summaryrefslogtreecommitdiffstats
path: root/docs/changes-by-section-casablanca.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/changes-by-section-casablanca.rst')
-rw-r--r--docs/changes-by-section-casablanca.rst4293
1 files changed, 4293 insertions, 0 deletions
diff --git a/docs/changes-by-section-casablanca.rst b/docs/changes-by-section-casablanca.rst
new file mode 100644
index 0000000..6cc56c5
--- /dev/null
+++ b/docs/changes-by-section-casablanca.rst
@@ -0,0 +1,4293 @@
+.. Modifications Copyright © 2017-2018 AT&T Intellectual Property.
+
+.. Licensed under the Creative Commons License, Attribution 4.0 Intl.
+ (the "License"); you may not use this documentation except in compliance
+ with the License. You may obtain a copy of the License at
+
+.. https://creativecommons.org/licenses/by/4.0/
+
+.. Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+
+Requirement Changes Introduced in Casablanca
+========================================================
+
+This document summarizes the requirement changes by section that were
+introduced between the Beijing release and
+Casablanca release. Click on the requirement number to
+navigate to the
+
+.. contents::
+ :depth: 2
+
+Summary of Changes
+------------------
+
+* **Requirements Added:** 70
+* **Requirements Changed:** 187
+* **Requirements Removed:** 61
+
+
+Contrail Resource Parameters > Contrail Network Parameters > External Networks
+------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-02164`
+
+ When a VNF's Heat Orchestration Template's Contrail resource
+ has a property that
+ references an external network that requires the network's
+ Fully Qualified Domain Name (FQDN), the property parameter
+
+ * **MUST** follow the format ``{network-role}_net_fqdn``
+ * **MUST** be declared as type ``string``
+ * **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's
+ Environment File
+
+
+Heat > Cinder Volumes
+---------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-79531
+
+ The VNF Heat Orchestration Template **MUST** define
+ "outputs" in the volume template for each Cinder volume
+ resource universally unique identifier (UUID) (i.e. ONAP
+ Volume Template Output Parameters).
+
+
+Heat > Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata
+--------------------------------------------------------------------------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-97199
+
+ A VNF's Heat Orchestration Template's OS::Nova::Server
+ resource **MUST** contain the attribute "metadata".
+
+
+Heat > Heat Template Constructs > Heat Files Support (get_file)
+---------------------------------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-62177
+
+ When using the intrinsic function get_file, the included files
+ **MUST** have unique file names within the scope of the VNF.
+
+
+Heat > Heat Template Constructs > Nested Heat Template Requirements
+-------------------------------------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-89868
+
+ The VNF Heat Orchestration Template **MUST** have unique
+ file names within the scope of the VNF for a nested heat yaml file.
+
+
+Heat > Networking > External Networks
+-------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-29865
+
+ When a VNF connects to an external network, a network role,
+ referred to as the '{network-role}' **MUST** be assigned to the
+ external network for use in the VNF's Heat Orchestration Template.
+
+
+Heat > Networking > Internal Networks
+-------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-34726
+
+ If a VNF's port is connected to an internal network and the port
+ is created in the same Heat Orchestration Template as the internal network,
+ then the port resource **MUST** use a 'get_resource' to obtain
+ the network UUID.
+
+
+Heat > ONAP Resource ID and Parameter Naming Convention > Contrail Resource Parameters > Contrail Network Parameters > External Networks
+----------------------------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-73228
+
+ A VNF's Heat Orchestration Template's parameter
+ '{network-role}_net_fqdn'
+ **MUST** be declared as type 'string'.
+
+
+Heat > ONAP Resource ID and Parameter Naming Convention > Resource: OS::Nova::Server – Metadata Parameters > vm_role
+--------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-46823
+
+ A VNF's Heat Orchestration Template's OS::Nova::Server
+ Resource metadata map value parameter 'vnf_name' **MUST** be
+ either
+
+ - enumerated in the VNF's Heat Orchestration
+ Template's environment file.
+
+ - hard coded in the VNF's Heat Orchestration
+ Template's OS::Nova::Resource metadata property.
+
+
+Heat > ONAP Support of Environment Files
+----------------------------------------
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-22656
+
+ The VNF Heat Orchestration Template **MUST** have a
+ corresponding environment file for a Cinder Volume Module.
+
+
+.. container:: note
+
+ R-35727
+
+ The VNF Heat Orchestration Template **MUST** have a
+ corresponding environment file for an Incremental module.
+
+
+.. container:: note
+
+ R-67205
+
+ The VNF Heat Orchestration Template **MUST** have a corresponding
+ environment file for a Base Module.
+
+
+Monitoring & Management > Data Structure Specification of the Event Record
+--------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-120182`
+
+ The xNF provider **MUST** indicate specific conditions that may arise, and
+ recommend actions that may be taken at specific thresholds, or if specific
+ conditions repeat within a specified time interval, using the semantics and
+ syntax described by the :doc:`VES Event Registration specification<../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>`.
+
+
+.. container:: note
+
+ :need:`R-123044`
+
+ The xNF Provider **MAY** require that specific events, identified by their
+ ``eventName``, require that certain fields, which are optional in the common
+ event format, must be present when they are published.
+
+
+.. container:: note
+
+ :need:`R-520802`
+
+ The xNF provider **MUST** provide a YAML file formatted in adherence with
+ the :doc:`VES Event Registration specification<../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>`
+ that defines the following information for each event produced by the VNF:
+
+ * ``eventName``
+ * Required fields
+ * Optional fields
+ * Any special handling to be performed for that event
+
+
+.. container:: note
+
+ :need:`R-570134`
+
+ The events produced by the xNF **MUST** must be compliant with the common
+ event format defined in the
+ :doc:`VES Event Listener<../../../../vnfsdk/model.git/docs/files/VESEventListener_7_0_1>`
+ specification.
+
+
+Monitoring & Management > Event Records - Data Structure Description > Common Event Header
+------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-528866`
+
+ The VNF **MUST** produce VES events that include the following mandatory
+ fields in the common event header.
+
+ * ``domain`` - the event domain enumeration
+ * ``eventId`` - the event key unique to the event source
+ * ``eventName`` - the unique event name
+ * ``lastEpochMicrosec`` - the latest unix time (aka epoch time) associated
+ with the event
+ * ``priority`` - the processing priority enumeration
+ * ``reportingEntityName`` - name of the entity reporting the event or
+ detecting a problem in another xNF
+ * ``sequence`` - the ordering of events communicated by an event source
+ * ``sourceName`` - name of the entity experiencing the event issue, which
+ may be detected and reported by a separate reporting entity
+ * ``startEpochMicrosec`` - the earliest unix time (aka epoch time)
+ associated with the event
+ * ``version`` - the version of the event header
+ * ``vesEventListenerVersion`` - Version of the VES event listener API spec
+ that this event is compliant with
+
+
+Monitoring & Management > Event Records - Data Structure Description > Miscellaneous
+------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-283988`
+
+ The VNF, when publishing events, **MUST NOT** send information through
+ extensible structures if the event specification has explicitly defined
+ fields for that information.
+
+
+.. container:: note
+
+ :need:`R-408813`
+
+ The VNF, when publishing events, **MUST** pass all information it is
+ able to collect even if the information field is identified as optional.
+ However, if the data cannot be collected, then optional fields can be
+ omitted.
+
+
+.. container:: note
+
+ :need:`R-470963`
+
+ The VNF, when publishing events, **MUST** leverage camel case to separate
+ words and acronyms used as keys that will be sent through extensible fields.
