diff options
Diffstat (limited to 'docs/changes-by-section-casablanca.rst')
-rw-r--r-- | docs/changes-by-section-casablanca.rst | 1010 |
1 files changed, 505 insertions, 505 deletions
diff --git a/docs/changes-by-section-casablanca.rst b/docs/changes-by-section-casablanca.rst index 0330d54..76dfb86 100644 --- a/docs/changes-by-section-casablanca.rst +++ b/docs/changes-by-section-casablanca.rst @@ -38,7 +38,7 @@ Configuration Management > Ansible Standards and Capabilities > xNF Configuratio Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-24482` @@ -47,7 +47,7 @@ Requirements Added an inventory hosts file in a supported format; with site group that shall be used to add site specific configurations to the target xNF VM(s) as needed. - + .. container:: note @@ -57,7 +57,7 @@ Requirements Added addresses of the Ansible Servers in the Cluster, separated by coma, to restrict use of the SSH key pair to elements that are part of the Ansible Cluster owner of the issued and assigned mechanized user ID. - + .. container:: note @@ -67,7 +67,7 @@ Requirements Added an inventory hosts file in a supported format; with group names matching VNFC 3-character string adding "vip" for groups with virtual IP addresses shared by multiple VMs as seen in examples provided in Appendix. - + .. container:: note @@ -76,7 +76,7 @@ Requirements Added The xNF **MUST** provide the ability to include a "from=" clause in SSH public keys associated with mechanized user IDs created for an Ansible Server cluster to use for xNF VM authentication. - + .. container:: note @@ -85,7 +85,7 @@ Requirements Added The xNF **MUST** provide Ansible playbooks that are designed to run using an inventory hosts file in a supported format with only IP addresses or IP addresses and VM/xNF names. - + .. container:: note @@ -94,7 +94,7 @@ Requirements Added The xNF **MUST** permit authentication, using root account, only right after instantiation and until post-instantiation configuration is completed. - + .. container:: note @@ -102,11 +102,11 @@ Requirements Added The xNF **MUST** provide the ability to remove root access once post-instantiation configuration (Configure) is completed. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -117,7 +117,7 @@ Requirements Changed xNF that playbooks will target. ONAP will initiate requests to the Ansible Server for invocation of playbooks against these end points [#7.3.3]_. - + .. container:: note @@ -129,7 +129,7 @@ Requirements Changed **Note**: Ansible Server itself may be used to upload new SSH public keys onto supported xNFs. - + .. container:: note @@ -151,7 +151,7 @@ Requirements Changed upload of SSH public keys, SSH public keys loaded during (heat) instantiation shall be preserved and not removed by (heat) embedded (userdata) scripts. - + .. container:: note @@ -160,7 +160,7 @@ Requirements Changed The xNF **MUST** support SSH and allow SSH access by the Ansible server to the endpoint VM(s) and comply with the Network Cloud Service Provider guidelines for authentication and access. - + .. container:: note @@ -172,7 +172,7 @@ Requirements Changed instantiation to support Ansible. This may include creating Mechanized user ID(s) used by the Ansible Server(s) on VNF VM(s) and uploading and installing new SSH keys used by the mechanized use ID(s). - + Configuration Management > Ansible Standards and Capabilities > xNF Configuration via Ansible Requirements > Ansible Playbook Requirements ------------------------------------------------------------------------------------------------------------------------------------------ @@ -180,7 +180,7 @@ Configuration Management > Ansible Standards and Capabilities > xNF Configuratio Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -189,7 +189,7 @@ Requirements Added The xNF provider **MUST** deliver a new set of playbooks that includes all updated and unchanged playbooks for any new revision to an existing set of playbooks. - + .. container:: note @@ -197,7 +197,7 @@ Requirements Added The xNF **MUST** support Ansible playbooks that are compatible with Ansible version 2.6 or later. - + .. container:: note @@ -206,11 +206,11 @@ Requirements Added The xNF provider **MUST** assign a new point release to the updated playbook set. The functionality of a new playbook set must be tested before it is deployed to the production. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -228,7 +228,7 @@ Requirements Changed input by playbooks, shall be provisioned (and distributed) in advance of use, e.g., xNF instantiation. Recommendation is to avoid these instance specific, manually created in advance of instantiation, files. - + .. container:: note @@ -239,7 +239,7 @@ Requirements Changed playbook completed all tasks. When starting services, return control only after all services are up. This is critical for workflows where the next steps are dependent on prior tasks being fully completed. - + .. container:: note @@ -255,7 +255,7 @@ Requirements Changed on workflow to terminate and re-instantiate VNF VMs and then re-run playbook(s)). Backing up updated files is also recommended to support rollback when soft rollback is feasible. - + .. container:: note @@ -269,7 +269,7 @@ Requirements Changed with the name '<xNF name>_results.txt'. All playbook output results, for all xNF VMs, to be provided as a response to the request, must be written to this response file. - + .. container:: note @@ -279,7 +279,7 @@ Requirements Changed by invocation of **one** playbook [#7.3.4]_. The playbook will be responsible for executing all necessary tasks (as well as calling other playbooks) to complete the request. - + .. container:: note @@ -290,7 +290,7 @@ Requirements Changed operations such as backing out of software upgrades, configuration changes or other work as this will help backing out of configuration changes when needed. - + .. container:: note @@ -309,7 +309,7 @@ Requirements Changed models, that send remediation action requests to an APPC/SDN-C; these are triggered as a response to an event or correlated events published to Event Bus. - + Configuration Management > Chef Standards and Capabilities > xNF Configuration via Chef Requirements > Chef Roles/Requirements ------------------------------------------------------------------------------------------------------------------------------ @@ -317,7 +317,7 @@ Configuration Management > Chef Standards and Capabilities > xNF Configuration v Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -329,7 +329,7 @@ Requirements Changed (see Section 7.c, APPC/SDN-C APIs and Behavior, for list of xNF actions and requirements), when triggered by a chef-client run list in JSON file. - + Configuration Management > Controller Interactions With xNF > Configuration Commands ------------------------------------------------------------------------------------ @@ -337,49 +337,49 @@ Configuration Management > Controller Interactions With xNF > Configuration Comm Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-20741` The xNF **MUST** support APPC/SDN-C ``Configure`` command. - + .. container:: note :need:`R-94084` The xNF **MUST** support APPC/SDN-C ``ConfigScaleOut`` command. - + .. container:: note :need:`R-32981` The xNF **MUST** support APPC ``ConfigBackup`` command. - + .. container:: note :need:`R-48247` The xNF **MUST** support APPC ``ConfigRestore`` command. - + .. container:: note :need:`R-56385` The xNF **MUST** support APPC ``Audit`` command. - + .. container:: note :need:`R-19366` The xNF **MUST** support APPC ``ConfigModify`` command. - + Configuration Management > Controller Interactions With xNF > HealthCheck and Failure Related Commands ------------------------------------------------------------------------------------------------------ @@ -387,14 +387,14 @@ Configuration Management > Controller Interactions With xNF > HealthCheck and Fa Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-41430` The xNF **MUST** support APPC/SDN-C ``HealthCheck`` command. - + Configuration Management > Controller Interactions With xNF > Lifecycle Management Related Commands --------------------------------------------------------------------------------------------------- @@ -402,7 +402,7 @@ Configuration Management > Controller Interactions With xNF > Lifecycle Manageme Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -411,74 +411,74 @@ Requirements Added The xNF **MUST**, if serving as a distribution point or anchor point for steering point from source to destination, support the ONAP Controller's ``DistributeTraffic`` command. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-12706` The xNF **MUST** support APPC/SDN-C ``QuiesceTraffic`` command. - + .. container:: note :need:`R-49466` The xNF **MUST** support APPC/SDN-C ``UpgradeSoftware`` command. - + .. container:: note :need:`R-82811` The xNF **MUST** support APPC ``StartApplication`` command. - + .. container:: note :need:`R-07251` The xNF **MUST** support APPC/SDN-C ``ResumeTraffic`` command. - + .. container:: note :need:`R-45856` The xNF **MUST** support APPC/SDN-C ``UpgradePostCheck`` command. - + .. container:: note :need:`R-65641` The xNF **MUST** support APPC/SDN-C ``UpgradeBackOut`` command. - + .. container:: note :need:`R-83146` The xNF **MUST** support APPC ``StopApplication`` command. - + .. container:: note :need:`R-97343` The xNF **MUST** support APPC/SDN-C ``UpgradeBackup`` command. - + .. container:: note :need:`R-19922` The xNF **MUST** support APPC/SDN-C ``UpgradePrecheck`` command. - + Configuration Management > NETCONF Standards and Capabilities > xNF Configuration via NETCONF Requirements > NETCONF Server Requirements ---------------------------------------------------------------------------------------------------------------------------------------- @@ -486,7 +486,7 @@ Configuration Management > NETCONF Standards and Capabilities > xNF Configuratio Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -495,7 +495,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``discard-changes()`` - Revert the candidate configuration data store to the running configuration. - + .. container:: note @@ -504,7 +504,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``get-config(source, filter`` - Retrieve a (filtered subset of a) configuration from the configuration data store source. - + .. container:: note @@ -513,7 +513,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``commit(confirmed, confirm-timeout)`` - Commit candidate configuration data store to the running configuration. - + .. container:: note @@ -523,7 +523,7 @@ Requirements Changed ``edit-config(target, default-operation, test-option, error-option, config)`` - Edit the target configuration data store by merging, replacing, creating, or deleting new config elements. - + .. container:: note @@ -531,7 +531,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``lock(target)`` - Lock the configuration data store target. - + .. container:: note @@ -539,7 +539,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``close-session()`` - Gracefully close the current session. - + .. container:: note @@ -547,7 +547,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``kill-session(session``- Force the termination of **session**. - + .. container:: note @@ -555,7 +555,7 @@ Requirements Changed The xNF **MUST** implement the protocol operation: ``unlock(target)`` - Unlock the configuration data store target. - + .. container:: note @@ -564,7 +564,7 @@ Requirements Changed The xNF **SHOULD** implement the protocol operation: ``delete-config(target)`` - Delete the named configuration data store target. - + .. container:: note @@ -573,7 +573,7 @@ Requirements Changed The xNF **SHOULD** implement the protocol operation: ``copy-config(target, source)`` - Copy the content of the configuration data store source to the configuration data store target. - + Contrail Resource Parameters > Contrail Network Parameters > External Networks ------------------------------------------------------------------------------ @@ -581,7 +581,7 @@ Contrail Resource Parameters > Contrail Network Parameters > External Networks Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -596,7 +596,7 @@ Requirements Changed * **MUST** be declared as type ``string`` * **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File - + Heat > Cinder Volumes --------------------- @@ -604,7 +604,7 @@ Heat > Cinder Volumes Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -614,7 +614,7 @@ Requirements Removed "outputs" in the volume template for each Cinder volume resource universally unique identifier (UUID) (i.e. ONAP Volume Template Output Parameters). - + Heat > Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata -------------------------------------------------------------------------------------------------------- @@ -622,7 +622,7 @@ Heat > Heat Orchestration Template Format > Heat Orchestration Template Structur Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -630,7 +630,7 @@ Requirements Removed A VNF's Heat Orchestration Template's OS::Nova::Server resource **MUST** contain the attribute "metadata". - + Heat > Heat Template Constructs > Heat Files Support (get_file) --------------------------------------------------------------- @@ -638,7 +638,7 @@ Heat > Heat Template Constructs > Heat Files Support (get_file) Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -646,7 +646,7 @@ Requirements Removed When using the intrinsic function get_file, the included files **MUST** have unique file names within the scope of the VNF. - + Heat > Heat Template Constructs > Nested Heat Template Requirements ------------------------------------------------------------------- @@ -654,7 +654,7 @@ Heat > Heat Template Constructs > Nested Heat Template Requirements Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -662,7 +662,7 @@ Requirements Removed The VNF Heat Orchestration Template **MUST** have unique file names within the scope of the VNF for a nested heat yaml file. - + Heat > Networking > External Networks ------------------------------------- @@ -670,7 +670,7 @@ Heat > Networking > External Networks Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -679,7 +679,7 @@ Requirements Removed When a VNF connects to an external network, a network role, referred to as the '{network-role}' **MUST** be assigned to the external network for use in the VNF's Heat Orchestration Template. - + Heat > Networking > Internal Networks ------------------------------------- @@ -687,7 +687,7 @@ Heat > Networking > Internal Networks Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -697,7 +697,7 @@ Requirements Removed is created in the same Heat Orchestration Template as the internal network, then the port resource **MUST** use a 'get_resource' to obtain the network UUID. - + Heat > ONAP Resource ID and Parameter Naming Convention > Contrail Resource Parameters > Contrail Network Parameters > External Networks ---------------------------------------------------------------------------------------------------------------------------------------- @@ -705,7 +705,7 @@ Heat > ONAP Resource ID and Parameter Naming Convention > Contrail Resource Para Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -714,7 +714,7 @@ Requirements Removed A VNF's Heat Orchestration Template's parameter '{network-role}_net_fqdn' **MUST** be declared as type 'string'. - + Heat > ONAP Resource ID and Parameter Naming Convention > Resource: OS::Nova::Server – Metadata Parameters > vm_role -------------------------------------------------------------------------------------------------------------------- @@ -722,7 +722,7 @@ Heat > ONAP Resource ID and Parameter Naming Convention > Resource: OS::Nova::Se Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -737,7 +737,7 @@ Requirements Removed - hard coded in the VNF's Heat Orchestration Template's OS::Nova::Resource metadata property. - + Heat > ONAP Support of Environment Files ---------------------------------------- @@ -745,7 +745,7 @@ Heat > ONAP Support of Environment Files Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -753,7 +753,7 @@ Requirements Removed The VNF Heat Orchestration Template **MUST** have a corresponding environment file for a Cinder Volume Module. - + .. container:: note @@ -761,7 +761,7 @@ Requirements Removed The VNF Heat Orchestration Template **MUST** have a corresponding environment file for an Incremental module. - + .. container:: note @@ -769,7 +769,7 @@ Requirements Removed The VNF Heat Orchestration Template **MUST** have a corresponding environment file for a Base Module. - + Monitoring & Management > Data Structure Specification of the Event Record -------------------------------------------------------------------------- @@ -777,7 +777,7 @@ Monitoring & Management > Data Structure Specification of the Event Record Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -787,7 +787,7 @@ Requirements Added recommend actions that may be taken at specific thresholds, or if specific conditions repeat within a specified time interval, using the semantics and syntax described by the :doc:`VES Event Registration specification<../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>`. - + .. container:: note @@ -796,7 +796,7 @@ Requirements Added The xNF Provider **MAY** require that specific events, identified by their ``eventName``, require that certain fields, which are optional in the common event format, must be present when they are published. - + .. container:: note @@ -810,7 +810,7 @@ Requirements Added * Required fields * Optional fields * Any special handling to be performed for that event - + .. container:: note @@ -820,7 +820,7 @@ Requirements Added event format defined in the :doc:`VES Event Listener<../../../../vnfsdk/model.git/docs/files/VESEventListener_7_0_1>` specification. - + Monitoring & Management > Event Records - Data Structure Description > Common Event Header ------------------------------------------------------------------------------------------ @@ -828,7 +828,7 @@ Monitoring & Management > Event Records - Data Structure Description > Common Ev Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -853,7 +853,7 @@ Requirements Added * ``version`` - the version of the event header * ``vesEventListenerVersion`` - Version of the VES event listener API spec that this event is compliant with - + Monitoring & Management > Event Records - Data Structure Description > Miscellaneous ------------------------------------------------------------------------------------ @@ -861,7 +861,7 @@ Monitoring & Management > Event Records - Data Structure Description > Miscellan Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -870,7 +870,7 @@ Requirements Added The VNF, when publishing events, **MUST NOT** send information through extensible structures if the event specification has explicitly defined fields for that information. - + .. container:: note @@ -880,7 +880,7 @@ Requirements Added able to collect even if the information field is identified as optional. However, if the data cannot be collected, then optional fields can be omitted. - + .. container:: note @@ -890,7 +890,7 @@ Requirements Added words and acronyms used as keys that will be sent through extensible fields. When an acronym is used as the key, then only the first letter shall be capitalized. - + Monitoring & Management > Monitoring & Management Requirements > Asynchronous and Synchronous Data Delivery ----------------------------------------------------------------------------------------------------------- @@ -898,7 +898,7 @@ Monitoring & Management > Monitoring & Management Requirements > Asynchronous an Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -906,7 +906,7 @@ Requirements Added The xNF **SHOULD** deliver all syslog messages to the VES Collector per the specifications in Monitoring and Management chapter. - + Monitoring & Management > Monitoring & Management Requirements > Bulk Performance Measurement --------------------------------------------------------------------------------------------- @@ -914,7 +914,7 @@ Monitoring & Management > Monitoring & Management Requirements > Bulk Performanc Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -922,7 +922,7 @@ Requirements Added The xNF **SHOULD** support File transferring protocol, such as FTPES or SFTP, when supporting the event-driven bulk transfer of monitoring data. - + .. container:: note @@ -930,7 +930,7 @@ Requirements Added The xNF **SHOULD** support the data schema defined in 3GPP TS 32.435, when supporting the event-driven bulk transfer of monitoring data. - + .. container:: note @@ -938,7 +938,7 @@ Requirements Added The xNF **SHOULD** support FileReady VES event for event-driven bulk transfer of monitoring data. - + Monitoring & Management > Monitoring & Management Requirements > Google Protocol Buffers (GPB) ---------------------------------------------------------------------------------------------- @@ -946,7 +946,7 @@ Monitoring & Management > Monitoring & Management Requirements > Google Protocol Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -963,7 +963,7 @@ Requirements Added the state of an xNF resource. * The required Google Protocol Buffers (GPB) metadata is provided in the form of .proto files. - + .. container:: note @@ -979,7 +979,7 @@ Requirements Added processing high volume events * A supporting PM content metadata file to be used by analytics applications to process high volume measurement events - + Monitoring & Management > Monitoring & Management Requirements > JSON --------------------------------------------------------------------- @@ -987,7 +987,7 @@ Monitoring & Management > Monitoring & Management Requirements > JSON Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -998,7 +998,7 @@ Requirements Changed High-volume data is to be encoded and serialized using `Avro <http://avro.apache.org/>`_, where the Avro [#7.4.1]_ data format are described using JSON. - + Monitoring & Management > Monitoring & Management Requirements > Reporting Frequency ------------------------------------------------------------------------------------ @@ -1006,7 +1006,7 @@ Monitoring & Management > Monitoring & Management Requirements > Reporting Frequ Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1014,7 +1014,7 @@ Requirements Added The xNF **MUST** report exactly one Measurement event per period per source name. - + Monitoring & Management > Monitoring & Management Requirements > VNF telemetry via standardized interface --------------------------------------------------------------------------------------------------------- @@ -1022,7 +1022,7 @@ Monitoring & Management > Monitoring & Management Requirements > VNF telemetry v Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1030,11 +1030,11 @@ Requirements Added The xNF MUST produce heartbeat indicators consisting of events containing the common event header only per the VES Listener Specification. - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1043,7 +1043,7 @@ Requirements Removed The xNF **MUST** provide all telemetry (e.g., fault event records, syslog records, performance records etc.) to ONAP using the model, format and mechanisms described in this section. - + Monitoring & Management > Transports and Protocols Supporting Resource Interfaces --------------------------------------------------------------------------------- @@ -1051,7 +1051,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1059,7 +1059,7 @@ Requirements Added The xNF **SHOULD** deliver event records that fall into the event domains supported by VES. - + .. container:: note @@ -1067,7 +1067,7 @@ Requirements Added The xNF **MUST** deliver event records to ONAP using the common transport mechanisms and protocols defined in this document. - + .. container:: note @@ -1076,7 +1076,7 @@ Requirements Added The xNF provider **MUST** reach agreement with the Service Provider on the selected methods for encoding, serialization and data delivery prior to the on-boarding of the xNF into ONAP SDC Design Studio. - + Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > Bulk Telemetry Transmission --------------------------------------------------------------------------------------------------------------- @@ -1084,7 +1084,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1093,7 +1093,7 @@ Requirements Added The XNF **MAY** leverage bulk xNF telemetry transmission mechanism, as depicted in Figure 4, in instances where other transmission methods are not practical or advisable. - + Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using Google Protocol Buffers ------------------------------------------------------------------------------------------------------------------------------- @@ -1101,7 +1101,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1111,7 +1111,7 @@ Requirements Added depicted in Figure 3 to support real-time performance management (PM) data. In this model the VES events are streamed as binary-encoded GBPs over via TCP sockets. - + Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using VES/JSON Model ---------------------------------------------------------------------------------------------------------------------- @@ -1119,7 +1119,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1129,7 +1129,7 @@ Requirements Added for data delivery unless there are specific performance or operational concerns agreed upon by the Service Provider that would warrant using an alternate model. - + ONAP Heat Cinder Volumes ------------------------ @@ -1137,7 +1137,7 @@ ONAP Heat Cinder Volumes Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1152,7 +1152,7 @@ Requirements Added * A resource that defines the property ``type`` as a Nested YAML file (i.e., static nesting) and the Nested YAML contains an ``OS::Cinder::Volume`` resource - + ONAP Heat Heat Template Constructs > Heat Files Support (get_file) ------------------------------------------------------------------ @@ -1160,7 +1160,7 @@ ONAP Heat Heat Template Constructs > Heat Files Support (get_file) Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1172,7 +1172,7 @@ Requirements Changed * more than once in a VNF's Heat Orchestration Template * in two or more of a VNF's Heat Orchestration Templates * in a VNF's Heat Orchestration Templates nested YAML file - + .. container:: note @@ -1181,7 +1181,7 @@ Requirements Changed If a VNF's Heat Orchestration Template uses the intrinsic function ``get_file``, the ``get_file`` target **MUST** be referenced in the Heat Orchestration Template by file name. - + .. container:: note @@ -1189,7 +1189,7 @@ Requirements Changed A VNF's Heat Orchestration Template intrinsic function ``get_file`` **MUST NOT** utilize URL-based file retrieval. - + .. container:: note @@ -1200,7 +1200,7 @@ Requirements Changed single, flat directory per VNF. A VNF's Heat Orchestration Template's ``get_file`` target files **MUST** be in the same directory hierarchy as the VNF's Heat Orchestration Templates. - + ONAP Heat Heat Template Constructs > Nested Heat Templates > Nested Heat Template Requirements ---------------------------------------------------------------------------------------------- @@ -1208,7 +1208,7 @@ ONAP Heat Heat Template Constructs > Nested Heat Templates > Nested Heat Templat Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1217,7 +1217,7 @@ Requirements Added A VNF's Heat Orchestration Template **MUST** reference a Nested YAML file by name. The use of ``resource_registry`` in the VNF's Heat Orchestration Templates Environment File **MUST NOT** be used. - + ONAP Heat Networking > External Networks ---------------------------------------- @@ -1225,7 +1225,7 @@ ONAP Heat Networking > External Networks Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1233,7 +1233,7 @@ Requirements Changed A VNF **MAY** be connected to zero, one or more than one external network. - + ONAP Heat Networking > Internal Networks ---------------------------------------- @@ -1241,7 +1241,7 @@ ONAP Heat Networking > Internal Networks Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1251,7 +1251,7 @@ Requirements Changed for the purpose of reaching VMs in another VNF and/or an external gateway and/or external router. - + .. container:: note @@ -1259,14 +1259,14 @@ Requirements Changed A VNF's port connected to an internal network **MUST** use the port for the purpose of reaching VMs in the same VNF. - + .. container:: note :need:`R-87096` A VNF **MAY** contain zero, one or more than one internal network. - + ONAP Heat Orchestration Template Format --------------------------------------- @@ -1274,7 +1274,7 @@ ONAP Heat Orchestration Template Format Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1282,7 +1282,7 @@ Requirements Added A VNF's Heat Orchestration Template **MUST** be compliant with the OpenStack Template Guide. - + ONAP Heat Orchestration Template Format > Environment File Format ----------------------------------------------------------------- @@ -1290,7 +1290,7 @@ ONAP Heat Orchestration Template Format > Environment File Format Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1298,7 +1298,7 @@ Requirements Changed A VNF's Heat Orchestration template **MUST** have a corresponding environment file. - + .. container:: note @@ -1306,7 +1306,7 @@ Requirements Changed A VNF's Heat Orchestration template's Environment File's ``parameters:`` section **MAY** (or **MAY NOT**) enumerate parameters. - + .. container:: note @@ -1314,7 +1314,7 @@ Requirements Changed A VNF's Heat Orchestration template's Environment File **MUST** contain the ``parameters:`` section. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters -------------------------------------------------------------------------------------------- @@ -1322,7 +1322,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1331,7 +1331,7 @@ Requirements Changed A VNF Heat Orchestration's template's parameter **MUST** be used in a resource with the exception of the parameters for the ``OS::Nova::Server`` resource property ``availability_zone``. - + .. container:: note @@ -1340,7 +1340,7 @@ Requirements Changed A VNF Heat Orchestration's template's parameter for the ``OS::Nova::Server`` resource property ``availability_zone`` **MAY NOT** be used in any ``OS::Nova::Server``. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > constraints ---------------------------------------------------------------------------------------------------------- @@ -1348,7 +1348,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1358,7 +1358,7 @@ Requirements Changed in a non-nested YAML file as type ``number`` **MUST** have a parameter constraint of ``range`` or ``allowed_values`` defined. - + .. container:: note @@ -1367,7 +1367,7 @@ Requirements Changed A VNF's Heat Orchestration Template's parameter defined in a nested YAML file **MUST NOT** have a parameter constraint defined. - + .. container:: note @@ -1376,7 +1376,7 @@ Requirements Changed A VNF's Heat Orchestration Template's parameter defined in a non-nested YAML file as type ``boolean`` **MAY** have a parameter constraint defined. - + .. container:: note @@ -1385,7 +1385,7 @@ Requirements Changed A VNF's Heat Orchestration Template's parameter defined in a non-nested YAML file as type ``string`` **MAY** have a parameter constraint defined. - + .. container:: note @@ -1394,7 +1394,7 @@ Requirements Changed A VNF's Heat Orchestration Template's parameter defined in a non-nested YAML file as type ``json`` **MAY** have a parameter constraint defined. - + .. container:: note @@ -1403,7 +1403,7 @@ Requirements Changed A VNF's Heat Orchestration Template's parameter defined in a non-nested YAML file as type ``comma_delimited_list`` **MAY** have a parameter constraint defined. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > default ------------------------------------------------------------------------------------------------------ @@ -1411,7 +1411,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1419,7 +1419,7 @@ Requirements Changed If a VNF Heat Orchestration Template parameter has a default value, it **MUST** be enumerated in the environment file. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > type --------------------------------------------------------------------------------------------------- @@ -1427,7 +1427,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1441,7 +1441,7 @@ Requirements Changed * ``json`` * ``comma_delimited_list`` * ``boolean`` - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources ------------------------------------------------------------------------------------------- @@ -1449,7 +1449,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1457,7 +1457,7 @@ Requirements Changed A VNF's Heat Orchestration Template's Nested YAML files **MAY** (or **MAY NOT**) contain the section ``resources:``. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > deletion_policy ------------------------------------------------------------------------------------------------------------- @@ -1465,7 +1465,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1473,7 +1473,7 @@ Requirements Changed VNF's Heat Orchestration Template's Resource **MAY** declare the attribute ``deletion_policy:``. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > external_id --------------------------------------------------------------------------------------------------------- @@ -1481,7 +1481,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1489,7 +1489,7 @@ Requirements Changed VNF's Heat Orchestration Template's Resource **MAY** declare the attribute ``external_id:``. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata ------------------------------------------------------------------------------------------------------ @@ -1497,7 +1497,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1505,7 +1505,7 @@ Requirements Added A VNF's Heat Orchestration Template's Resource **MAY** declare the attribute ``metadata``. - + ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > properties -------------------------------------------------------------------------------------------------------- @@ -1513,7 +1513,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1522,7 +1522,7 @@ Requirements Changed If a VNF's Heat Orchestration Template resource attribute ``property:`` uses a nested ``get_param``, the nested ``get_param`` **MUST** reference an index. - + ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Base Modules ------------------------------------------------------------------------------------------------------ @@ -1530,7 +1530,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1551,7 +1551,7 @@ Requirements Changed where ``<text>`` **MUST** contain only alphanumeric characters and underscores '_' and **MUST NOT** contain the case insensitive word ``base``. - + ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Cinder Volume Modules --------------------------------------------------------------------------------------------------------------- @@ -1559,7 +1559,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1568,7 +1568,7 @@ Requirements Changed VNF Heat Orchestration Template's Cinder Volume Module's Environment File **MUST** be named identical to the VNF Heat Orchestration Template's Cinder Volume Module with ``.y[a]ml`` replaced with ``.env``. - + .. container:: note @@ -1577,7 +1577,7 @@ Requirements Changed A VNF Heat Orchestration Template's Cinder Volume Module **MUST** be named identical to the base or incremental module it is supporting with ``_volume`` appended. - + ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Incremental Modules ------------------------------------------------------------------------------------------------------------- @@ -1585,7 +1585,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1594,7 +1594,7 @@ Requirements Changed VNF Heat Orchestration Template's Incremental Module file name **MUST** contain only alphanumeric characters and underscores '_' and **MUST NOT** contain the case insensitive word ``base``. - + ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Nested Heat file ---------------------------------------------------------------------------------------------------------- @@ -1602,7 +1602,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1611,7 +1611,7 @@ Requirements Changed VNF Heat Orchestration Template's Nested YAML file name **MUST** contain only alphanumeric characters and underscores '_' and **MUST NOT** contain the case insensitive word ``base``. - + ONAP Heat Orchestration Templates Overview > ONAP VNF Modularity Overview ------------------------------------------------------------------------- @@ -1619,14 +1619,14 @@ ONAP Heat Orchestration Templates Overview > ONAP VNF Modularity Overview Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-38474` A VNF's Base Module **MUST** have a corresponding Environment File. - + .. container:: note @@ -1634,14 +1634,14 @@ Requirements Changed At orchestration time, the VNF's Base Module **MUST** be deployed first, prior to any incremental modules. - + .. container:: note :need:`R-53433` A VNF's Cinder Volume Module **MUST** have a corresponding environment file - + .. container:: note @@ -1649,7 +1649,7 @@ Requirements Changed A VNF's Cinder Volume Module, when it exists, **MUST** be 1:1 with a Base module or Incremental module. - + .. container:: note @@ -1662,21 +1662,21 @@ Requirements Changed an Incremental Module), or 3.) a Cinder Volume Module Heat Orchestration Template (referred to as Cinder Volume Module). - + .. container:: note :need:`R-81725` A VNF's Incremental Module **MUST** have a corresponding Environment File - + .. container:: note :need:`R-37028` A VNF **MUST** be composed of one Base Module - + ONAP Heat Orchestration