nova::Server metadata parameter vf\_module\_id in environment file. - -R-44318 The VNF Heat **MUST NOT** have parameter constraints defined for the OS::Nova::Server metadata parameter vnf\_name. - -R-36542 The VNF Heat **MUST NOT** enumerate the OS::Nova::Server metadata parameter vnf\_name in the environment file. - -R-72050 The VNF Heat **MUST** contain {network-role} in the parameter name - -R-57576 The VNF Heat **MUST** contain int\_{network-role} in the parameter name. - -R-93272 The VNF Heat **MUST** adhere to the following parameter naming convention in the Heat Orchestration Template, when the parameter associated with the property network is referencing an "external" network: - -R-65373 The VNF Heat **MUST** adhere to the following parameter naming convention, when the parameter associated with the property network is referencing an "internal" network: - -R-47716 The VNF Heat **MUST** adhere to the following parameter naming convention for the property fixed\_ips and Map Property subnet\_id parameter, when the parameter is referencing a subnet of an "external" network. - -R-20106 The VNF Heat **MUST** adhere to the following naming convention for the property fixed\_ips and Map Property subnet\_id parameter, when the parameter is referencing the subnet of an "internal" network: - -R-41177 The VNF Heat **MUST** include {vm-type} and {network-role} in the parameter name, when a SDN-C IP assignment is made to a port connected to an external network. - -R-84898 The VNF Heat **MUST** adhere to the following naming convention, when the parameter for property fixed\_ips and Map Property ip\_address is declared type: comma\_delimited\_list: - -R-34960 The VNF Heat **MUST** adhere to the following naming convention, when the parameter for property fixed\_ips and Map Property ip\_address is declared type: string: - -R-62584 The VNF Heat **MUST** adhere to the following naming convention, when the parameter for property fixed\_ips and Map Property ip\_address is declared type: comma\_delimited\_list: - -R-29256 The VNF Heat **MUST** must adhere to the following naming convention, when the parameter for property fixed\_ips and Map Property ip\_address is declared type: string: - -R-61282 The VNF Heat **MUST** adhere to the following naming convention for the property allowed\_address\_pairs and Map Property ip\_address parameter, when the parameter is referencing an "external" network: - -R-16805 The VNF Heat **MUST** adhere to the following naming convention for the property allowed\_address\_pairs and Map Property ip\_address parameter when the parameter is referencing an "internal" network. - -R-85734 The VNF Heat **MUST** use the intrinsic function str\_replace in conjunction with the ONAP supplied metadata parameter vnf\_name to generate a unique value, when the property name for a non OS::Nova::Server resources is defined in a Heat Orchestration Template. - -R-47788 The VNF Heat **MUST** have a 1:1 scope of a cinder volume module, when it exists, with the Base Module or Incremental Module. - -R-79531 The VNF Heat **MUST** define "outputs" in the volume template for each Cinder volume resource universally unique identifier (UUID) (i.e. ONAP Volume Template Output Parameters). - -R-86285 The VNF Heat **MUST** have a corresponding environment file, even if no parameters are required to be enumerated. - -R-67205 The VNF Heat **MUST** have a corresponding environment file for a Base Module. - -R-35727 The VNF Heat **MUST** have a corresponding environment file for an Incremental module. - -R-22656 The VNF Heat **MUST** have a corresponding environment file for a Cinder Volume Module. - -R-89868 The VNF Heat **MUST** have unique file names within the scope of the VNF for a nested heat yaml file. - -R-52530 The VNF Heat **MUST NOT** use a directory hierarchy for nested templates. All templates must be in a single, flat directory (per VNF). - -R-11041 The VNF Heat **MUST** have the resource calling the nested yaml file pass in as properties all parameters defined in nested yaml file. - -R-61183 The VNF Heat **MUST NOT** change the parameter names, when OS::Nova::Server metadata parameters are past into a nested heat template. - -R-76718 The VNF Heat **MUST** reference the get\_files targets in Heat templates by file name, and the corresponding files should be delivered to ONAP along with the Heat templates. +R-51883: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Replay. -R-41888 The VNE Heat **MUST NOT** use URL-based file retrieval. +R-66070: The VNF Package **MUST** include VNF Identification Data to +uniquely identify the resource for a given VNF provider. The identification +data must include: an identifier for the VNF, the name of the VNF as was +given by the VNF provider, VNF description, VNF provider, and version. -R-62177 The VNF Heat **MUST** have unique file names for the included files within the scope of