+ When an acronym is used as the key, then only the first letter shall be
+ capitalized.
+
+
+Monitoring & Management > Monitoring & Management Requirements > Asynchronous and Synchronous Data Delivery
+-----------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-332680`
+
+ The xNF **SHOULD** deliver all syslog messages to the VES Collector per the
+ specifications in Monitoring and Management chapter.
+
+
+Monitoring & Management > Monitoring & Management Requirements > Bulk Performance Measurement
+---------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-440220`
+
+ The xNF **SHOULD** support File transferring protocol, such as FTPES or SFTP,
+ when supporting the event-driven bulk transfer of monitoring data.
+
+
+.. container:: note
+
+ :need:`R-75943`
+
+ The xNF **SHOULD** support the data schema defined in 3GPP TS 32.435, when
+ supporting the event-driven bulk transfer of monitoring data.
+
+
+.. container:: note
+
+ :need:`R-841740`
+
+ The xNF **SHOULD** support FileReady VES event for event-driven bulk transfer
+ of monitoring data.
+
+
+Monitoring & Management > Monitoring & Management Requirements > Google Protocol Buffers (GPB)
+----------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-257367`
+
+ The xNF, when leveraging Google Protocol Buffers for events, **MUST**
+ serialize the events using native Google Protocol Buffers (GPB) according
+ to the following guidelines:
+
+ * The keys are represented as integers pointing to the system resources
+ for the xNF being monitored
+ * The values correspond to integers or strings that identify the
+ operational state of the VNF resource, such a statistics counters and
+ the state of an xNF resource.
+ * The required Google Protocol Buffers (GPB) metadata is provided in the
+ form of .proto files.
+
+
+.. container:: note
+
+ :need:`R-978752`
+
+ The xNF providers **MUST** provide the Service Provider the following
+ artifacts to support the delivery of high-volume xNF telemetry to
+ DCAE via GPB over TLS/TCP:
+
+ * A valid VES Event .proto definition file, to be used validate and
+ decode an event
+ * A valid high volume measurement .proto definition file, to be used for
+ processing high volume events
+ * A supporting PM content metadata file to be used by analytics
+ applications to process high volume measurement events
+
+
+Monitoring & Management > Monitoring & Management Requirements > JSON
+---------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-19624`
+
+ The xNF, when leveraging JSON for events, **MUST** encode and serialize
+ content delivered to ONAP using JSON (RFC 7159) plain text format.
+ High-volume data is to be encoded and serialized using
+ `Avro <http://avro.apache.org/>`_, where the Avro [#7.4.1]_ data
+ format are described using JSON.
+
+
+Monitoring & Management > Monitoring & Management Requirements > Reporting Frequency
+------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-146931`
+
+ The xNF **MUST** report exactly one Measurement event per period
+ per source name.
+
+
+Monitoring & Management > Monitoring & Management Requirements > VNF telemetry via standardized interface
+---------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-821473`
+
+ The xNF MUST produce heartbeat indicators consisting of events containing
+ the common event header only per the VES Listener Specification.
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-51910
+
+ The xNF **MUST** provide all telemetry (e.g., fault event
+ records, syslog records, performance records etc.) to ONAP using the
+ model, format and mechanisms described in this section.
+
+
+Monitoring & Management > Transports and Protocols Supporting Resource Interfaces
+---------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-798933`
+
+ The xNF **SHOULD** deliver event records that fall into the event domains
+ supported by VES.
+
+
+.. container:: note
+
+ :need:`R-821839`
+
+ The xNF **MUST** deliver event records to ONAP using the common transport
+ mechanisms and protocols defined in this document.
+
+
+.. container:: note
+
+ :need:`R-932071`
+
+ The xNF provider **MUST** reach agreement with the Service Provider on
+ the selected methods for encoding, serialization and data delivery
+ prior to the on-boarding of the xNF into ONAP SDC Design Studio.
+
+
+Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > Bulk Telemetry Transmission
+---------------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-908291`
+
+ The XNF **MAY** leverage bulk xNF telemetry transmission mechanism, as
+ depicted in Figure 4, in instances where other transmission methods are not
+ practical or advisable.
+
+
+Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using Google Protocol Buffers
+-------------------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-697654`
+
+ The xNF **MAY** leverage the Google Protocol Buffers (GPB) delivery model
+ depicted in Figure 3 to support real-time performance management (PM) data.
+ In this model the VES events are streamed as binary-encoded GBPs over via
+ TCP sockets.
+
+
+Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using VES/JSON Model
+----------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-659655`
+
+ The xNF **SHOULD** leverage the JSON-driven model, as depicted in Figure 2,
+ for data delivery unless there are specific performance or operational
+ concerns agreed upon by the Service Provider that would warrant using an
+ alternate model.
+
+
+ONAP Heat Cinder Volumes
+------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-270358`
+
+ A VNF's Heat Orchestration Template's Cinder Volume Template **MUST**
+ contain either
+
+ * An ``OS::Cinder::Volume`` resource
+ * An ``OS::Heat::ResourceGroup`` resource that references a Nested YAML
+ file that contains an ``OS::Cinder::Volume`` resource
+ * A resource that defines the property ``type`` as a Nested YAML file
+ (i.e., static nesting) and the Nested YAML contains
+ an ``OS::Cinder::Volume`` resource
+
+
+ONAP Heat Heat Template Constructs > Heat Files Support (get_file)
+------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-76718`
+
+ If a VNF's Heat Orchestration Template uses the intrinsic function
+ ``get_file``, the ``get_file`` target **MUST** be referenced in
+ the Heat Orchestration Template by file name.
+
+
+.. container:: note
+
+ :need:`R-41888`
+
+ A VNF's Heat Orchestration Template intrinsic function
+ ``get_file`` **MUST NOT** utilize URL-based file retrieval.
+
+
+.. container:: note
+
+ :need:`R-87848`
+
+ When using the intrinsic function get_file, ONAP does not support
+ a directory hierarchy for included files. All files must be in a
+ single, flat directory per VNF. A VNF's Heat Orchestration
+ Template's ``get_file`` target files **MUST** be in the same
+ directory hierarchy as the VNF's Heat Orchestration Templates.
+
+
+.. container:: note
+
+ :need:`R-05050`
+
+ A VNF's Heat Orchestration Templates intrinsic function
+ ``get_file`` <content key> **MAY** be used:
+
+ * more than once in a VNF's Heat Orchestration Template
+ * in two or more of a VNF's Heat Orchestration Templates
+ * in a VNF's Heat Orchestration Templates nested YAML file
+
+
+ONAP Heat Heat Template Constructs > Nested Heat Templates > Nested Heat Template Requirements
+----------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-70112`
+
+ A VNF's Heat Orchestration Template **MUST** reference a Nested YAML
+ file by name. The use of ``resource_registry`` in the VNF's Heat
+ Orchestration Templates Environment File **MUST NOT** be used.
+
+
+ONAP Heat Networking > External Networks
+----------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-00606`
+
+ A VNF **MAY** be connected to zero, one or more than one external
+ network.
+
+
+ONAP Heat Networking > Internal Networks
+----------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-52425`
+
+ A VNF's port connected to an internal network **MUST**
+ use the port for the purpose of reaching VMs in the same VNF.
+
+
+.. container:: note
+
+ :need:`R-87096`
+
+ A VNF **MAY** contain zero, one or more than one internal network.
+
+
+.. container:: note
+
+ :need:`R-46461`
+
+ A VNF's port connected to an internal network **MUST NOT** use the port
+ for the purpose of reaching VMs in another VNF and/or an
+ external gateway and/or
+ external router.