Templates Overview > Output Parameters > ONAP Volume Module Output Parameters ----------------------------------------------------------------------------------------------------- @@ -1684,7 +1684,7 @@ ONAP Heat Orchestration Templates Overview > Output Parameters > ONAP Volume Mod Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1695,7 +1695,7 @@ Requirements Changed in the corresponding Base Module or Incremental Module unless the Output Parameter is of the type ``comma_delimited_list``, then the corresponding input parameter **MUST** be declared as type ``json``. - + .. container:: note @@ -1706,7 +1706,7 @@ Requirements Changed **MUST** include the UUID(s) of the Cinder Volumes created in template, while others **MAY** be included. - + ONAP Heat VNF Modularity ------------------------ @@ -1714,7 +1714,7 @@ ONAP Heat VNF Modularity Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1736,7 +1736,7 @@ Requirements Changed ECOMP will capture the output parameter name and value in the base module and provide the value to the corresponding parameter(s) in the incremental module(s). - + ONAP Output Parameter Names > Predefined Output Parameters > OAM Management IP Addresses ---------------------------------------------------------------------------------------- @@ -1744,7 +1744,7 @@ ONAP Output Parameter Names > Predefined Output Parameters > OAM Management IP A Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1765,7 +1765,7 @@ Requirements Changed value: {get_param: {vm-type}_{network-role}_ip_{index} } oam_management_v6_address: value: {get_param: {vm-type}_{network-role}_v6_ip_{index} } - + .. container:: note @@ -1776,7 +1776,7 @@ Requirements Changed then the parameter **MUST** be obtained by the resource ``OS::Neutron::Port`` attribute ``ip_address``. - + .. container:: note @@ -1787,7 +1787,7 @@ Requirements Changed database, an output parameter **MUST** be declared in only one of the VNF's Heat Orchestration Templates and the parameter **MUST** be named ``oam_management_v6_address``. - + ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Capability Types ---------------------------------------------------------------------- @@ -1795,7 +1795,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Capability Types Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1827,7 +1827,7 @@ Requirements Added **tosca.capabilities.nfv.VirtualCompute** and **tosca.capabilities.nfv.VirtualStorage** includes flavours of VDU - + ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Data Types ---------------------------------------------------------------- @@ -1835,7 +1835,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Data Types Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1845,7 +1845,7 @@ Requirements Added on TOSCA/YAML constructs specified in draft GS NFV-SOL 001. The node data definitions/attributes used in VNFD **MUST** comply with the below table. - + .. container:: note @@ -1855,7 +1855,7 @@ Requirements Added and is based on TOSCA constructs specified in draft GS NFV-SOL 001. The LCM configuration data elements used in VNFD **MUST** comply with the below table. - + ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > General ------------------------------------------------------------- @@ -1863,7 +1863,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > General Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1872,7 +1872,7 @@ Requirements Added The following table defines the major TOSCA Types specified in ETSI NFV-SOL001 standard draft. The VNFD provided by a VNF vendor **MUST** comply with the below definitions: - + .. container:: note @@ -1881,7 +1881,7 @@ Requirements Added The VNFD **MAY** include TOSCA/YAML definitions that are not part of NFV Profile. If provided, these definitions MUST comply with TOSCA Simple Profile in YAML v.1.2. - + .. container:: note @@ -1895,7 +1895,7 @@ Requirements Added summarizes the TOSCA definitions agreed to be part of current version of NFV profile and that VNFD MUST comply with in ONAP Release 2+ Requirements. - + .. container:: note @@ -1930,7 +1930,7 @@ Requirements Added supported per deployment flavour, and their input parameters; Note, thatthe actual LCM implementation resides in a different layer, namely referring to additional template artifacts. - + .. container:: note @@ -1939,7 +1939,7 @@ Requirements Added The VNFD **MUST** comply with ETSI GS NFV-SOL001 document endorsing the above mentioned NFV Profile and maintaining the gaps with the requirements specified in ETSI GS NFV-IFA011 standard. - + ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Interface Types --------------------------------------------------------------------- @@ -1947,7 +1947,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Interface Types Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1957,7 +1957,7 @@ Requirements Added interface types. An on-boarding entity (ONAP SDC) **MUST** support them. **tosca.interfaces.nfv.vnf.lifecycle.Nfv** supports LCM operations - + ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Relationship Types ------------------------------------------------------------------------ @@ -1965,7 +1965,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Relationship Types Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -1983,7 +1983,7 @@ Requirements Added This relationship type represents an association relationship between the VduCpd's and VirtualLinkDesc node types. - + ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Contents ---------------------------------------------------------------------- @@ -1991,7 +1991,7 @@ ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Contents Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2006,7 +2006,7 @@ Requirements Added identification data must include: an identifier for the VNF, the name of the VNF as was given by the VNF provider, VNF description, VNF provider, and version. - + .. container:: note @@ -2016,7 +2016,7 @@ Requirements Added ETSI GS NFV-SOL004 including Manifest file, VNFD (or Main TOSCA/YAML based Service Template) and other optional artifacts. CSAR Manifest file as per SOL004 - for example ROOT\\ **MainServiceTemplate.mf** - + .. container:: note @@ -2024,7 +2024,7 @@ Requirements Added The VNF provider **MUST** provide their testing scripts to support testing as specified in ETSI NFV-SOL004 - Testing directory in CSAR - + .. container:: note @@ -2040,7 +2040,7 @@ Requirements Added Note: Currently, ONAP doesn't have the capability of Image management, we upload the image into VIM/VNFM manually. - + .. container:: note @@ -2050,7 +2050,7 @@ Requirements Added their VNF(s) incorporate. CSAR License directory as per ETSI SOL004. for example ROOT\\Licenses\\ **License_term.txt** - + ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Structure and Format ---------------------------------------------------------------------------------- @@ -2058,7 +2058,7 @@ ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Structure and Form Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2066,7 +2066,7 @@ Requirements Added The VNF package **MUST** be arranged as a CSAR archive as specified in TOSCA Simple Profile in YAML 1.2. - + .. container:: note @@ -2079,7 +2079,7 @@ Requirements Added **Note:** SDC supports only the CSAR Option 1 in Casablanca. The Option 2 will be considered in future ONAP releases, - + PNF Plug and Play > PNF Plug and Play ------------------------------------- @@ -2087,7 +2087,7 @@ PNF Plug and Play > PNF Plug and Play Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2102,7 +2102,7 @@ Requirements Added Note: The configuration management and provisioning software are specific to a vendor architecture. - + .. container:: note @@ -2114,7 +2114,7 @@ Requirements Added Note: these VES Events are emitted from the PNF to support PNF Plug and Play, High Volume Measurements, and Fault events respectively. - + .. container:: note @@ -2130,7 +2130,7 @@ Requirements Added to ascertain which ones are supported up to an including all of the ones that have been defined. Note: It is expected that there will be a growing list of supported configuration parameters in future releases of ONAP. - + .. container:: note @@ -2142,7 +2142,7 @@ Requirements Added Note: this exchange may be either Ansible, Chef, or NetConf depending on the PNF. Note: The PNF Controller may be VF-C, APP-C or SDN-C based on the PNF and PNF domain. Note: for R3 (Casablanca) only Ansible is supported. - + .. container:: note @@ -2160,7 +2160,7 @@ Requirements Added special setup to allow an external PNF to contact the ONAP installation. For example, in the AT&T network, a maintenance tunnel is used to access ONAP. - + .. container:: note @@ -2176,7 +2176,7 @@ Requirements Added have a means to log an error and notify a user when a fault condition occurs in trying to contact ONAP, authenticate or send a pnfRegistration event. - + .. container:: note @@ -2185,7 +2185,7 @@ Requirements Added (Error Case) - If an error is encountered by the PNF during a Service Configuration exchange with ONAP, the PNF **MAY** log the error and notify an operator. - + .. container:: note @@ -2194,7 +2194,7 @@ Requirements Added The PNF Vendor **MAY** provide software version(s) to be supported by PNF for SDC Design Studio PNF Model. This is set in the PNF Model property software_versions. - + .. container:: note @@ -2203,7 +2203,7 @@ Requirements Added The PNF **MAY** support a HTTP connection to the DCAE VES Event Listener. Note: HTTP is allowed but not recommended. - + .. container:: note @@ -2220,14 +2220,14 @@ Requirements Added complete installation & commissioning. The management of the VES event exchange is also a requirement on the PNF to be developed by the PNF vendor. - + .. container:: note :need:`R-686466` The PNF **MUST** support sending a pnfRegistration VES event. - + .. container:: note @@ -2235,7 +2235,7 @@ Requirements Added When the PNF receives a Service configuration from ONAP, the PNF **MUST** cease sending the pnfRegistration VES Event. - + .. container:: note @@ -2243,7 +2243,7 @@ Requirements Added The PNF **MUST** support a HTTPS connection to the DCAE VES Event Listener. - + .. container:: note @@ -2257,7 +2257,7 @@ Requirements Added Note: It is up to the specific vendor to design the software management functions. - + .. container:: note @@ -2274,7 +2274,7 @@ Requirements Added Note: The ONAP IP address could be provisioned or resolved through FQDN & DNS. - + .. container:: note @@ -2287,7 +2287,7 @@ Requirements Added Note: HTTP Basic Authentication has 4 steps: Request, Authenticate, Authorization with Username/Password Credentials, and Authentication Status as per RFC7617 and RFC 2617. - + .. container:: note @@ -2312,14 +2312,14 @@ Requirements Added (3) HTTP with Username & Password & TLS with server-side certificate authentication. - + .. container:: note :need:`R-980039` The PNF **MUST** send the pnfRegistration VES event periodically. - + .. container:: note @@ -2330,7 +2330,7 @@ Requirements Added Note: The PNF uses the service configuration request as a semaphore to stop sending the pnfRegistration sent. See the requirement PNP-5360 requirement. - + Resource IDs ------------ @@ -2338,7 +2338,7 @@ Resource IDs Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2347,7 +2347,7 @@ Requirements Changed When a VNF's Heat Orchestration Template's resource is associated with a single internal network, the Resource ID **MUST** contain the text ``int_{network-role}``. - + .. container:: note @@ -2358,7 +2358,7 @@ Requirements Changed external network, the Resource ID **MUST** not contain the ``{vm-type}`` and/or ``{network-role}``/``int_{network-role}``. It also should contain the term ``shared`` and/or contain text that identifies the VNF. - + .. container:: note @@ -2380,7 +2380,7 @@ Requirements Changed - note that an ``{index}`` value **MAY** separate the ``{vm-type}`` and the ``{network-role}`` and when this occurs underscores **MUST** separate the three values. (e.g., ``{vm-type}_{index}_{network-role}``). - + .. container:: note @@ -2400,7 +2400,7 @@ Requirements Changed ``{vm-type}`` and the ``int_{network-role}`` and when this occurs underscores **MUST** separate the three values. (e.g., ``{vm-type}_{index}_int_{network-role}``). - + Resource IDs > Contrail Heat Resources Resource ID Naming Convention > OS::ContrailV2::VirtualNetwork ----------------------------------------------------------------------------------------------------- @@ -2408,7 +2408,7 @@ Resource IDs > Contrail Heat Resources Resource