the VNF. +R-19804: The VNF **MUST** validate the CA signature on the certificate, +ensure that the date is within the validity period of the certificate, +check the Certificate Revocation List (CRL), and recognize the identity +represented by the certificate where PKI-based authentication is used. -R-87848 The VNF Heat **MUST** have all included files in a single, flat directory per VNF. ONAP does not support a directory hierarchy. +R-06327: The VNF **MUST** respond to a "drain VNFC" [2]_ command against a +specific VNFC, preventing new session from reaching the targeted VNFC, with +no disruption to active sessions on the impacted VNFC, if a VNF provides a +load balancing function across multiple instances of its VNFCs. This is used +to support scenarios such as proactive maintenance with no user impact. -R-85653: The VNF **MUST** provide metrics (e.g., number of sessions, number of subscribers, number of seats, etc.) to ONAP for tracking every license. +R-85653: The VNF **MUST** provide metrics (e.g., number of sessions,number +of subscribers, number of seats, etc.) to ONAP for tracking every license. -R-63330: The VNF **MUST** detect when the security audit log storage medium is approaching capacity (configurable) and issue an alarm via SMS or equivalent as to allow time for proper actions to be taken to pre-empt loss of audit data. +R-63330: The VNF **MUST** detect when the security audit log storage medium +is approaching capacity (configurable) and issue an alarm via SMS or +equivalent as to allow time for proper actions to be taken to pre-empt +loss of audit data. -R-22645: The VNF **SHOULD** use commercial algorithms only when there are no applicable governmental standards for specific cryptographic functions, e.g., public key cryptography, message digests. +R-22645: The VNF **SHOULD** use commercial algorithms only when there are +no applicable governmental standards for specific cryptographic functions, +e.g., public key cryptography, message digests. -R-22888: The VNF provider **MUST** provide documentation for the VNF Policy Description to manage the VNF runtime lifecycle. The document must include a description of how the policies (conditions and actions) are implemented in the VNF. +R-22888: The VNF provider **MUST** provide documentation for the VNF Policy +Description to manage the VNF runtime lifecycle. The document must include +a description of how the policies (conditions and actions) are implemented +in the VNF. -R-78066: The VNF **MUST** support requests for information from law enforcement and government agencies. +R-78066: The VNF **MUST** support requests for information from law +enforcement and government agencies. -R-35144: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with the NCSP’s credential management policy. +R-35144: The VNF **MUST**, if not using the NCSP’s IDAM API, comply with +the NCSP’s credential management policy. -R-85959: The VNF **SHOULD** automatically enable/disable added/removed sub-components or component so there is no manual intervention required. +R-85959: The VNF **SHOULD** automatically enable/disable added/removed +sub-components or component so there is no manual intervention required. -R-28756: The VNF **MUST** support **:partial-lock** and **:partial-unlock** capabilities, defined in RFC 5717. This allows multiple independent clients to each write to a different part of the <running> configuration at the same time. +R-28756: The VNF **MUST** support **:partial-lock** and **:partial-unlock** +capabilities, defined in RFC 5717. This allows multiple independent clients +to each write to a different part of the <running> configuration at the +same time. -R-41252: The VNF **MUST** support the capability of online storage of security audit logs. +R-41252: The VNF **MUST** support the capability of online storage of +security audit logs. -R-77707: The VNF provider **MUST** include a Manifest File that contains a list of all the components in the VNF package. +R-77707: The VNF provider **MUST** include a Manifest File that contains +a list of all the components in the VNF package. -R-20860: The VNF **MUST** be agnostic to the underlying infrastructure (such as hardware, host OS, Hypervisor), any requirements should be provided as specification to be fulfilled by any hardware. +R-20860: The VNF **MUST** be agnostic to the underlying infrastructure +(such as hardware, host OS, Hypervisor), any requirements should be provided +as specification to be fulfilled by any hardware. -R-01478: The VNF Package **MUST** include documentation describing all parameters that are available to monitor the VNF after instantiation (includes all counters, OIDs, PM data, KPIs, etc.) that must be collected for reporting purposes. The documentation must include a list of: +R-01478: The VNF Package **MUST** include documentation describing all +parameters that are available to monitor