+
+
+ONAP Heat Orchestration Template Format
+---------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-92635`
+
+ A VNF's Heat Orchestration Template **MUST** be compliant with the
+ OpenStack Template Guide.
+
+
+ONAP Heat Orchestration Template Format > Environment File Format
+-----------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-86285`
+
+ A VNF's Heat Orchestration template **MUST** have a
+ corresponding environment file.
+
+
+.. container:: note
+
+ :need:`R-03324`
+
+ A VNF's Heat Orchestration template's Environment File **MUST**
+ contain the ``parameters:`` section.
+
+
+.. container:: note
+
+ :need:`R-68198`
+
+ A VNF's Heat Orchestration template's Environment File's
+ ``parameters:`` section **MAY** (or **MAY NOT**) enumerate parameters.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters
+--------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-90279`
+
+ A VNF Heat Orchestration's template's parameter **MUST** be used
+ in a resource with the exception of the parameters for the
+ ``OS::Nova::Server`` resource property ``availability_zone``.
+
+
+.. container:: note
+
+ :need:`R-91273`
+
+ A VNF Heat Orchestration's template's parameter for the
+ ``OS::Nova::Server`` resource property ``availability_zone``
+ **MAY NOT** be used in any ``OS::Nova::Server``.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > constraints
+----------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-79817`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a non-nested YAML file as
+ type ``comma_delimited_list`` **MAY** have a parameter constraint defined.
+
+
+.. container:: note
+
+ :need:`R-00011`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a nested YAML file
+ **MUST NOT** have a parameter constraint defined.
+
+
+.. container:: note
+
+ :need:`R-96227`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a non-nested YAML file as type
+ ``json`` **MAY** have a parameter constraint defined.
+
+
+.. container:: note
+
+ :need:`R-88863`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a non-nested YAML file as type
+ ``number`` **MUST** have a parameter constraint of ``range`` or
+ ``allowed_values`` defined.
+
+
+.. container:: note
+
+ :need:`R-40518`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a non-nested YAML file as type
+ ``string`` **MAY** have a parameter constraint defined.
+
+
+.. container:: note
+
+ :need:`R-06613`
+
+ A VNF's Heat Orchestration Template's parameter defined
+ in a non-nested YAML file as type
+ ``boolean`` **MAY** have a parameter constraint defined.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > default
+------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-26124`
+
+ If a VNF Heat Orchestration Template parameter has a default value,
+ it **MUST** be enumerated in the environment file.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > type
+---------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-11441`
+
+ A VNF's Heat Orchestration Template's parameter type **MUST** be one of
+ the following values:
+
+ * ``string``
+ * ``number``
+ * ``json``
+ * ``comma_delimited_list``
+ * ``boolean``
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources
+-------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-40551`
+
+ A VNF's Heat Orchestration Template's Nested YAML files **MAY**
+ (or **MAY NOT**) contain the section ``resources:``.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > deletion_policy
+-------------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-43740`
+
+ VNF's Heat Orchestration Template's Resource **MAY** declare the
+ attribute ``deletion_policy:``.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > external_id
+---------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-78569`
+
+ VNF's Heat Orchestration Template's Resource **MAY** declare the
+ attribute ``external_id:``.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata
+------------------------------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-67386`
+
+ A VNF's Heat Orchestration Template's Resource **MAY** declare the
+ attribute ``metadata``.
+
+
+ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > properties
+--------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-10834`
+
+ If a VNF's Heat Orchestration Template resource attribute
+ ``property:`` uses a nested ``get_param``, the nested
+ ``get_param`` **MUST** reference an index.
+
+
+ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Base Modules
+------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-81339`
+
+ A VNF Heat Orchestration Template's Base Module file name **MUST** include
+ case insensitive 'base' in the filename and
+ **MUST** match one of the following four
+ formats:
+
+ 1.) ``base_<text>.y[a]ml``
+
+ 2.) ``<text>_base.y[a]ml``
+
+ 3.) ``base.y[a]ml``
+
+ 4.) ``<text>_base_<text>``.y[a]ml
+
+ where ``<text>`` **MUST** contain only alphanumeric characters and
+ underscores '_' and **MUST NOT** contain the case insensitive word ``base``.
+
+
+ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Cinder Volume Modules
+---------------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-82732`
+
+ A VNF Heat Orchestration Template's Cinder Volume Module **MUST**
+ be named identical to the base or incremental module it is supporting with
+ ``_volume`` appended.
+
+
+.. container:: note
+
+ :need:`R-31141`
+
+ VNF Heat Orchestration Template's Cinder Volume Module's Environment File
+ **MUST** be named identical to the VNF Heat Orchestration Template's
+ Cinder Volume Module with ``.y[a]ml`` replaced with ``.env``.
+
+
+ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Incremental Modules
+-------------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-87247`
+
+ VNF Heat Orchestration Template's Incremental Module file name
+ **MUST** contain only alphanumeric characters and underscores
+ '_' and **MUST NOT** contain the case insensitive word ``base``.
+
+
+ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Nested Heat file
+----------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-76057`
+
+ VNF Heat Orchestration Template's Nested YAML file name **MUST** contain
+ only alphanumeric characters and underscores '_' and
+ **MUST NOT** contain the case insensitive word ``base``.
+
+
+ONAP Heat Orchestration Templates Overview > ONAP VNF Modularity Overview
+-------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-11200`
+
+ A VNF's Cinder Volume Module, when it exists, **MUST** be 1:1
+ with a Base module or Incremental module.
+
+
+.. container:: note
+
+ :need:`R-33132`
+
+ A VNF's Heat Orchestration Template **MAY** be
+ 1.) Base Module Heat Orchestration Template (also referred to as a
+ Base Module),
+ 2.) Incremental Module Heat Orchestration Template (referred to as
+ an Incremental Module), or
+ 3.) a Cinder Volume Module Heat Orchestration Template (referred to as
+ Cinder Volume Module).
+
+
+.. container:: note
+
+ :need:`R-37028`
+
+ A VNF **MUST** be composed of one Base Module
+
+
+.. container:: note
+
+ :need:`R-20974`
+
+ At orchestration time, the VNF's Base Module **MUST**
+ be deployed first, prior to any incremental modules.
+
+
+.. container:: note
+
+ :need:`R-81725`
+
+ A VNF's Incremental Module **MUST** have a corresponding Environment File
+
+
+.. container:: note
+
+ :need:`R-53433`
+
+ A VNF's Cinder Volume Module **MUST** have a corresponding environment file
+
+
+.. container:: note
+
+ :need:`R-38474`
+
+ A VNF's Base Module **MUST** have a corresponding Environment File.
+
+
+ONAP Heat Orchestration Templates Overview > Output Parameters > ONAP Volume Module Output Parameters
+-----------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-07443`
+
+ A VNF's Heat Orchestration Templates' Cinder Volume Module Output
+ Parameter's name and type **MUST** match the input parameter name and type
+ in the corresponding Base Module or Incremental Module unless the Output
+ Parameter is of the type ``comma_delimited_list``, then the corresponding
+ input parameter **MUST** be declared as type ``json``.
+
+
+.. container:: note
+
+ :need:`R-89913`
+
+ A VNF's Heat Orchestration Template's Cinder Volume Module Output
+ Parameter(s)
+ **MUST** include the
+ UUID(s) of the Cinder Volumes created in template,
+ while others **MAY** be included.