ID Naming Convention > OS::Contr Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2430,7 +2430,7 @@ Requirements Changed Heat Orchestration Template. Note that option 1 is preferred. - + Resource IDs > OpenStack Heat Resources Resource ID Naming Convention > OS::Neutron::Net ---------------------------------------------------------------------------------------- @@ -2438,7 +2438,7 @@ Resource IDs > OpenStack Heat Resources Resource ID Naming Convention > OS::Neut Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2453,7 +2453,7 @@ Requirements Changed There is no ``{index}`` after ``{network-role}`` because ``{network-role}`` **MUST** be unique in the scope of the VNF's Heat Orchestration Template. - + Resource: OS::Neutron::Port - Parameters > Introduction > Items to Note ----------------------------------------------------------------------- @@ -2461,7 +2461,7 @@ Resource: OS::Neutron::Port - Parameters > Introduction > Items to Note Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2474,7 +2474,7 @@ Requirements Changed * property ``fixed_ips`` map property ``ip_address`` **MUST** be used * property ``fixed_ips`` map property ``subnet`` **MUST NOT** be used - + .. container:: note @@ -2487,7 +2487,7 @@ Requirements Changed * property ``fixed_ips`` map property ``ip_address`` **MUST NOT** be used * property ``fixed_ips`` map property ``subnet`` **MAY** be used - + .. container:: note @@ -2501,7 +2501,7 @@ Requirements Changed * property ``fixed_ips`` map property ``ip_address`` **MUST** be used * property ``fixed_ips`` map property ``subnet`` **MUST NOT** be used - + Resource: OS::Neutron::Port - Parameters > Property: allowed_address_pairs, Map Property: ip_address > VIP Assignment, External Networks, Supported by Automation ----------------------------------------------------------------------------------------------------------------------------------------------------------------- @@ -2509,7 +2509,7 @@ Resource: OS::Neutron::Port - Parameters > Property: allowed_address_pairs, Map Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2535,7 +2535,7 @@ Requirements Changed network And the parameter **MUST** be declared as type ``string``. - + .. container:: note @@ -2561,7 +2561,7 @@ Requirements Changed network And the parameter **MUST** be declared as type ``string``. - + Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: ip_address ---------------------------------------------------------------------------------------- @@ -2569,7 +2569,7 @@ Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: ip Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2581,7 +2581,7 @@ Requirements Changed ``{vm-type}_int_{network-role}_ip_{index}`` **MUST** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2593,7 +2593,7 @@ Requirements Changed ``{vm-type}_{network-role}_ip_{index}`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2617,7 +2617,7 @@ Requirements Changed ``OS::Nova::Server`` * ``{network-role}`` is the {network-role} of the internal network - + .. container:: note @@ -2642,7 +2642,7 @@ Requirements Changed * ``{network-role}`` is the {network-role} of the internal network * the value for ``{index`` must start at zero (0) and increment by one - + .. container:: note @@ -2654,7 +2654,7 @@ Requirements Changed ``{vm-type}_int_{network-role}_int_ips`` **MUST** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2678,7 +2678,7 @@ Requirements Changed OS::Nova::Server * ``{network-role}`` is the {network-role} of the external network - + .. container:: note @@ -2690,7 +2690,7 @@ Requirements Changed ``{vm-type}_{network-role}_v6_ip_{index}`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2702,7 +2702,7 @@ Requirements Changed ``{vm-type}_int_{network-role}_v6_ips`` **MUST** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2722,7 +2722,7 @@ Requirements Changed **MUST** be enumerated in the Heat Orchestration Template's Environment File and IP addresses **MUST** be assigned. - + .. container:: note @@ -2746,7 +2746,7 @@ Requirements Changed * ``{network-role}`` is the {network-role} of the external network * the value for ``{index}`` must start at zero (0) and increment by one - + .. container:: note @@ -2770,7 +2770,7 @@ Requirements Changed ``OS::Nova::Server`` * ``{network-role}`` is the {network-role} of the internal network - + .. container:: note @@ -2794,7 +2794,7 @@ Requirements Changed * ``{network-role}`` is the {network-role} of the external network * the value for ``{index}`` must start at zero (0) and increment by one - + .. container:: note @@ -2814,7 +2814,7 @@ Requirements Changed **MUST NOT** be enumerated in the Heat Orchestration Template's Environment File. ONAP provides the IP address assignments at orchestration time. - + .. container:: note @@ -2838,7 +2838,7 @@ Requirements Changed ``OS::Nova::Server`` * ``{network-role}`` is the {network-role} of the external network - + .. container:: note @@ -2850,7 +2850,7 @@ Requirements Changed ``{vm-type}_int_{network-role}_v6_ip_{index}`` **MUST** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2875,7 +2875,7 @@ Requirements Changed * ``{network-role}`` is the {network-role} of the internal network * the value for ``{index}`` must start at zero (0) and increment by one - + Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: subnet ------------------------------------------------------------------------------------ @@ -2883,7 +2883,7 @@ Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: su Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -2910,7 +2910,7 @@ Requirements Changed Note that the parameter **MUST** be defined as an ``output`` parameter in the base module. - + .. container:: note @@ -2931,7 +2931,7 @@ Requirements Changed where * ``{network-role}`` is the network role of the network. - + .. container:: note @@ -2943,7 +2943,7 @@ Requirements Changed ``int_{network-role}_v6_subnet_id`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -2966,7 +2966,7 @@ Requirements Changed Note that the parameter **MUST** be defined as an ``output`` parameter in the base module. - + .. container:: note @@ -2987,7 +2987,7 @@ Requirements Changed where * ``{network-role}`` is the network role of the network. - + .. container:: note @@ -2999,7 +2999,7 @@ Requirements Changed ``{network-role}_subnet_id`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -3011,7 +3011,7 @@ Requirements Changed ``{network-role}_v6_subnet_id`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + .. container:: note @@ -3021,7 +3021,7 @@ Requirements Changed resource ``OS::Neutron::Port`` property ``fixed_ips`` map property ``subnet`` parameter **MUST** be declared type ``string``. - + .. container:: note @@ -3033,7 +3033,7 @@ Requirements Changed ``int_{network-role}_subnet_id`` **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's Environment File. - + Resource: OS::Neutron::Port - Parameters > Property: network ------------------------------------------------------------ @@ -3041,7 +3041,7 @@ Resource: OS::Neutron::Port - Parameters > Property: network Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3051,7 +3051,7 @@ Requirements Changed property ``network`` parameter **MUST NOT** be enumerated in the Heat Orchestration Template's Environment File. - + .. container:: note @@ -3069,7 +3069,7 @@ Requirements Changed where ``{network-role}`` is the network-role of the external network and a ``get_param`` **MUST** be used as the intrinsic function. - + .. container:: note @@ -3084,7 +3084,7 @@ Requirements Changed of the internal network by using the intrinsic function ``get_resource`` and referencing the Resource ID of the internal network. - + .. container:: note @@ -3104,7 +3104,7 @@ Requirements Changed where ``{network-role}`` is the network-role of the internal network and a ``get_param`` **MUST** be used as the intrinsic function. - + Resource: OS::Nova::Server - Parameters --------------------------------------- @@ -3112,7 +3112,7 @@ Resource: OS::Nova::Server - Parameters Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3129,7 +3129,7 @@ Requirements Added **MUST** contain the identical ``{vm-type}`` and **MUST** follow the naming conventions defined in R-58670, R-45188, R-54171, R-87817, and R-29751. - + Resource: OS::Nova::Server - Parameters > Property: Name -------------------------------------------------------- @@ -3137,7 +3137,7 @@ Resource: OS::Nova::Server - Parameters > Property: Name Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3145,11 +3145,11 @@ Requirements Added The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` property ``name`` value **MUST** be be obtained via a ``get_param``. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3159,7 +3159,7 @@ Requirements Changed property ``name`` parameter is defined as a ``string``, a parameter **MUST** be delcared for each ``OS::Nova::Server`` resource associated with the ``{vm-type}``. - + .. container:: note @@ -3171,7 +3171,7 @@ Requirements Changed ``{vm-type}_name_{index}``, where ``{index}`` is a numeric value that starts at zero and increments by one. - + .. container:: note @@ -3181,7 +3181,7 @@ Requirements Changed property ``name`` parameter **MUST** be declared as either type ``string`` or type ``comma_delimited_list``. - + Resource: OS::Nova::Server - Parameters > Property: Name > Contrail Issue with Values for OS::Nova::Server Property Name ------------------------------------------------------------------------------------------------------------------------ @@ -3189,7 +3189,7 @@ Resource: OS::Nova::Server - Parameters > Property: Name > Contrail Issue with V Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3202,7 +3202,7 @@ Requirements Changed However, if special characters must be used, the only special characters supported are: --- \" ! $ ' (\ \ ) = ~ ^ | @ ` { } [ ] > , . _ - + Resource: OS::Nova::Server - Parameters > Property: availability_zone --------------------------------------------------------------------- @@ -3210,7 +3210,7 @@ Resource: OS::Nova::Server - Parameters > Property: availability_zone Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3220,7 +3220,7 @@ Requirements Changed Resource **MAY** define a parameter for the property ``availability_zone`` that is not utilized in any ``OS::Nova::Server`` resources in the Heat Orchestration Template. - + .. container:: note @@ -3232,7 +3232,7 @@ Requirements Changed ``availability_zone_{index}`` where the ``{index}`` **MUST** start at zero and increment by one. - + Resource: OS::Nova::Server - Parameters > Property: flavor ---------------------------------------------------------- @@ -3240,7 +3240,7 @@ Resource: OS::Nova::Server - Parameters > Property: flavor Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3248,7 +3248,7 @@ Requirements Added The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` property ``flavor`` value **MUST** be be obtained via a ``get_param``. - + Resource: OS::Nova::Server - Parameters > Property: image --------------------------------------------------------- @@ -3256,7 +3256,7 @@ Resource: OS::Nova::Server - Parameters > Property: image Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3264,7 +3264,7 @@ Requirements Added The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server`` property ``image`` value **MUST** be be obtained via a ``get_param``. - + Resource: OS::Nova::Server Metadata Parameters > environment_context -------------------------------------------------------------------- @@ -3272,7 +3272,7 @@ Resource: OS::Nova::Server Metadata Parameters > environment_context Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3282,7 +3282,7 @@ Requirements Changed property ``metadata`` key/value pair ``environment_context`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3292,7 +3292,7 @@ Requirements Changed property ``metadata``key/value pair ``environment_context`` parameter ``environment_context`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3302,7 +3302,7 @@ Requirements Changed property ``metadata`` key/value pair ``environment_context`` parameter **MUST** be declared as ``environment_context`` and the parameter type **MUST** be defined as type: ``string``. - + Resource: OS::Nova::Server Metadata Parameters > vf_module_id ------------------------------------------------------------- @@ -3310,7 +3310,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_id Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3321,7 +3321,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_id`` is passed into a Nested YAML file, the key/value pair name ``vf_module_id`` **MUST