the VNF after instantiation +(includes all counters, OIDs, PM data, KPIs, etc.) that must be collected +for reporting purposes. The documentation must include a list of: -R-22059: The VNF **MUST NOT** execute long running tasks (e.g., IO, database, network operations, service calls) in a critical section of code, so as to minimize blocking of other operations and increase concurrent throughput. +R-22059: The VNF **MUST NOT** execute long running tasks (e.g., IO, database, +network operations, service calls) in a critical section of code, so as to +minimize blocking of other operations and increase concurrent throughput. -R-30650: The VNF **MUST** utilize cloud provided infrastructure and VNFs (e.g., virtualized Local Load Balancer) as part of the VNF so that the cloud can manage and provide a consistent service resiliency and methods across all VNF's. +R-30650: The VNF **MUST** utilize cloud provided infrastructure and VNFs +(e.g., virtualized Local Load Balancer) as part of the VNF so that the cloud +can manage and provide a consistent service resiliency and methods across +all VNF's. -R-30654: The VNF Package **MUST** have appropriate cookbooks that are designed to automatically ‘rollback’ to the original state in case of any errors for actions that change state of the VNF (e.g., configure). +R-30654: The VNF Package **MUST** have appropriate cookbooks that are +designed to automatically ‘rollback’ to the original state in case of +any errors for actions that change state of the VNF (e.g., configure). -R-29705: The VNF **MUST** restrict changing the criticality level of a system security alarm to administrator(s). +R-29705: The VNF **MUST** restrict changing the criticality level of a +system security alarm to administrator(s). -R-71787: The VNF **MUST** comply with Segregation of Duties (access to a single layer and no developer may access production without special oversight) when persons or non-person entities access VNFs. +R-71787: The VNF **MUST** comply with Segregation of Duties (access to a +single layer and no developer may access production without special oversight) +when persons or non-person entities access VNFs. -R-86758: The VNF **SHOULD** provide an automated test suite to validate every new version of the software on the target environment(s). The tests should be of sufficient granularity to independently test various representative VNF use cases throughout its lifecycle. Operations might choose to invoke these tests either on a scheduled basis or on demand to support various operations functions including test, turn-up and troubleshooting. +R-86758: The VNF **SHOULD** provide an automated test suite to validate every +new version of the software on the target environment(s). The tests should be +of sufficient granularity to independently test various representative VNF use +cases throughout its lifecycle. Operations might choose to invoke these tests +either on a scheduled basis or on demand to support various operations +functions including test, turn-up and troubleshooting. -R-06885: The VNF **SHOULD** support the ability to scale down a VNFC pool without jeopardizing active sessions. Ideally, an active session should not be tied to any particular VNFC instance. +R-06885: The VNF **SHOULD** support the ability to scale down a VNFC pool +without jeopardizing active sessions. Ideally, an active session should not +be tied to any particular VNFC instance. -R-06924: The VNF **MUST** deliver asynchronous data as data becomes available, or according to the configured frequency. +R-06924: The VNF **MUST** deliver asynchronous data as data becomes available, +or according to the configured frequency. -R-65134: The VNF **SHOULD** maintain state in a geographically redundant datastore that may, in fact, be its own VNFC. +R-65134: The VNF **SHOULD** maintain state in a geographically redundant +datastore that may, in fact, be its own VNFC. -R-13627: The VNF **MUST** monitor API invocation patterns to detect anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. +R-13627: The VNF **MUST** monitor API invocation patterns to detect anomalous +access patterns that may represent fraudulent access or other types of attacks, +or integrate with tools that implement anomaly and abuse detection. -R-86455: The VNF **SHOULD** support hosting connectors for OS Level and Application Access. +R-86455: The VNF **SHOULD** support hosting connectors for OS Level and +Application Access. -R-68990: The VNF **MUST** support the **:startup** capability. It will allow the running configuration to be copied to this special database. It can also be locked and unlocked. +R-68990: The VNF **MUST** support the **:startup** capability. It will allow +the running configuration to be copied to this special database. It can also +be locked and unlocked. -R-78010: The VNF **MUST** use the NCSP’s IDAM API for Identification, authentication