+
+
+ONAP Heat VNF Modularity
+------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-61001`
+
+ A shared Heat Orchestration Template resource is a resource that **MUST**
+ be defined in the base module and will be referenced by one or
+ more resources in one or more incremental modules.
+
+ The UUID of the shared resource (created in the base module) **MUST** be
+ exposed by declaring a parameter in the
+ ``outputs`` section of the base module.
+
+ For ECOMP to provided the UUID value of the shared resource to the
+ incremental module, the parameter name defined in the ``outputs``
+ section of the base module **MUST** be defined as a parameter
+ in the ``parameters`` section of the incremental module.
+
+ ECOMP will capture the output parameter name and value in the base module
+ and provide the value to the corresponding parameter(s) in the
+ incremental module(s).
+
+
+ONAP Output Parameter Names > Predefined Output Parameters > OAM Management IP Addresses
+----------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-48987`
+
+ If the VNF's OAM Management IP Address is cloud assigned and
+ and the OAM IP Address is required to be inventoried in ONAP A&AI,
+ then the parameter **MUST** be obtained by the
+ resource ``OS::Neutron::Port``
+ attribute ``ip_address``.
+
+
+.. container:: note
+
+ :need:`R-56287`
+
+ If the VNF's OAM Management IP Address is assigned by ONAP SDN-C and
+ assigned in the VNF's Heat Orchestration Template's via a heat resource
+ ``OS::Neutron::Port`` property ``fixed_ips`` map property
+ ``ip_adress`` parameter (e.g., ``{vm-type}_{network-role}_ip_{index}``,
+ ``{vm-type}_{network-role}_v6_ip_{index}``)
+ and the OAM IP Address is required to be inventoried in ONAP A&AI,
+ then the parameter **MUST** be echoed in an output statement.
+
+ .. code-block:: yaml
+
+ outputs:
+ oam_management_v4_address:
+ value: {get_param: {vm-type}_{network-role}_ip_{index} }
+ oam_management_v6_address:
+ value: {get_param: {vm-type}_{network-role}_v6_ip_{index} }
+
+
+.. container:: note
+
+ :need:`R-94669`
+
+ If a VNF has one IPv6 OAM Management IP Address and the
+ IP Address needs to be inventoried in ONAP's A&AI
+ database, an output parameter **MUST** be declared in only one of the
+ VNF's Heat Orchestration Templates and the parameter **MUST** be named
+ ``oam_management_v6_address``.
+
+
+ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Capability Types
+----------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-67895`
+
+ The VNFD provided by VNF vendor may use the below described TOSCA
+ capabilities. An on-boarding entity (ONAP SDC) **MUST** support them.
+
+ **tosca.capabilities.nfv.VirtualBindable**
+
+ A node type that includes the VirtualBindable capability indicates
+ that it can be pointed by **tosca.relationships.nfv.VirtualBindsTo**
+ relationship type.
+
+ **tosca.capabilities.nfv.VirtualLinkable**
+
+ A node type that includes the VirtualLinkable capability indicates
+ that it can be pointed by **tosca.relationships.nfv.VirtualLinksTo**
+ relationship.
+
+ **tosca.capabilities.nfv.ExtVirtualLinkable**
+
+ A node type that includes the ExtVirtualLinkable capability
+ indicates that it can be pointed by
+ **tosca.relationships.nfv.VirtualLinksTo** relationship.
+
+ **Note**: This capability type is used in Casablanca how it does
+ not exist in the last SOL001 draft
+
+ **tosca.capabilities.nfv.VirtualCompute** and
+ **tosca.capabilities.nfv.VirtualStorage** includes flavours of VDU
+
+
+ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Data Types
+----------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-54356`
+
+ The below table includes the data types used by NFV node and is based
+ on TOSCA/YAML constructs specified in draft GS NFV-SOL 001. The node
+ data definitions/attributes used in VNFD **MUST** comply with the below
+ table.
+
+
+.. container:: note
+
+ :need:`R-54876`
+
+ The below table describes the data types used for LCM configuration
+ and is based on TOSCA constructs specified in draft GS NFV-SOL 001.
+ The LCM configuration data elements used in VNFD **MUST** comply
+ with the below table.
+
+
+ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > General
+-------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-15837`
+
+ The following table defines the major TOSCA Types specified in
+ ETSI NFV-SOL001 standard draft. The VNFD provided by a VNF vendor
+ **MUST** comply with the below definitions:
+
+
+.. container:: note
+
+ :need:`R-17852`
+
+ The VNFD **MAY** include TOSCA/YAML definitions that are not part of
+ NFV Profile. If provided, these definitions MUST comply with TOSCA
+ Simple Profile in YAML v.1.2.
+
+
+.. container:: note
+
+ :need:`R-35854`
+
+ The VNF Descriptor (VNFD) provided by VNF vendor **MUST** comply with
+ TOSCA/YAML based Service template for VNF descriptor specified in
+ ETSI NFV-SOL001.
+
+ **Note**: As the ETSI NFV-SOL001 is work in progress the below tables
+ summarizes the TOSCA definitions agreed to be part of current version
+ of NFV profile and that VNFD MUST comply with in ONAP Release 2+
+ Requirements.
+
+
+.. container:: note
+
+ :need:`R-46527`
+
+ A VNFD is a deployment template which describes a VNF in terms of
+ deployment and operational behavior requirements. It contains
+ virtualized resources (nodes) requirements as well as connectivity
+ and interfaces requirements and **MUST** comply with info elements
+ specified in ETSI GS NFV-IFA 011. The main parts of the VNFD are
+ the following:
+
+ - VNF topology: it is modeled in a cloud agnostic way using virtualized
+ containers and their connectivity. Virtual Deployment Units (VDU)
+ describe the capabilities of the virtualized containers, such as
+ virtual CPU, RAM, disks; their connectivity is modeled with VDU
+ Connection Point Descriptors (VduCpd), Virtual Link Descriptors
+ (VnfVld) and VNF External Connection Point Descriptors
+ (VnfExternalCpd);
+
+ - VNF deployment aspects: they are described in one or more
+ deployment flavours, including configurable parameters, instantiation
+ levels, placement constraints (affinity / antiaffinity), minimum and
+ maximum VDU instance numbers. Horizontal scaling is modeled with
+ scaling aspects and the respective scaling levels in the deployment
+ flavours;
+
+ **Note**: The deployment aspects (deployment flavour etc.) are postponed
+ for future ONAP releases.
+
+ - VNF lifecycle management (LCM) operations: describes the LCM operations
+ supported per deployment flavour, and their input parameters;
+ Note, thatthe actual LCM implementation resides in a different layer,
+ namely referring to additional template artifacts.
+
+
+.. container:: note
+
+ :need:`R-65486`
+
+ The VNFD **MUST** comply with ETSI GS NFV-SOL001 document endorsing
+ the above mentioned NFV Profile and maintaining the gaps with the
+ requirements specified in ETSI GS NFV-IFA011 standard.
+
+
+ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Interface Types
+---------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-32155`
+
+ The VNFD provided by VNF vendor may use the below described TOSCA
+ interface types. An on-boarding entity (ONAP SDC) **MUST** support them.
+
+ **tosca.interfaces.nfv.vnf.lifecycle.Nfv** supports LCM operations
+
+
+ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Relationship Types
+------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-95321`
+
+ The VNFD provided by VNF vendor may use the below described TOSCA
+ relationships. An on-boarding entity (ONAP SDC) **MUST** support them.
+
+ **tosca.relationships.nfv.VirtualBindsTo**
+
+ This relationship type represents an association relationship between
+ VDU and CP node types.