NOT** change. - + .. container:: note @@ -3331,7 +3331,7 @@ Requirements Changed property ``metadata`` **MUST** contain the key/value pair ``vf_module_id`` and the value MUST be obtained via a ``get_param``. - + .. container:: note @@ -3341,7 +3341,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_id`` parameter **MUST** be declared as ``vf_module_id`` and the parameter **MUST** be defined as type: ``string``. - + .. container:: note @@ -3351,7 +3351,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3361,7 +3361,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + Resource: OS::Nova::Server Metadata Parameters > vf_module_index ---------------------------------------------------------------- @@ -3369,7 +3369,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_index Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3380,7 +3380,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_index`` parameter ``vf_module_index`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3389,7 +3389,7 @@ Requirements Changed A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property ``metadata`` key/value pair ``vf_module_index`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3399,7 +3399,7 @@ Requirements Changed property ``metadata`` key/value pair ``vf_module_index`` is passed into a Nested YAML file, the key/value pair ``vf_module_index`` **MUST NOT** change. - + .. container:: note @@ -3409,7 +3409,7 @@ Requirements Changed resource property ``metadata`` **MAY** contain the key/value pair ``vf_module_index`` and the value **MUST** be obtained via a ``get_param``. - + .. container:: note @@ -3420,7 +3420,7 @@ Requirements Changed be used in a ``OS::Cinder::Volume`` resource and **MUST NOT** be used in VNF's Volume template; it is not supported. - + .. container:: note @@ -3431,7 +3431,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_index`` parameter **MUST** be declared as ``vf_module_index`` and the parameter **MUST** be defined as type: ``number``. - + Resource: OS::Nova::Server Metadata Parameters > vf_module_name --------------------------------------------------------------- @@ -3439,7 +3439,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_name Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3449,7 +3449,7 @@ Requirements Changed property ``metadata`` **SHOULD** contain the key/value pair ``vf_module_name`` and the value **MUST** be obtained via a ``get_param``. - + .. container:: note @@ -3459,7 +3459,7 @@ Requirements Changed property ``metadata`` key/value pair ``vf_module_name`` is passed into a Nested YAML file, the key/value pair name ``vf_module_name`` **MUST NOT** change. - + .. container:: note @@ -3469,7 +3469,7 @@ Requirements Changed property ``metadata`` key/value pair ``vf_module_name`` parameter ``vf_module_name`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3479,7 +3479,7 @@ Requirements Changed property ``metadata`` key/value pair ``vf_module_name`` parameter ``vf_module_name`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3490,7 +3490,7 @@ Requirements Changed ``metadata`` key/value pair ``vf_module_name`` parameter **MUST** be declared as ``vf_module_name`` and the parameter **MUST** be defined as type: ``string``. - + Resource: OS::Nova::Server Metadata Parameters > vm_role -------------------------------------------------------- @@ -3498,7 +3498,7 @@ Resource: OS::Nova::Server Metadata Parameters > vm_role Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3507,7 +3507,7 @@ Requirements Changed A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property ``metadata`` key/value pair ``vm_role`` parameter ``vm_role`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3517,7 +3517,7 @@ Requirements Changed property ``metadata`` key/value pair ``vm_role`` is passed into a Nested YAML file, the key/value pair name ``vm_role`` **MUST NOT** change. - + .. container:: note @@ -3526,7 +3526,7 @@ Requirements Changed A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property ``metadata`` key/value pair ``vm_role`` value **MUST** only contain alphanumeric characters and underscores (i.e., '_'). - + .. container:: note @@ -3537,7 +3537,7 @@ Requirements Changed ``metadata`` key/value pair ``vm_role`` value is obtained via ``get_param``, the parameter **MUST** be declared as ``vm_role`` and the parameter **MUST** be defined as type: ``string``. - + .. container:: note @@ -3550,7 +3550,7 @@ Requirements Changed - ``get_param`` - hard coded in the key/value pair ``vm_role``. - + Resource: OS::Nova::Server Metadata Parameters > vnf_id ------------------------------------------------------- @@ -3558,7 +3558,7 @@ Resource: OS::Nova::Server Metadata Parameters > vnf_id Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3568,7 +3568,7 @@ Requirements Changed property ``metadata`` key/value pair ``vnf_id`` is passed into a Nested YAML file, the key/value pair name ``vnf_id`` **MUST NOT** change. - + .. container:: note @@ -3578,7 +3578,7 @@ Requirements Changed resource property ``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3589,7 +3589,7 @@ Requirements Changed ``metadata`` key/value pair ``vnf_id`` parameter **MUST** be declared as ``vnf_id`` and the parameter **MUST** be defined as type: ``string``. - + .. container:: note @@ -3599,7 +3599,7 @@ Requirements Changed resource property ``metadata`` **MUST** contain the key/value pair ``vnf_id`` and the value **MUST** be obtained via a ``get_param``. - + .. container:: note @@ -3609,7 +3609,7 @@ Requirements Changed resource property ``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT** have parameter constraints defined. - + Resource: OS::Nova::Server Metadata Parameters > vnf_name --------------------------------------------------------- @@ -3617,7 +3617,7 @@ Resource: OS::Nova::Server Metadata Parameters > vnf_name Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3627,7 +3627,7 @@ Requirements Changed property ``metadata`` key/value pair ``vnf_name`` parameter ``vnf_name`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3636,7 +3636,7 @@ Requirements Changed A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property ``metadata`` **MUST** contain the key/value pair ``vnf_name`` and the value **MUST** be obtained via a ``get_param``. - + .. container:: note @@ -3646,7 +3646,7 @@ Requirements Changed property ``metadata`` key/value pair ``vnf_name`` parameter ``vnf_name`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3656,7 +3656,7 @@ Requirements Changed property ``metadata`` key/value pair ``vnf_name`` parameter **MUST** be declared as ``vnf_name`` and the parameter **MUST** be defined as type: ``string``. - + .. container:: note @@ -3666,7 +3666,7 @@ Requirements Changed property ``metadata`` key/value pair ``vnf_name`` is passed into a Nested YAML file, the key/value pair name ``vnf_name`` **MUST NOT** change. - + Resource: OS::Nova::Server Metadata Parameters > workload_context ----------------------------------------------------------------- @@ -3674,7 +3674,7 @@ Resource: OS::Nova::Server Metadata Parameters > workload_context Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3685,7 +3685,7 @@ Requirements Changed parameter **MUST** be declared as ``workload_context`` and the parameter **MUST** be defined as type: ``string``. - + .. container:: note @@ -3695,7 +3695,7 @@ Requirements Changed property ``metadata`` key/value pair ``workload_context`` parameter ``workload_context`` **MUST NOT** be enumerated in the Heat Orchestration Template's environment file. - + .. container:: note @@ -3705,7 +3705,7 @@ Requirements Changed property ``metadata`` key/value pair ``workload_context`` parameter ``workload_context`` **MUST NOT** have parameter constraints defined. - + .. container:: note @@ -3715,7 +3715,7 @@ Requirements Changed property ``metadata`` key/value pair ``workload_context`` is passed into a Nested YAML file, the key/value pair name ``workload_context`` **MUST NOT** change. - + VNF On-boarding and package management > Resource Description ------------------------------------------------------------- @@ -3723,7 +3723,7 @@ VNF On-boarding and package management > Resource Description Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3731,7 +3731,7 @@ Requirements Added The VNF package MUST provide :doc:`VES Event Registration <../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>` for all VES events provided by that xNF. - + .. container:: note @@ -3739,7 +3739,7 @@ Requirements Added The VNF documentation **MUST** contain a list of the files within the VNF package that are static during the VNF's runtime. - + VNF On-boarding and package management > Testing ------------------------------------------------ @@ -3747,7 +3747,7 @@ VNF On-boarding and package management > Testing Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3755,7 +3755,7 @@ Requirements Changed The xNF Package **MUST** include documentation describing the tests that were conducted by the xNF provider and the test results. - + VNF Resiliency > Virtual Function - Container Recovery Requirements ------------------------------------------------------------------- @@ -3763,21 +3763,21 @@ VNF Resiliency > Virtual Function - Container Recovery Requirements Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-46851` The VNF **MUST** support ONAP Controller's Evacuate command. - + .. container:: note :need:`R-48761` The VNF **MUST** support ONAP Controller's Snapshot command. - + VNF Security > VNF API Security Requirements -------------------------------------------- @@ -3785,7 +3785,7 @@ VNF Security > VNF API Security Requirements Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3795,7 +3795,7 @@ Requirements Changed on APIs: Validate that any input file has a correct and valid Multipurpose Internet Mail Extensions (MIME) type. Input files should be tested for spoofed MIME types. - + .. container:: note @@ -3807,7 +3807,7 @@ Requirements Changed SQL expressions, may cause the system to execute undesirable and unauthorized transactions against the database or allow other inappropriate access to the internal network (injection attacks). - + .. container:: note @@ -3815,11 +3815,11 @@ Requirements Changed The VNF **SHOULD** integrate with the Operator's authentication and authorization services (e.g., IDAM). - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3827,7 +3827,7 @@ Requirements Removed The VNF **MUST** implement all monitoring and logging as described in the Security Analytics section. - + .. container:: note @@ -3835,7 +3835,7 @@ Requirements Removed The VNF **MUST** restrict changing the criticality level of a system security alarm to administrator(s). - + .. container:: note @@ -3845,7 +3845,7 @@ Requirements Removed anomalous access patterns that may represent fraudulent access or other types of attacks, or integrate with tools that implement anomaly and abuse detection. - + .. container:: note @@ -3855,14 +3855,14 @@ Requirements Removed ensure that the date is within the validity period of the certificate, check the Certificate Revocation List (CRL), and recognize the identity represented by the certificate where PKI-based authentication is used. - + .. container:: note R-23772 The VNF **MUST** validate input at all layers implementing VNF APIs. - + .. container:: note @@ -3871,7 +3871,7 @@ Requirements Removed The VNF **MUST** use certificates issued from publicly recognized Certificate Authorities (CA) for the authentication process where PKI-based authentication is used. - + .. container:: note @@ -3879,7 +3879,7 @@ Requirements Removed The VNF **MUST** provide a mechanism to restrict access based on the attributes of the VNF and the attributes of the subject. - + .. container:: note @@ -3887,7 +3887,7 @@ Requirements Removed The VNF **MUST** support requests for information from law enforcement and government agencies. - + .. container:: note @@ -3895,7 +3895,7 @@ Requirements Removed The VNF **MUST** comply with NIST standards and industry best practices for all implementations of cryptography. - + VNF Security > VNF Cryptography Requirements -------------------------------------------- @@ -3903,7 +3903,7 @@ VNF Security > VNF Cryptography Requirements Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3912,7 +3912,7 @@ Requirements Changed The VNF **SHOULD** support an automated certificate management protocol such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or Automated Certificate Management Environment (ACME). - + .. container:: note @@ -3920,7 +3920,7 @@ Requirements Changed The VNF **SHOULD** provide