and access control of customer or VNF application users. +R-78010: The VNF **MUST** use the NCSP’s IDAM API for Identification, +authentication and access control of customer or VNF application users. -R-46986: The VNF **SHOULD** have source code scanned using scanning tools (e.g., Fortify) and provide reports. +R-46986: The VNF **SHOULD** have source code scanned using scanning tools +(e.g., Fortify) and provide reports. -R-97293: The VNF provider **MUST NOT** require audits of Service Provider’s business. +R-97293: The VNF provider **MUST NOT** require audits of Service Provider’s +business. -R-16065: The VNF provider **MUST** provide configurable parameters (if unable to conform to YANG model) including VNF attributes/parameters and valid values, dynamic attributes and cross parameter dependencies (e.g., customer provisioning data). +R-16065: The VNF provider **MUST** provide configurable parameters (if unable +to conform to YANG model) including VNF attributes/parameters and valid values, +dynamic attributes and cross parameter dependencies (e.g., customer +provisioning data). -R-34484: The VNF **SHOULD** create a single component VNF for VNFCs that can be used by other VNFs. +R-34484: The VNF **SHOULD** create a single component VNF for VNFCs that can +be used by other VNFs. -R-30278: The VNF provider **MUST** provide a Resource/Device YANG model as a foundation for creating the YANG model for configuration. This will include VNF attributes/parameters and valid values/attributes configurable by policy. +R-30278: The VNF provider **MUST** provide a Resource/Device YANG model as a +foundation for creating the YANG model for configuration. This will include +VNF attributes/parameters and valid values/attributes configurable by policy. -R-35401: The VNF **MUST** must support SSH and allow SSH access to the Ansible server for the endpoint VM(s) and comply with the Network Cloud Service Provider guidelines for authentication and access. +R-35401: The VNF **MUST** must support SSH and allow SSH access to the Ansible +server for the endpoint VM(s) and comply with the Network Cloud Service +Provider guidelines for authentication and access. -R-68200: The VNF **MUST** support the **:url** value to specify protocol operation source and target parameters. The capability URI for this feature will indicate which schemes (e.g., file, https, sftp) that the server supports within a particular URL value. The 'file' scheme allows for editable local configuration databases. The other schemes allow for remote storage of configuration databases. +R-68200: The VNF **MUST** support the **:url** value to specify protocol +operation source and target parameters. The capability URI for this feature +will indicate which schemes (e.g., file, https, sftp) that the server supports +within a particular URL value. The 'file' scheme allows for editable local +configuration databases. The other schemes allow for remote storage of +configuration databases. -R-41159: The VNF **MUST** deliver any and all functionality from any VNFC in the pool. The VNFC pool member should be transparent to the client. Upstream and downstream clients should only recognize the function being performed, not the member performing it. +R-41159: The VNF **MUST** deliver any and all functionality from any VNFC +in the pool. The VNFC pool member should be transparent to the client. +Upstream and downstream clients should only recognize the function being +performed, not the member performing it. -R-18864: The VNF **MUST** NOT use technologies that bypass virtualization layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary to meet functional or performance requirements). +R-18864: The VNF **MUST** NOT use technologies that bypass virtualization +layers (such as SR-IOV) unless approved by the NCSP (e.g., if necessary to +meet functional or performance requirements). R-37028: The VNF **MUST** be composed of one “base” module. -R-40827: The VNF provider **MUST** enumerate all of the open source licenses their VNF(s) incorporate. +R-40827: The VNF provider **MUST** enumerate all of the open source licenses +their VNF(s) incorporate. -R-95950: The VNF **MUST** provide a NETCONF interface fully defined by supplied YANG models for the embedded NETCONF server. +R-95950: The VNF **MUST** provide a NETCONF interface fully defined by +supplied YANG models for the embedded NETCONF server. -R-10716: The VNF **MUST** support parallel and simultaneous configuration of separate objects within itself. +R-10716: The VNF **MUST** support parallel and simultaneous configuration +of separate objects within itself. -R-71842: The VNF **MUST** include the field “service or program used for access” in the Security alarms (where applicable and technically feasible). +R-71842: The VNF **MUST** include the field “service or program used for +access” in the Security alarms (where applicable and