+
+ **tosca.relationships.nfv.VirtualLinksTo**
+
+ This relationship type represents an association relationship between
+ the VduCpd's and VirtualLinkDesc node types.
+
+
+ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Contents
+----------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-01123`
+
+ The VNF package Manifest file **MUST** contain: VNF package meta-data, a
+ list of all artifacts (both internal and external) entry's including
+ their respected URI's, an algorithm to calculate a digest and a digest
+ result calculated on the content of each artifacts, as specified in
+ ETSI GS NFV-SOL004. The VNF Package MUST include VNF Identification
+ Data to uniquely identify the resource for a given VNF provider. The
+ identification data must include: an identifier for the VNF, the name
+ of the VNF as was given by the VNF provider, VNF description, VNF
+ provider, and version.
+
+
+.. container:: note
+
+ :need:`R-10087`
+
+ The VNF package **MUST** contain all standard artifacts as specified in
+ ETSI GS NFV-SOL004 including Manifest file, VNFD (or Main TOSCA/YAML
+ based Service Template) and other optional artifacts. CSAR Manifest
+ file as per SOL004 - for example ROOT\\ **MainServiceTemplate.mf**
+
+
+.. container:: note
+
+ :need:`R-21322`
+
+ The VNF provider **MUST** provide their testing scripts to support
+ testing as specified in ETSI NFV-SOL004 - Testing directory in CSAR
+
+
+.. container:: note
+
+ :need:`R-26885`
+
+ The VNF provider **MUST** provide the binaries and images needed to
+ instantiate the VNF (VNF and VNFC images) either as:
+
+ - Local artifact in CSAR: ROOT\\Artifacts\\ **VNF_Image.bin**
+
+ - externally referred (by URI) artifact in Manifest file (also may be
+ referred by VNF Descriptor)
+
+ Note: Currently, ONAP doesn't have the capability of Image management,
+ we upload the image into VIM/VNFM manually.
+
+
+.. container:: note
+
+ :need:`R-40820`
+
+ The VNF provider MUST enumerate all of the open source licenses
+ their VNF(s) incorporate. CSAR License directory as per ETSI SOL004.
+
+ for example ROOT\\Licenses\\ **License_term.txt**
+
+
+ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Structure and Format
+----------------------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-51347`
+
+ The VNF package **MUST** be arranged as a CSAR archive as specified in
+ TOSCA Simple Profile in YAML 1.2.
+
+
+.. container:: note
+
+ :need:`R-87234`
+
+ The VNF package provided by a VNF vendor **MAY** be either with
+ TOSCA-Metadata directory (CSAR Option 1) or without TOSCA-Metadata
+ directory (CSAR Option 2) as specified in ETSI GS NFV-SOL004. On-boarding
+ entity (ONAP SDC) must support both options.
+
+ **Note:** SDC supports only the CSAR Option 1 in Casablanca. The Option 2
+ will be considered in future ONAP releases,
+
+
+PNF Plug and Play > PNF Plug and Play
+-------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-01427`
+
+ The PNF **MUST** support the provisioning of security and authentication
+ parameters (HTTP username and password) in order to be able to authenticate
+ with DCAE (in ONAP).
+
+ Note: In R3, a username and password are used with the DCAE VES Event
+ Listener which are used for HTTP Basic Authentication.
+
+ Note: The configuration management and provisioning software are specific
+ to a vendor architecture.
+
+
+.. container:: note
+
+ :need:`R-106240`
+
+ The following VES Events **MUST** be supported by the PNF: pnfRegistration
+ VES Event, HVol VES Event, and Fault VES Event. These are onboarded via
+ he SDC Design Studio.
+
+ Note: these VES Events are emitted from the PNF to support PNF Plug and
+ Play, High Volume Measurements, and Fault events respectively.
+
+
+.. container:: note
+
+ :need:`R-17624`
+
+ The PNF **MAY** support the optional parameters for Service
+ Configuration Parameters.
+
+ Note: These are detailed in the Stage 5 PnP
+
+ Note: These parameters are optional, and not all PNFs will support any
+ or all of these parameters, it is up to the vendor and service provider
+ to ascertain which ones are supported up to an including all of the ones
+ that have been defined. Note: It is expected that there will be a growing
+ list of supported configuration parameters in future releases of ONAP.
+
+
+.. container:: note
+
+ :need:`R-256347`
+
+ The PNF **MUST** support the Ansible protocol for a Service Configuration
+ message exchange between the PNF and PNF Controller (in ONAP).
+
+ Note: this exchange may be either Ansible, Chef, or NetConf depending on
+ the PNF. Note: The PNF Controller may be VF-C, APP-C or SDN-C based on the
+ PNF and PNF domain. Note: for R3 (Casablanca) only Ansible is supported.
+
+
+.. container:: note
+
+ :need:`R-258352`
+
+ The PNF **MUST** support & accept the provisioning of an ONAP contact IP
+ address (in IPv4 or IPv6 format).
+
+ Note: For example, it a possibility is that an external EMS would configure
+ & provision the ONAP contact IP address to the PNF (in either IPv4 or
+ IPv6 format). For the PNF Plug and Play Use Case, this IP address is the
+ service provider's "point of entry" to the DCAE VES Listener.
+
+ Note: different service provider's network architecture may also require
+ special setup to allow an external PNF to contact the ONAP installation.
+ For example, in the AT&T network, a maintenance tunnel is used to access
+ ONAP.
+
+
+.. container:: note
+
+ :need:`R-284934`
+
+ If the PNF encounters an error authenticating, reaching the ONAP DCAE VES
+ Event listener or recieves an error response from sending the pnfRegistration
+ VES Event, it **MAY** log the error, and notify the operator.
+
+ Note: the design of how errors are logged, retrieved and reported
+ will be a vendor-specific architecture. Reporting faults and errors
+ is also a vendor specific design. It is expected that the PNF shall
+ have a means to log an error and notify a user when a fault condition
+ occurs in trying to contact ONAP, authenticate or send a pnfRegistration
+ event.
+
+
+.. container:: note
+
+ :need:`R-378131`
+
+ (Error Case) - If an error is encountered by the PNF during a
+ Service Configuration exchange with ONAP, the PNF **MAY** log the
+ error and notify an operator.
+
+
+.. container:: note
+
+ :need:`R-56718`
+
+ The PNF Vendor **MAY** provide software version(s) to be supported by PNF
+ for SDC Design Studio PNF Model. This is set in the PNF Model property
+ software_versions.
+
+
+.. container:: note
+
+ :need:`R-579051`
+
+ The PNF **MAY** support a HTTP connection to the DCAE VES Event Listener.
+
+ Note: HTTP is allowed but not recommended.
+
+
+.. container:: note
+
+ :need:`R-638216`
+
+ (Error Case) - The PNF **MUST** support a configurable timer to stop the
+ periodicity sending of the pnfRegistration VES event. If this timer expires
+ during a Service Configuration exchange between the PNF and ONAP, it
+ MAY log a time-out error and notify an operator.
+
+ Note: It is expected that each vendor will enforce and define a PNF
+ service configuration timeout period. This is because the PNF cannot
+ wait indefinitely as there may also be a technician on-site trying to
+ complete installation & commissioning. The management of the VES event
+ exchange is also a requirement on the PNF to be developed by the PNF
+ vendor.
+
+
+.. container:: note
+
+ :need:`R-686466`
+
+ The PNF **MUST** support sending a pnfRegistration VES event.