the capability to integrate with an external encryption service. - + .. container:: note @@ -3933,7 +3933,7 @@ Requirements Changed Note: The VNF provider cannot require the use of self-signed certificates in an Operator's run time environment. - + .. container:: note @@ -3941,7 +3941,7 @@ Requirements Changed The VNF **MUST** support HTTP/S using TLS v1.2 or higher with strong cryptographic ciphers. - + VNF Security > VNF Data Protection Requirements ----------------------------------------------- @@ -3949,7 +3949,7 @@ VNF Security > VNF Data Protection Requirements Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -3957,7 +3957,7 @@ Requirements Changed The VNF **MUST** provide the capability of using X.509 certificates issued by an external Certificate Authority. - + .. container:: note @@ -3965,7 +3965,7 @@ Requirements Changed The VNF **MUST** provide the capability to restrict read and write access to data handled by the VNF. - + .. container:: note @@ -3973,7 +3973,7 @@ Requirements Changed The VNF **MUST** be capable of protecting the confidentiality and integrity of data at rest and in transit from unauthorized access and modification. - + .. container:: note @@ -3983,7 +3983,7 @@ Requirements Changed non-volatile memory.Non-volative memory is storage that is capable of retaining data without electrical power, e.g. Complementary metal-oxide-semiconductor (CMOS) or hard drives. - + .. container:: note @@ -3992,7 +3992,7 @@ Requirements Changed The VNF **MUST** use NIST and industry standard cryptographic algorithms and standard modes of operations when implementing cryptography. - + .. container:: note @@ -4000,7 +4000,7 @@ Requirements Changed The VNF **MUST** support digital certificates that comply with X.509 standards. - + .. container:: note @@ -4011,7 +4011,7 @@ Requirements Changed IPSec, X.509 digital certificates for cryptographic implementations. These implementations must be purchased from reputable vendors or obtained from reputable open source communities and must not be developed in-house. - + .. container:: note @@ -4019,7 +4019,7 @@ Requirements Changed The VNF **MUST** provide the ability to migrate to newer versions of cryptographic algorithms and protocols with minimal impact. - + .. container:: note @@ -4030,11 +4030,11 @@ Requirements Changed Acceptable algorithms can be found in the NIST FIPS publications (https://csrc.nist.gov/publications/fips) and in the NIST Special Publications (https://csrc.nist.gov/publications/sp). - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4043,7 +4043,7 @@ Requirements Removed The VNF **SHOULD** use commercial algorithms only when there are no applicable governmental standards for specific cryptographic functions, e.g., public key cryptography, message digests. - + .. container:: note @@ -4051,7 +4051,7 @@ Requirements Removed The VNF **MUST** provide the capability to restrict access to data to specific users. - + VNF Security > VNF General Security Requirements ------------------------------------------------ @@ -4059,7 +4059,7 @@ VNF Security > VNF General Security Requirements Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4068,14 +4068,14 @@ Requirements Added Login access (e.g., shell access) to the operating system layer, whether interactive or as part of an automated process, **MUST** be through an encrypted protocol such as SSH or TLS. - + .. container:: note :need:`R-240760` The VNF **MUST NOT** contain any backdoors. - + .. container:: note @@ -4083,14 +4083,14 @@ Requirements Added If SNMP is utilized, the VNF **MUST** support at least SNMPv3 with message authentication. - + .. container:: note :need:`R-258686` The VNF application processes **MUST NOT** run as root. - + .. container:: note @@ -4100,7 +4100,7 @@ Requirements Added display the last valid login date and time and the number of unsuccessful attempts since then made with that user's ID. This requirement is only applicable when the user account is defined locally in the VNF. - + .. container:: note @@ -4109,14 +4109,14 @@ Requirements Added The VNF **MUST** log any security event required by the VNF Requirements to Syslog using LOG_AUTHPRIV for any event that would contain sensitive information and LOG_AUTH for all other relevant events. - + .. container:: note :need:`R-756950` The VNF **MUST** be operable without the use of Network File System (NFS). - + .. container:: note @@ -4126,7 +4126,7 @@ Requirements Added package, that specifies the targetted parameters, e.g. a limited set of ports, over which the VNF will communicate (including internal, external and management communication). - + .. container:: note @@ -4138,11 +4138,11 @@ Requirements Added security techniques that include the use of file and directory permissions. Ideally, credentials SHOULD rely on a HW Root of Trust, such as a TPM or HSM. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4150,7 +4150,7 @@ Requirements Changed The VNF **MUST** support encrypted access protocols, e.g., TLS, SSH, SFTP. - + .. container:: note @@ -4158,7 +4158,7 @@ Requirements Changed The VNF **SHOULD** provide the capability for the Operator to run security vulnerability scans of the operating system and all application layers. - + .. container:: note @@ -4167,7 +4167,7 @@ Requirements Changed The VNF **MUST** provide a mechanism (e.g., access control list) to permit and/or restrict access to services on the VNF by source, destination, protocol, and/or port. - + .. container:: note @@ -4176,7 +4176,7 @@ Requirements Changed The VNF **SHOULD** support network segregation, i.e., separation of OA&M traffic from signaling and payload traffic, using technologies such as VPN and VLAN. - + .. container:: note @@ -4185,7 +4185,7 @@ Requirements Changed The VNF **MUST** allow the Operator to disable or remove any security testing tools or programs included in the VNF, e.g., password cracker, port scanner. - + .. container:: note @@ -4193,7 +4193,7 @@ Requirements Changed The VNF **MUST** support the ability to prohibit remote access to the VNF via a host based security mechanism. - + .. container:: note @@ -4205,7 +4205,7 @@ Requirements Changed allow the Operator to harden the VNF. Actions taken to harden a system include disabling all unnecessary services, and changing default values such as default credentials and community strings. - + .. container:: note @@ -4215,7 +4215,7 @@ Requirements Changed ability to present a warning notice that is set by the Operator. A warning notice is a formal statement of resource intent presented to everyone who accesses the system. - + .. container:: note @@ -4223,7 +4223,7 @@ Requirements Changed The VNF **MUST** provide functionality that enables the Operator to comply with requests for information from law enforcement and government agencies. - + .. container:: note @@ -4231,7 +4231,7 @@ Requirements Changed The VNF **MUST** implement and enforce the principle of least privilege on all protected interfaces. - + .. container:: note @@ -4239,7 +4239,7 @@ Requirements Changed The VNF **SHOULD** support the use of virtual trusted platform module. - + .. container:: note @@ -4249,7 +4249,7 @@ Requirements Changed in the VNF as soon as possible. Patching shall be controlled via change control process with vulnerabilities disclosed along with mitigation recommendations. - + .. container:: note @@ -4258,11 +4258,11 @@ Requirements Changed The VNF **SHOULD** provide a mechanism that enables the operators to perform automated system configuration auditing at configurable time intervals. - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4270,7 +4270,7 @@ Requirements Removed The VNF **SHOULD** support the ability to work with aliases (e.g., gateways, proxies) to protect and encapsulate resources. - + .. container:: note @@ -4279,7 +4279,7 @@ Requirements Removed The VNF **SHOULD** interoperate with various access control mechanisms for the Network Cloud execution environment (e.g., Hypervisors, containers). - + .. container:: note @@ -4287,7 +4287,7 @@ Requirements Removed The VNF **MUST**, if not using the NCSP's IDAM API, comply with the NCSP's credential management policy. - + .. container:: note @@ -4297,7 +4297,7 @@ Requirements Removed with "password changes (includes default passwords)" policy. Products will support password aging, syntax and other credential management practices on a configurable basis. - + .. container:: note @@ -4306,7 +4306,7 @@ Requirements Removed The VNF **MUST**, if not using the NCSP's IDAM API, support use of common third party authentication and authorization tools such as TACACS+, RADIUS. - + .. container:: note @@ -4316,7 +4316,7 @@ Requirements Removed the requirements if not using the NCSP's IDAM API, for identification, authentication and access control of OA&M and other system level functions. - + .. container:: note @@ -4327,7 +4327,7 @@ Requirements Removed ACLs, stateful firewalls and application layer gateways depending on manner of deployment. The application is expected to function (and in some cases, interwork) with these security tools. - + .. container:: note @@ -4337,7 +4337,7 @@ Requirements Removed the ability to support Multi-Factor Authentication (e.g., 1st factor = Software token on device (RSA SecureID); 2nd factor = User Name+Password, etc.) for the users. - + .. container:: note @@ -4346,7 +4346,7 @@ Requirements Removed The VNF **MUST** distribute all production code from NCSP internal sources only. No production code, libraries, OS images, etc. shall be distributed from publically accessible depots. - + .. container:: note @@ -4354,7 +4354,7 @@ Requirements Removed The VNF **MUST**, if not using the NCSP's IDAM API, support logging via ONAP for a historical view of "who did what and when." - + .. container:: note @@ -4365,7 +4365,7 @@ Requirements Removed needs to have appropriate connectors to the Identity, Authentication and Authorization systems that enables access at OS, Database and Application levels as appropriate. - + .. container:: note @@ -4379,7 +4379,7 @@ Requirements Removed subscriber identifiable data should be encrypted at rest. Other data protection requirements exist and should be well understood by the developer. - + VNF Security > VNF Identity and Access Management Requirements -------------------------------------------------------------- @@ -4387,7 +4387,7 @@ VNF Security > VNF Identity and Access Management Requirements Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4395,7 +4395,7 @@ Requirements Added The VNF **MUST** provide a means for the user to explicitly logout, thus ending that session for that authenticated user. - + .. container:: note @@ -4404,7 +4404,7 @@ Requirements Added The VNF **MUST**, if not integrated with the Operator's Identity and Access Management system, or enforce a configurable "terminate idle sessions" policy by terminating the session after a configurable period of inactivity. - + .. container:: note @@ -4412,7 +4412,7 @@ Requirements Added The VNF **MUST NOT** display "Welcome" notices or messages that could be misinterpreted as extending an invitation to unauthorized users. - + .. container:: note @@ -4420,7 +4420,7 @@ Requirements Added A failed authentication attempt **MUST NOT** identify the reason for the failure to the user, only that the authentication failed. - + .. container:: note @@ -4430,7 +4430,7 @@ Requirements Added manage, and automatically provision user accounts using an Operator approved identity lifecycle management tool using a standard protocol, e.g., NETCONF API. - + .. container:: note @@ -4438,7 +4438,7 @@ Requirements Added The VNF MUST not store authentication credentials to itself in clear text or any reversible form and must use salting. - + .. container:: note @@ -4446,11 +4446,11 @@ Requirements Added The VNF **MUST** support account names that contain at least A-Z, a-z, 0-9 character sets and be at least 6 characters in length. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4459,7 +4459,7 @@ Requirements Changed The VNF **MUST**, if not integrated with the Operator's identity and access management system, authenticate all access to protected GUIs, CLIs, and APIs. - + .. container:: note @@ -4467,7 +4467,7 @@ Requirements Changed The VNF **MUST** provide access controls that allow the Operator to restrict access to VNF functions and data to authorized entities. - + .. container:: note @@ -4476,7 +4476,7 @@ Requirements Changed The VNF **MUST** integrate with standard identity and access management protocols such as LDAP, TACACS+, Windows Integrated Authentication (Kerberos), SAML federation, or OAuth 2.0. - + .. container:: note @@ -4487,7 +4487,7 @@ Requirements Changed When a VNF is added to the network, nothing should be able to use it until the super user configures the VNF to allow other users (human and application) have access. - + .. container:: note @@ -4496,7 +4496,7 @@ Requirements Changed The VNF **MUST NOT** allow the assumption of the permissions of another account to mask individual accountability. For example, use SUDO when a user requires elevated permissions such as root or admin. - + .. container:: note @@ -4504,7 +4504,7 @@ Requirements Changed The VNF **MUST**, if not integrated with the Operator's Identity and Access Management system, support configurable password expiration. - + .. container:: note @@ -4513,7 +4513,7 @@ Requirements Changed Each architectural layer of the VNF (eg. operating system, network, application) **MUST** support access restriction independently of all other layers so that Segregation of Duties can be implemented. - + .. container:: note @@ -4523,7 +4523,7 @@ Requirements Changed and Access Management system, support the ability to disable the userID after a configurable number of consecutive unsuccessful authentication attempts using the same userID. - + .. container:: note @@ -4541,7 +4541,7 @@ Requirements Changed characters that may have command functions, and (6) new passwords must not contain sequences of three or more characters from the previous password. - + .. container:: note @@ -4549,7 +4549,7 @@ Requirements Changed The VNF **SHOULD** support OAuth 2.0 authorization using an external Authorization Server. - + .. container:: note @@ -4558,7 +4558,7 @@ Requirements Changed The VNF **MUST**, if not integrated with the Operator's Identity and Access Management system, support Role-Based Access Control to enforce least privilege. - + .. container:: note @@ -4567,7 +4567,7 @@ Requirements Changed The VNF **MUST**, if not integrated with the Operator's Identity and Access Management system, support the creation of multiple IDs so that individual accountability can be supported. - + .. container:: note @@ -4578,7 +4578,7 @@ Requirements Changed VNF for use by human users. Strong authentication uses at least two of the three different types of authentication factors in order to prove the claimed identity of a user. - + .. container:: note @@ -4588,18 +4588,18 @@ Requirements Changed the assigned permissions associated with an ID in order to support Least Privilege (no more privilege than required to perform job functions). - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note R-05470 The VNF **MUST** host connectors for access to the database layer. - + .. container:: note @@ -4607,7 +4607,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Session Hijacking. - + .. container:: note @@ -4615,7 +4615,7 @@ Requirements Removed The VNF **MUST NOT** include authentication credentials in security audit logs, even if encrypted. - + .. container:: note @@ -4623,7 +4623,7 @@ Requirements Removed The VNF **MUST** provide Context awareness data (device, location, time, etc.) and be able to integrate with threat detection system. - + .. container:: note @@ -4631,7 +4631,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Password Attacks. - + .. container:: note @@ -4639,7 +4639,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for XSS / CSRF. - + .. container:: note @@ -4648,7 +4648,7 @@ Requirements Removed The VNF **MUST** subject VNF provider access to privilege reconciliation tools to prevent access creep and ensure correct enforcement of access policies. - + .. container:: note @@ -4656,14 +4656,14 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Man in the Middle (MITM). - + .. container:: note R-45496 The VNF **MUST** host connectors for access to the OS (Operating System) layer. - + .. container:: note @@ -4674,7 +4674,7 @@ Requirements Removed owner of the VNF before provisioning authorization through Role Based Access Control (RBAC), Attribute Based Access Control (ABAC), or other policy based mechanism. - + .. container:: note @@ -4682,7 +4682,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Replay. - + .. container:: note @@ -4690,7 +4690,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Eavesdropping. - + .. container:: note @@ -4698,7 +4698,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Malware (Key Logger). - + .. container:: note @@ -4706,7 +4706,7 @@ Requirements Removed The VNF **MUST** provide minimum privileges for initial and default settings for new user accounts. - + .. container:: note @@ -4714,7 +4714,7 @@ Requirements Removed The VNF **MUST** provide or support the Identity and Access Management (IDAM) based threat detection data for Phishing / SMishing. - + .. container:: note @@ -4725,7 +4725,7 @@ Requirements Removed authorized personnel only, e.g., least privilege. These controls could include the use of system configuration or access control software. - + .. container:: note @@ -4734,7 +4734,7 @@ Requirements Removed The VNF **MUST** conform to approved request, workflow authorization, and authorization provisioning requirements when creating privileged users. - + .. container:: note @@ -4743,7 +4743,7 @@ Requirements Removed The VNF **MUST** authenticate system to system access and do not conceal a VNF provider user's individual accountability for transactions. - + .. container:: note @@ -4753,14 +4753,14 @@ Requirements Removed utilities capable of capturing or logging data that was not created by them or sent specifically to them in production, without authorization of the VNF system owner. - + .. container:: note R-95105 The VNF **MUST** host connectors for access to the application layer. - + VNF Security > VNF Security Analytics Requirements -------------------------------------------------- @@ -4768,14 +4768,14 @@ VNF Security > VNF Security Analytics Requirements Requirements Added ~~~~~~~~~~~~~~~~~~ - + .. container:: note :need:`R-303569` The VNF **MUST** log the Source IP address in the security audit logs. - + .. container:: note @@ -4783,7 +4783,7 @@ Requirements Added The VNF **SHOULD** provide the capability of maintaining the integrity of its static files using a cryptographic method. - + .. container:: note @@ -4794,7 +4794,7 @@ Requirements Added reporting in log files. It is recommended that Coordinated Universal Time (UTC) be used where possible, so as to eliminate ambiguity owing to daylight savings time. - + .. container:: note @@ -4803,7 +4803,7 @@ Requirements Added The VNF **MUST** have the capability to securely transmit the security logs and security events to a remote system before they are purged from the system. - + .. container:: note @@ -4811,11 +4811,11 @@ Requirements Added The VNF **MUST** log automated remote activities performed with elevated privileges. - + Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -4823,7 +4823,7 @@ Requirements Changed The VNF **MUST** log success and unsuccessful creation, removal, or change to the inherent privilege level of users. - + .. container:: note @@ -4832,7 +4832,7 @@ Requirements Changed The VNF **MUST** support detection of malformed packets due to software misconfiguration or software vulnerability, and generate an error to the syslog console facility. - + .. container:: note @@ -4840,7 +4840,7 @@ Requirements Changed The VNF **MUST** be implemented so that it is not vulnerable to OWASP Top 10 web application security risks. - + .. container:: note @@ -4850,7 +4850,7 @@ Requirements Changed attempts, e.g., authentication associated with a transaction, authentication to create a session, authentication to assume elevated privilege. - + .. container:: note @@ -4858,7 +4858,7 @@ Requirements Changed The VNF **SHOULD** operate with anti-virus software which produces alarms every time a virus is detected. - + .. container:: note @@ -4866,7 +4866,7 @@ Requirements Changed The VNF **MUST** log connections to the network listeners of the resource. - + .. container:: note @@ -4875,7 +4875,7 @@ Requirements Changed The VNF **MUST** activate security alarms automatically when it detects the successful modification of a critical system or application file. - + .. container:: note @@ -4884,7 +4884,7 @@ Requirements Changed The VNF **MUST** activate security alarms automatically when a configurable number of consecutive unsuccessful login attempts is reached. - + .. container:: note @@ -4892,7 +4892,7 @@ Requirements Changed The VNF **MUST** restrict changing the criticality level of a system security alarm to users with administrative privileges. - + .. container:: note @@ -4900,7 +4900,7 @@ Requirements Changed The VNF **MUST** detect when its security audit log storage medium is approaching capacity (configurable) and issue an alarm. - + .. container:: note @@ -4908,7 +4908,7 @@ Requirements Changed The VNF **MUST** log successful and unsuccessful access to VNF resources, including data. - + .. container:: note @@ -4916,7 +4916,7 @@ Requirements Changed The VNF **MUST** generate security audit logs that can be sent to Security Analytics Tools for analysis. - + .. container:: note @@ -4925,7 +4925,7 @@ Requirements Changed The VNF **MUST** activate security alarms automatically when it detects an unsuccessful attempt to gain permissions or assume the identity of another user. - + .. container:: note @@ -4933,18 +4933,18 @@ Requirements Changed The VNF **MUST** support the storage of security audit logs for a configurable period of time. - + Requirements Removed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note R-08598 The VNF **MUST** log successful and unsuccessful changes to a privilege level. - + .. container:: note @@ -4952,7 +4952,7 @@ Requirements Removed The VNF **MUST** provide audit logs that include user ID, dates, times for log-on and log-off, and terminal location at minimum. - + .. container:: note @@ -4961,14 +4961,14 @@ Requirements Removed The VNF **MUST** support alternative monitoring capabilities when VNFs do not expose data or control traffic or use proprietary and optimized protocols for inter VNF communication. - + .. container:: note R-25094 The VNF **MUST** perform data capture for security functions. - + .. container:: note @@ -4976,7 +4976,7 @@ Requirements Removed The VNF **MUST** support integrated DPI/monitoring functionality as part of VNFs (e.g., PGW, MME). - + .. container:: note @@ -4985,7 +4985,7 @@ Requirements Removed The VNF **MUST** implement "Closed Loop" automatic implementation (without human intervention) for Known Threats with detection rate in low false positives. - + .. container:: note @@ -4993,7 +4993,7 @@ Requirements Removed The VNF **MUST** provide the capability of generating security audit logs by interacting with the operating system (OS) as appropriate. - + .. container:: note @@ -5001,7 +5001,7 @@ Requirements Removed The VNF **MUST** support event logging, formats, and delivery tools to provide the required degree of event data to ONAP. - + {network-role} -------------- @@ -5009,7 +5009,7 @@ Requirements Removed Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -5019,7 +5019,7 @@ Requirements Changed only alphanumeric characters and/or underscores '_' and **MUST NOT** contain any of the following strings: ``_int`` or ``int_`` or ``_int_``. - + .. container:: note @@ -5029,7 +5029,7 @@ Requirements Changed is associated with an internal network **MUST** include ``int_{network-role}`` as part of the parameter name, where ``int_`` is a hard coded string. - + .. container:: note @@ -5038,7 +5038,7 @@ Requirements Changed A VNF's Heat Orchestration Template's Resource ID that is associated with an internal network **MUST** include ``int_{network-role}`` as part of the Resource ID, where ``int_`` is a hard coded string. - + {vm-type} --------- @@ -5046,7 +5046,7 @@ Requirements Changed Requirements Changed ~~~~~~~~~~~~~~~~~~~~ - + .. container:: note @@ -5065,7 +5065,7 @@ Requirements Changed ``vf_module_name``, ``vm_role``, ``vf_module_index``, ``environment_context``, ``workload_context``) **MUST NOT** be prefixed with a common ``{vm-type}`` identifier. - + .. container:: note @@ -5075,7 +5075,7 @@ Requirements Changed alphanumeric characters and/or underscores '_' and **MUST NOT** contain any of the following strings: ``_int`` or ``int_`` or ``_int_``. - + .. container:: note @@ -5101,4 +5101,4 @@ Requirements Changed - Each VM in the "class" **MUST** have the the identical number of ports connecting to the identical networks and requiring the identical IP address configuration. - + |