technically feasible). -R-54430: The VNF **MUST** use the NCSP’s supported library and compute flavor that supports DPDK to optimize network efficiency if using DPDK. [5]_ +R-54430: The VNF **MUST** use the NCSP’s supported library and compute flavor +that supports DPDK to optimize network efficiency if using DPDK. [5]_ -R-03465: The VNF **MUST** release locks to prevent permanent lock-outs when the corresponding <partial-unlock> operation succeeds. +R-03465: The VNF **MUST** release locks to prevent permanent lock-outs when +the corresponding <partial-unlock> operation succeeds. -R-65755: The VNF **SHOULD** support callback URLs to return information to ONAP upon completion of the chef-client run for any chef-client run associated with a VNF action. +R-65755: The VNF **SHOULD** support callback URLs to return information to +ONAP upon completion of the chef-client run for any chef-client run +associated with a VNF action. -R-11499: The VNF **MUST** fully support the XPath 1.0 specification for filtered retrieval of configuration and other database contents. The 'type' attribute within the <filter> parameter for <get> and <get-config> operations may be set to 'xpath'. The 'select' attribute (which contains the XPath expression) will also be supported by the server. A server may support partial XPath retrieval filtering, but it cannot advertise the **:xpath** capability unless the entire XPath 1.0 specification is supported. +R-11499: The VNF **MUST** fully support the XPath 1.0 specification for +filtered retrieval of configuration and other database contents. The 'type' +attribute within the <filter> parameter for <get> and <get-config> operations +may be set to 'xpath'. The 'select' attribute (which contains the XPath +expression) will also be supported by the server. A server may support +partial XPath retrieval filtering, but it cannot advertise the **:xpath** +capability unless the entire XPath 1.0 specification is supported. R-95105: The VNF **MUST** host connectors for access to the application layer. -R-77157: The VNF **MUST** conform to approved request, workflow authorization, and authorization provisioning requirements when creating privileged users. +R-77157: The VNF **MUST** conform to approved request, workflow authorization, +and authorization provisioning requirements when creating privileged users. -R-63473: The VNF **MUST** automatically advertise newly scaled components so there is no manual intervention required. +R-63473: The VNF **MUST** automatically advertise newly scaled components +so there is no manual intervention required. -R-13613: The VNF **MUST** provide clear measurements for licensing purposes to allow automated scale up/down by the management system. +R-13613: The VNF **MUST** provide clear measurements for licensing purposes +to allow automated scale up/down by the management system. -R-66793: The VNF **MUST** guarantee the VNF configuration integrity for all simultaneous configuration operations (e.g., if a change is attempted to the BUM filter rate from multiple interfaces on the same EVC, then they need to be sequenced in the VNF without locking either configuration method out). +R-66793: The VNF **MUST** guarantee the VNF configuration integrity for +all simultaneous configuration operations (e.g., if a change is attempted to +the BUM filter rate from multiple interfaces on the same EVC, then they need +to be sequenced in the VNF without locking either configuration method out). -R-19790: The VNF **MUST NOT** include authentication credentials in security audit logs, even if encrypted. +R-19790: The VNF **MUST NOT** include authentication credentials in +security audit logs, even if encrypted. -R-97529: The VNF **SHOULD** implement the protocol operation: **get-schema(identifier, version, format) -** Retrieve the YANG schema. +R-97529: The VNF **SHOULD** implement the protocol operation: +**get-schema(identifier, version, format) -** Retrieve the YANG schema. -R-84473: The VNF **MUST** enable DPDK in the guest OS for VNF’s requiring high packets/sec performance. High packet throughput is defined as greater than 500K packets/sec. +R-84473: The VNF **MUST** enable DPDK in the guest OS for VNF’s requiring +high packets/sec performance. High packet throughput is defined as greater +than 500K packets/sec. -R-54816: The VNF **MUST** support the storage of security audit logs for agreed period of time for forensic analysis. +R-54816: The VNF **MUST** support the storage of security audit logs for +agreed period of time for forensic analysis. -R-34957: The VNF **MUST** provide a method of metrics gathering for each layer's performance to identify/document variances in the allocations so they can be addressed. +R-34957: The VNF **MUST** provide a method of metrics gathering for each +layer's performance to identify/document variances in the allocations so +they can be addressed. -R-43958: The VNF Package **MUST** include documentation describing the tests that were conducted by the VNF provider and the test results. +R-43958: The VNF Package **MUST** include documentation describing the +tests that were conducted by the VNF provider and the test results. -R-61648: The VNF **MUST** support event logging, formats, and delivery tools to provide the required degree of event data to ONAP +R-61648: The VNF **MUST** support event logging, formats, and delivery +tools to provide the required degree of event data to ONAP -R-18525: The VNF provider **MUST** provide a JSON file for each supported action for the VNF. The JSON file must contain key value pairs with all relevant values populated with sample data that illustrates its usage. The fields and their description are defined in Appendix A. +R-18525: The VNF provider **MUST** provide a JSON file for each supported +action for the VNF. The JSON file must contain key value pairs with all +relevant values populated with sample data that illustrates its usage. The +fields and their description are defined in Appendix A. -R-99174: The VNF **MUST** comply with Individual Accountability (each person must be assigned a unique ID) when persons or non-person entities access VNFs. +R-99174: The VNF **MUST** comply with Individual Accountability +(each person must be assigned a unique ID) when persons or non-person +entities access VNFs. -R-99771: The VNF **MUST** provide all code/configuration files in a “Locked down” or hardened state or with documented recommendations for such hardening. All unnecessary services will be disabled. VNF provider default credentials, community strings and other such artifacts will be removed or disclosed so that they can be modified or removed during provisioning. +R-99771: The VNF **MUST** provide all code/configuration files in a +“Locked down” or hardened state or with documented recommendations for +such hardening. All unnecessary services will be disabled. VNF provider +default credentials, community strings and other such artifacts will be +removed or disclosed so that they can be modified or removed during +provisioning. -R-58358: The VNF **MUST** implement the **:with-defaults** capability [RFC6243]. +R-58358: The VNF **MUST** implement the **:with-defaults** +capability [RFC6243]. -R-78116: The VNF **MUST** update status on the Chef Server appropriately (e.g., via a fail or raise an exception) if the chef-client run encounters any critical errors/failures when executing a VNF action. +R-78116: The VNF **MUST** update status on the Chef Server appropriately +(e.g., via a fail or raise an exception) if the chef-client run encounters +any critical errors/failures when executing a VNF action. -R-84879: The VNF **MUST** have the capability of maintaining a primary and backup DNS name (URL) for connecting to ONAP collectors, with the ability to switch between addresses based on conditions defined by policy such as time-outs, and buffering to store messages until they can be delivered. At its discretion, the service provider may choose to populate only one collector address for a VNF. In this case, the network will promptly resolve connectivity problems caused by a collector or network failure transparently to the VNF. +R-84879: The VNF **MUST** have the capability of maintaining a primary and +backup DNS name (URL) for connecting to ONAP collectors, with the ability to +switch between addresses based on conditions defined by policy such as +time-outs, and buffering to store messages until they can be delivered. +At its discretion, the service provider may choose to populate only one +collector address for a VNF. In this case, the network will promptly resolve +connectivity problems caused by a collector or network failure transparently +to the VNF. -R-06413: The VNF **MUST** log the field “service or program used for access” in the security audit logs. +R-06413: The VNF **MUST** log the field “service or program used for access” +in the security audit logs. -R-51442: The VNF **SHOULD** use playbooks that are designed to automatically ‘rollback’ to the original state in case of any errors for actions that change state of the VNF (e.g., configure). +R-51442: The VNF **SHOULD** use playbooks that are designed to automatically +‘rollback’ to the original state in case of any errors for actions that change +state of the VNF (e.g., configure). -R-98989: The VNF **SHOULD** utilize resource pooling (threads, connections, etc.) within the VNF application so that resources are not being created and destroyed resulting in resource management overhead. +R-98989: The VNF **SHOULD** utilize resource pooling (threads, connections, +etc.)within the VNF application so that resources are not being created +and destroyed resulting in resource management overhead. -R-58998: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Malware (Key Logger). +R-58998: The VNF **MUST** provide or support the Identity and Access Management +(IDAM) based threat detection data for Malware (Key Logger). -R-52499: The VNF **MUST** meet their own resiliency goals and not rely on the Network Cloud. +R-52499: The VNF **MUST** meet their own resiliency goals and not rely +on the Network Cloud. -R-43327: The VNF **SHOULD** use “Modeling JSON text with YANG”, https://trac.tools.ietf.org/id/draft-lhotka-netmod-yang-json-00.html, If YANG models need to be translated to and from JSON. YANG configuration and content can be represented via JSON, consistent with Avro, as described in “Encoding and Serialization” section. +R-43327: The VNF **SHOULD** use “Modeling JSON text with YANG”, +https://trac.tools.ietf.org/id/draft-lhotka-netmod-yang-json-00.html, +If YANG models need to be translated to and from JSON. YANG configuration +and content can be represented via JSON, consistent with Avro, as described +in “Encoding and Serialization” section. -R-52060: The VNF **MUST** provide the capability to configure encryption algorithms or devices so that they comply with the laws of the jurisdiction in which there are plans to use data encryption. +R-52060: The VNF **MUST** provide the capability to configure encryption +algorithms or devices so that they comply with the laws of the jurisdiction +in which there are plans to use data encryption. -R-10353: The VNF **MUST** conform its YANG model to RFC 6244, “An Architecture for Network Management Using NETCONF and YANG”. +R-10353: The VNF **MUST** conform its YANG model to RFC 6244, +“An Architecture for Network Management Using NETCONF and YANG”. -R-26586: The VNF **SHOULD** support the ability to work with aliases (e.g., gateways, proxies) to protect and encapsulate resources. +R-26586: The VNF **SHOULD** support the ability to work with aliases +(e.g., gateways, proxies) to protect and encapsulate resources. -R-14025: The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Session Hijacking. +R-14025: The VNF **MUST** provide or support the Identity and Access +Management (IDAM) based threat detection data for Session Hijacking. -R-86835: The VNF **MUST** set the default settings for user access to sensitive commands and data to deny authorization. +R-86835: The VNF **MUST** set the default settings for user access to +sensitive commands and data to deny authorization. -R-73583: The VNF **MUST** allow changes of configuration parameters to be consumed by the VNF without requiring the VNF or its sub-components to be bounced so that the VNF availability is not effected. +R-73583: The VNF **MUST** allow changes of configuration parameters to be +consumed by the VNF without requiring the VNF or its sub-components to be +bounced so that the VNF availability is not effected. -R-73223: The VNF **MUST** support proactive monitoring to detect and report the attacks on resources so that the VNFs and associated VMs can be isolated, such as detection techniques for resource exhaustion, namely OS resource attacks, CPU attacks, consumption of kernel memory, local storage attacks. +R-73223: The VNF **MUST** support proactive monitoring to detect and report +the attacks on resources so that the VNFs and associated VMs can be isolated, +such as detection techniques for resource exhaustion, namely OS resource +attacks, CPU attacks, consumption of kernel memory, local storage attacks. -R-06668: The VNF **MUST** handle the start or restart of VNFC instances in any order with each VNFC instance establishing or re-establishing required connections or relationships with other VNFC instances and/or VNFs required to perform the VNF function/role without requiring VNFC instance(s) to be started/restarted in a particular order. +R-06668: The VNF **MUST** handle the start or restart of VNFC instances in +any order with each VNFC instance establishing or re-establishing required +connections or relationships with other VNFC instances and/or VNFs required +to perform the VNF function/role without requiring VNFC instance(s) to be +started/restarted in a particular order. R-41215: The VNF **MAY** have zero to many “incremental” modules. -R-85991: The VNF provider **MUST** provide a universal license key per VNF to be used as needed by services (i.e., not tied to a VM instance) as the recommended solution. The VNF provider may provide pools of Unique VNF License Keys, where there is a unique key for each VNF instance as an alternate solution. Licensing issues should be resolved without interrupting in-service VNFs. +R-85991: The VNF provider **MUST** provide a universal license key per VNF to +be used as needed by services (i.e., not tied to a VM instance) as the +recommended solution. The VNF provider may provide pools of Unique VNF +License Keys, where there is a unique key for each VNF instance as an +alternate solution. Licensing issues should be resolved without interrupting +in-service VNFs. -R-52085: The VNF **MUST**, if not using the NCSP’s IDAM API, provide the ability to support Multi-Factor Authentication (e.g., 1st factor = Software token on device (RSA SecureID); 2nd factor = User Name+Password, etc.) for the users. +R-52085: The VNF **MUST**, if not using the NCSP’s IDAM API, provide the +ability to support Multi-Factor Authentication (e.g., 1st factor = Software +token on device (RSA SecureID); 2nd factor = User Name+Password, etc.) +for the users. -R-29495: The VNF **MUST** support locking if a common object is being manipulated by two simultaneous NETCONF configuration operations on the same VNF within the context of the same writable running data store (e.g., if an interface parameter is being configured then it should be locked out for configuration by a simultaneous configuration operation on that same interface parameter). +R-29495: The VNF **MUST** support locking if a common object is being +manipulated by two simultaneous NETCONF configuration operations on the +same VNF within the context of the same writable running data store +(e.g., if an interface parameter is being configured then it should be +locked out for configuration by a simultaneous configuration operation +on that same interface parameter). -R-31751: The VNF **MUST** subject VNF provider VNF access to privilege reconciliation tools to prevent access creep and ensure correct enforcement of access policies. +R-31751: The VNF **MUST** subject VNF provider VNF access to privilege +reconciliation tools to prevent access creep and ensure correct enforcement +of access policies. -R-48698: The VNF **MUST** utilize information from key value pairs that will be provided by the Ansible Server as extra-vars during invocation to execute the desired VNF action. If the playbook requires files, they must also be supplied using the methodology detailed in the Ansible Server API. +R-48698: The VNF **MUST** utilize information from key value pairs that +will be provided by the Ansible Server as extra-vars during invocation +to execute the desired VNF action. If the playbook requires files, +they must also be supplied using the methodology detailed in the +Ansible Server API. -R-44290: The VNF **MUST** control access to ONAP and to VNFs, and creation of connections, through secure credentials, log-on and exchange mechanisms. +R-44290: The VNF **MUST** control access to ONAP and to VNFs, and creation of +connections, through secure credentials, log-on and exchange mechanisms. -R-40293: The VNF **MUST** make available (or load on VNF Ansible Server) playbooks that conform to the ONAP requirement. +R-40293: The VNF **MUST** make available (or load on VNF Ansible Server) +playbooks that conform to the ONAP requirement. -R-30932: The VNF **MUST** provide security audit logs including records of successful and rejected system access data and other resource access attempts. +R-30932: The VNF **MUST** provide security audit logs including records of +successful and rejected system access data and other resource access attempts. -R-12538: The VNF **SHOULD** support load balancing and discovery mechanisms in resource pools containing VNFC instances. +R-12538: The VNF **SHOULD** support load balancing and discovery mechanisms +in resource pools containing VNFC instances. -R-59610: The VNF **MUST** implement the data model discovery and download as defined in [RFC6022]. +R-59610: The VNF **MUST** implement the data model discovery and download +as defined in [RFC6022]. -R-49945: The VNF **MUST** authorize VNF provider access through a client application API by the client application owner and the resource owner of the VNF before provisioning authorization through Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), or other policy based mechanism. +R-49945: The VNF **MUST** authorize VNF provider access through a +client application API by the client application owner and the +resource owner of the VNF before provisioning authorization through +Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), +or other policy based mechanism. -R-20912: The VNF **MUST** support alternative monitoring capabilities when VNFs do not expose data or control traffic or use proprietary and optimized protocols for inter VNF communication. +R-20912: The VNF **MUST** support alternative monitoring capabilities +when VNFs do not expose data or control traffic or use proprietary +and optimized protocols for inter VNF communication. Ansible Playbook Examples @@ -2002,7 +2453,7 @@ VM(s) as specified in the request. ONAP APPC REST API to Ansible Server is documented separately and can be found under ONAP (onap.org). -\ **Ansible Server – On-boarding Ansible Playbooks ** +**Ansible Server – On-boarding Ansible Playbooks** Once playbooks are developed following the guidelines listed in prior section(s), playbooks need to be on-boarded onto Ansible Server(s). In |