+
+
+.. container:: note
+
+ :need:`R-707977`
+
+ When the PNF receives a Service configuration from ONAP, the PNF **MUST**
+ cease sending the pnfRegistration VES Event.
+
+
+.. container:: note
+
+ :need:`R-763774`
+
+ The PNF **MUST** support a HTTPS connection to the DCAE VES Event
+ Listener.
+
+
+.. container:: note
+
+ :need:`R-793716`
+
+ The PNF **MUST** have "ONAP Aware" software which is capable of performing
+ PNF PnP registration with ONAP. The "ONAP Aware" software is capable of
+ performing the PNF PnP Registration with ONAP MUST either be loaded
+ separately or integrated into the PNF software upon physical delivery
+ and installation of the PNF.
+
+ Note: It is up to the specific vendor to design the software management
+ functions.
+
+
+.. container:: note
+
+ :need:`R-809261`
+
+ The PNF **MUST** use a IP address to contact ONAP.
+
+ Note: it is expected that an ONAP operator can ascertain the ONAP IP
+ address or the security gateway to reach ONAP on the VID or ONAP portal
+ GUI.
+
+ Note: The ONAP contact IP address has been previously configured and
+ provisioned prior to this step.
+
+ Note: The ONAP IP address could be provisioned or resolved through
+ FQDN & DNS.
+
+
+.. container:: note
+
+ :need:`R-894004`
+
+ When the PNF sets up a HTTP or HTTPS connection, it **MUST** provide a
+ username and password to the DCAE VES Collector for HTTP Basic
+ Authentication.
+
+ Note: HTTP Basic Authentication has 4 steps: Request, Authenticate,
+ Authorization with Username/Password Credentials, and Authentication Status
+ as per RFC7617 and RFC 2617.
+
+
+.. container:: note
+
+ :need:`R-952314`
+
+ If the PNF set up a TLS connection and mutual (two-way) authentication is
+ being used, then the PNF **MUST** provide its own X.509v3 Certificate to
+ the DCAE VES Collector for authentication.
+
+ Note: This allows TLS authentication by DCAE VES Collector.
+
+ Note: The PNF got its X.509 certificate through Enrollment with an
+ operator certificate authority or a X.509 vendor certificate from the
+ vendor factory CA.
+
+ Note: In R3 three authentication options are supported:
+
+ (1) HTTP with Username & Password and no TLS.
+
+ (2) HTTP with Username & Password & TLS with two-way certificate
+ authentication.
+
+ (3) HTTP with Username & Password & TLS with server-side
+ certificate authentication.
+
+
+.. container:: note
+
+ :need:`R-980039`
+
+ The PNF **MUST** send the pnfRegistration VES event periodically.
+
+
+.. container:: note
+
+ :need:`R-981585`
+
+ The pnfRegistration VES event periodicity **MUST** be configurable.
+
+ Note: The PNF uses the service configuration request as a semaphore to
+ stop sending the pnfRegistration sent. See the requirement PNP-5360
+ requirement.
+
+
+Resource IDs
+------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-82115`
+
+ When a VNF's Heat Orchestration Template's resource is associated with a
+ single ``{vm-type}``
+ and a single external network, the Resource ID text **MUST** contain both
+ the ``{vm-type}``
+ and the ``{network-role}``
+
+ - the ``{vm-type}`` **MUST** appear before the ``{network-role}`` and
+ **MUST** be separated by an underscore '_'
+
+
+ - e.g., ``{vm-type}_{network-role}``, ``{vm-type}_{index}_{network-role}``
+
+
+ - note that an ``{index}`` value **MAY** separate the ``{vm-type}`` and the
+ ``{network-role}`` and when this occurs underscores **MUST** separate the
+ three values. (e.g., ``{vm-type}_{index}_{network-role}``).
+
+
+.. container:: note
+
+ :need:`R-82551`
+
+ When a VNF's Heat Orchestration Template's resource is associated with a
+ single ``{vm-type}`` and a single internal network, the Resource ID **MUST**
+ contain both the ``{vm-type}`` and the ``int_{network-role}`` and
+
+ - the ``{vm-type}`` **MUST** appear before the ``int_{network-role}`` and
+ **MUST** be separated by an underscore '_'
+
+ - (e.g., ``{vm-type}_int_{network-role}``,
+ ``{vm-type}_{index}_int_{network-role}``)
+
+ - note that an ``{index}`` value **MAY** separate the
+ ``{vm-type}`` and the ``int_{network-role}`` and when this occurs
+ underscores **MUST** separate the three values.
+ (e.g., ``{vm-type}_{index}_int_{network-role}``).
+
+
+.. container:: note
+
+ :need:`R-67793`
+
+ When a VNF's Heat Orchestration Template's resource is associated
+ with more than one ``{vm-type}`` and/or more than one internal and/or
+ external network, the Resource ID **MUST** not contain the ``{vm-type}``
+ and/or ``{network-role}``/``int_{network-role}``. It also should contain the
+ term ``shared`` and/or contain text that identifies the VNF.
+
+
+.. container:: note
+
+ :need:`R-98138`
+
+ When a VNF's Heat Orchestration Template's resource is associated with a
+ single internal network, the Resource ID **MUST** contain the text
+ ``int_{network-role}``.
+
+
+Resource IDs > Contrail Heat Resources Resource ID Naming Convention > OS::ContrailV2::VirtualNetwork
+-----------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-99110`
+
+ A VNF's Heat Orchestration Template's Resource
+ ``OS::ContrailV2::VirtualNetwork`` Resource ID **MUST** use the naming convention
+
+ 1) ``int_{network-role}_network``
+
+ or
+
+ 2) ``int_{network-role}_RVN`` where RVN represents Resource Virtual
+ Network
+
+ VNF Heat Orchestration Templates can only create internal networks.
+ There is no ``{index}`` after ``{network-role}`` because ``{network-role}``
+ **MUST** be unique in the scope of the VNF's
+ Heat Orchestration Template.
+
+ Note that option 1 is preferred.
+
+
+Resource IDs > OpenStack Heat Resources Resource ID Naming Convention > OS::Neutron::Net
+----------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-25720`
+
+ A VNF's Heat Orchestration Template's Resource ``OS::Neutron::Net``
+ Resource ID **MUST** use the naming convention
+
+ * ``int_{network-role}_network``
+
+ VNF Heat Orchestration Templates can only create internal networks.
+ There is no ``{index}`` after ``{network-role}`` because ``{network-role}``
+ **MUST** be unique in the scope of the VNF's
+ Heat Orchestration Template.
+
+
+Resource: OS::Neutron::Port - Parameters > Introduction > Items to Note
+-----------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-48880`
+
+ If a VNF's Port is attached to an external network and the port's
+ IP addresses are assigned by ONAP's SDN-Controller,
+ the ``OS::Neutron::Port`` Resource's
+
+ * property ``fixed_ips`` map property ``ip_address`` **MUST** be used
+ * property ``fixed_ips`` map property ``subnet``
+ **MUST NOT** be used
+
+
+.. container:: note
+
+ :need:`R-45602`
+
+ If a VNF's Port is attached to a network (internal or external)
+ and the port's IP addresses are cloud assigned by OpenStack's DHCP
+ Service, the ``OS::Neutron::Port`` Resource's
+
+ * property ``fixed_ips`` map property ``ip_address`` **MUST NOT** be used
+ * property ``fixed_ips`` map property ``subnet``
+ **MAY** be used
+
+
+.. container:: note
+
+ :need:`R-70964`
+
+ If a VNF's Port is attached to an internal network and the port's
+ IP addresses are statically assigned by the VNF's Heat Orchestration\
+ Template (i.e., enumerated in the Heat Orchestration Template's
+ environment file), the ``OS::Neutron::Port`` Resource's
+
+ * property ``fixed_ips`` map property ``ip_address`` **MUST** be used
+ * property ``fixed_ips`` map property ``subnet``
+ **MUST NOT** be used
+
+
+Resource: OS::Neutron::Port - Parameters > Property: allowed_address_pairs, Map Property: ip_address > VIP Assignment, External Networks, Supported by Automation
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-41492`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv4 Virtual IP (VIP)
+ address is assigned via ONAP automation
+ using the property ``allowed_address_pairs``
+ map property ``ip_address`` and
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_floating_ip``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ OS::Nova::Server
+ * ``{network-role}`` is the {network-role} of the external
+ network
+
+ And the parameter **MUST** be declared as type ``string``.
+
+
+.. container:: note
+
+ :need:`R-35735`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv6 Virtual IP (VIP)
+ address is assigned via ONAP automation
+ using the property ``allowed_address_pairs``
+ map property ``ip_address``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_floating_v6_ip``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ OS::Nova::Server
+ * ``{network-role}`` is the {network-role} of the external
+ network
+
+ And the parameter **MUST** be declared as type ``string``.
+
+
+Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: ip_address
+----------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-40971`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv4 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a string,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_ip_{index}``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ ``OS::Nova::Server``
+ * ``{network-role}`` is the {network-role} of the external
+ network
+ * the value for ``{index}`` must start at zero (0) and increment by one
+
+
+.. container:: note
+
+ :need:`R-98569`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_int_{network-role}_v6_ips``
+ **MUST** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-04697`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv4 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a
+ ``comma_delimited_list``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_ips``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ ``OS::Nova::Server``
+ * ``{network-role}`` is the {network-role} of the external
+ network
+
+
+.. container:: note
+
+ :need:`R-90206`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_int_{network-role}_int_ips``
+ **MUST** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-87123`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_{network-role}_v6_ip_{index}``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-93496`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port``
+ property ``fixed_ips``
+ map property ``ip_address``
+ parameter associated with an internal network, i.e.,
+
+ * ``{vm-type}_int_{network-role}_ip_{index}``
+ * ``{vm-type}_int_{network-role}_v6_ip_{index}``
+ * ``{vm-type}_int_{network-role}_ips``
+ * ``{vm-type}_int_{network-role}_v6_ips``
+
+
+ **MUST** be enumerated in the Heat Orchestration
+ Template's Environment File and IP addresses **MUST** be
+ assigned.
+
+
+.. container:: note
+
+ :need:`R-85235`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see Requirements R-52425 and R-46461),
+ and an IPv4 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a
+ ``comma_delimited_list``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_int_{network-role}_ips``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ ``OS::Nova::Server``
+ * ``{network-role}`` is the {network-role} of the internal
+ network
+
+
+.. container:: note
+
+ :need:`R-23503`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv6 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a
+ ``comma_delimited_list``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_v6_ips``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ OS::Nova::Server
+ * ``{network-role}`` is the {network-role} of the external
+ network
+
+
+.. container:: note
+
+ :need:`R-27818`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see RRequirements R-52425 and R-46461),
+ and an IPv6 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a
+ ``string``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_int_{network-role}_v6_ip_{index}``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ ``OS::Nova::Server``
+ * ``{network-role}`` is the {network-role} of the internal
+ network
+ * the value for ``{index}`` must start at zero (0) and increment by one
+
+
+.. container:: note
+
+ :need:`R-71577`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424),
+ and an IPv6 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a string,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_{network-role}_v6_ip_{index}``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ OS::Nova::Server
+ * ``{network-role}`` is the {network-role} of the external
+ network
+ * the value for ``{index}`` must start at zero (0) and increment by one
+
+
+.. container:: note
+
+ :need:`R-78380`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see Requirements R-52425 and R-46461),
+ and an IPv4 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is
+ defined as a ``string``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_int_{network-role}_ip_{index}``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ OS::Nova::Server
+ * ``{network-role}`` is the {network-role} of the internal
+ network
+ * the value for ``{index`` must start at zero (0) and increment by one
+
+
+.. container:: note
+
+ :need:`R-28795`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_int_{network-role}_ip_{index}``
+ **MUST** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-62590`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port``
+ property ``fixed_ips``
+ map property ``ip_address``
+ parameter associated with an external network, i.e.,
+
+ * ``{vm-type}_{network-role}_ip_{index}``
+ * ``{vm-type}_{network-role}_v6_ip_{index}``
+ * ``{vm-type}_{network-role}_ips``
+ * ``{vm-type}_{network-role}_v6_ips``
+
+
+ **MUST NOT** be enumerated in the Heat Orchestration
+ Template's Environment File. ONAP provides the IP address
+ assignments at orchestration time.
+
+
+.. container:: note
+
+ :need:`R-97201`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_int_{network-role}_v6_ip_{index}``
+ **MUST** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-29765`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see Requirements R-52425 and R-46461),
+ and an IPv6 address is assigned
+ using the property ``fixed_ips``
+ map property ``ip_address`` and the parameter type is defined as a
+ ``comma_delimited_list``,
+ the parameter name **MUST** follow the
+ naming convention
+
+ * ``{vm-type}_int_{network-role}_v6_ips``
+
+ where
+
+ * ``{vm-type}`` is the {vm-type} associated with the
+ ``OS::Nova::Server``
+ * ``{network-role}`` is the {network-role} of the internal
+ network
+
+
+.. container:: note
+
+ :need:`R-39841`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``ip_address`` parameter
+ ``{vm-type}_{network-role}_ip_{index}``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: subnet
+------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-38236`
+
+ The VNF's Heat Orchestration Template's
+ resource ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``subnet`` parameter
+ **MUST** be declared type ``string``.
+
+
+.. container:: note
+
+ :need:`R-76160`
+
+ When
+
+ * the VNF's Heat Orchestration Template's
+ resource ``OS::Neutron::Port`` in an Incremental Module is attaching
+ to an internal network (per the ONAP definition, see Requirements
+ R-52425 and R-46461)
+ that is created in the Base Module, AND
+ * an IPv6 address is being cloud assigned by OpenStack's DHCP Service AND
+ * the internal network IPv6 subnet is to be specified
+ using the property ``fixed_ips`` map property ``subnet``,
+
+ the parameter **MUST** follow the naming convention
+ ``int_{network-role}_v6_subnet_id``,
+ where ``{network-role}`` is the network role of the internal network.
+
+ Note that the parameter **MUST** be defined as an ``output`` parameter in
+ the base module.
+
+
+.. container:: note
+
+ :need:`R-22288`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``subnet`` parameter
+ ``int_{network-role}_v6_subnet_id``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-83677`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``subnet`` parameter
+ ``{network-role}_subnet_id``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-15287`
+
+ When the VNF's Heat Orchestration Template's
+ resource ``OS::Neutron::Port`` is attaching
+ to an external network (per the ONAP definition, see
+ Requirement R-57424),
+ and an IPv6 address is being cloud assigned by OpenStack's DHCP Service
+ and the external network IPv6 subnet is to be specified
+ using the property ``fixed_ips``
+ map property ``subnet``, the parameter
+ **MUST** follow the naming convention
+
+ * ``{network-role}_v6_subnet_id``
+
+ where
+
+ * ``{network-role}`` is the network role of the network.
+
+
+.. container:: note
+
+ :need:`R-84123`
+
+ When
+
+ * the VNF's Heat Orchestration Template's
+ resource ``OS::Neutron::Port`` in an Incremental Module is attaching
+ to an internal network (per the ONAP definition, see
+ Requirements R-52425 and R-46461)
+ that is created in the Base Module, AND
+ * an IPv4 address is being cloud assigned by OpenStack's DHCP Service AND
+ * the internal network IPv4 subnet is to be specified
+ using the property ``fixed_ips`` map property ``subnet``,
+
+ the parameter **MUST** follow the naming convention
+
+ * ``int_{network-role}_subnet_id``
+
+ where
+
+ * ``{network-role}`` is the network role of the internal network
+
+ Note that the parameter **MUST** be defined as an ``output`` parameter in
+ the base module.
+
+
+.. container:: note
+
+ :need:`R-80829`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``subnet`` parameter
+ ``{network-role}_v6_subnet_id``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-69634`
+
+ The VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` property ``fixed_ips``
+ map property ``subnet`` parameter
+ ``int_{network-role}_subnet_id``
+ **MUST NOT** be enumerated in the
+ VNF's Heat Orchestration Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-62802`
+
+ When the VNF's Heat Orchestration Template's
+ resource ``OS::Neutron::Port`` is attaching
+ to an external network (per the ONAP definition, see
+ Requirement R-57424),
+ and an IPv4 address is being cloud assigned by OpenStack's DHCP Service
+ and the external network IPv4 subnet is to be specified
+ using the property ``fixed_ips``
+ map property ``subnet``, the parameter
+ **MUST** follow the naming convention
+
+ * ``{network-role}_subnet_id``
+
+ where
+
+ * ``{network-role}`` is the network role of the network.
+
+
+Resource: OS::Neutron::Port - Parameters > Property: network
+------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-62983`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an external network (per the
+ ONAP definition, see Requirement R-57424), the
+ ``network`` parameter name **MUST**
+
+ * follow the naming convention ``{network-role}_net_id`` if the Neutron
+ network UUID value is used to reference the network
+ * follow the naming convention ``{network-role}_net_name`` if the
+ OpenStack network name is used to reference the network.
+
+ where ``{network-role}`` is the network-role of the external network
+ and a ``get_param`` **MUST** be used as the intrinsic function.
+
+
+.. container:: note
+
+ :need:`R-93177`
+
+ When the VNF's Heat Orchestration Template's resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see Requirements R-52425 and R-46461),
+ and the internal network is created in the
+ same Heat Orchestration Template as the ``OS::Neutron::Port``,
+ the ``network`` property value **MUST** obtain the UUID
+ of the internal network by using the intrinsic function
+ ``get_resource``
+ and referencing the Resource ID of the internal network.
+
+
+.. container:: note
+
+ :need:`R-29872`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Neutron::Port``
+ property ``network``
+ parameter **MUST NOT** be enumerated in the Heat Orchestration
+ Template's Environment File.
+
+
+.. container:: note
+
+ :need:`R-86182`
+
+ When the VNF's Heat Orchestration Template's Resource
+ ``OS::Neutron::Port`` is attaching to an internal network (per the
+ ONAP definition, see Requirements R-52425 and R-46461),
+ and the internal network is created in a
+ different Heat Orchestration Template than the ``OS::Neutron::Port``,
+ the ``network`` parameter name **MUST**
+
+ * follow the naming convention ``int_{network-role}_net_id`` if the Neutron
+ network UUID value is used to reference the network
+ * follow the naming convention ``int_{network-role}_net_name`` if the
+ OpenStack network name in is used to reference the network.
+
+ where ``{network-role}`` is the network-role of the internal network and
+ a ``get_param`` **MUST** be used as the intrinsic function.
+
+
+Resource: OS::Nova::Server - Parameters
+---------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-304011`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource's
+
+ * Resource ID
+ * property ``image`` parameter name
+ * property ``flavor`` parameter name
+ * property ``name`` parameter name
+
+
+ **MUST** contain the identical ``{vm-type}``
+ and **MUST** follow the naming conventions defined
+ in R-58670, R-45188, R-54171, R-87817, and R-29751.
+
+
+Resource: OS::Nova::Server - Parameters > Property: Name
+--------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-663631`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property ``name`` value **MUST** be be obtained via a ``get_param``.
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-51430`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property
+ ``name`` parameter **MUST** be declared as either type ``string``
+ or type ``comma_delimited_list``.
+
+
+.. container:: note
+
+ :need:`R-54171`
+
+ When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property ``name`` parameter is defined as a ``string``,
+ the parameter name **MUST** follow the naming convention
+ ``{vm-type}_name_{index}``, where ``{index}`` is a numeric
+ value that starts at
+ zero and increments by one.
+
+
+.. container:: note
+
+ :need:`R-40899`
+
+ When the VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property ``name`` parameter is defined as a ``string``, a parameter
+ **MUST** be delcared for
+ each ``OS::Nova::Server`` resource associated with the ``{vm-type}``.
+
+
+Resource: OS::Nova::Server - Parameters > Property: Name > Contrail Issue with Values for OS::Nova::Server Property Name
+------------------------------------------------------------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-44271`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property
+ ``name`` parameter value **SHOULD NOT** contain special characters
+ since the Contrail GUI has a limitation displaying special characters.
+
+ However, if special characters must be used, the only special characters
+ supported are: --- \" ! $ ' (\ \ ) = ~ ^ | @ ` { } [ ] > , . _
+
+
+Resource: OS::Nova::Server - Parameters > Property: availability_zone
+---------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-01359`
+
+ A VNF's Heat Orchestration Template that contains an ``OS::Nova:Server``
+ Resource **MAY** define a parameter for the property
+ ``availability_zone`` that is not utilized in any ``OS::Nova::Server``
+ resources in the Heat Orchestration Template.
+
+
+.. container:: note
+
+ :need:`R-98450`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property
+ ``availability_zone`` parameter name **MUST** follow the naming convention
+ ``availability_zone_{index}`` where the ``{index}``
+ **MUST** start at zero and
+ increment by one.
+
+
+Resource: OS::Nova::Server - Parameters > Property: flavor
+----------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-481670`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property ``flavor`` value **MUST** be be obtained via a ``get_param``.
+
+
+Resource: OS::Nova::Server - Parameters > Property: image
+---------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-901331`
+
+ The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
+ property ``image`` value **MUST** be be obtained via a ``get_param``.
+
+
+Resource: OS::Nova::Server Metadata Parameters > environment_context
+--------------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-56183`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata``key/value pair ``environment_context``
+ parameter ``environment_context`` **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-20308`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``environment_context``
+ parameter **MUST** be declared as ``environment_context`` and the
+ parameter type **MUST** be defined as type: ``string``.
+
+
+.. container:: note
+
+ :need:`R-13194`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``environment_context`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vf_module_id
+-------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-98374`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
+ ``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id``
+ **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-71493`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` **MUST**
+ contain the key/value pair ``vf_module_id``
+ and the value MUST be obtained via a ``get_param``.
+
+
+.. container:: note
+
+ :need:`R-72871`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
+ ``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id``
+ **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+.. container:: note
+
+ :need:`R-86237`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vf_module_id`` is passed into a
+ Nested YAML
+ file, the key/value pair name ``vf_module_id`` **MUST NOT** change.
+
+
+.. container:: note
+
+ :need:`R-82134`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
+ ``metadata`` key/value pair ``vf_module_id`` parameter **MUST**
+ be declared as ``vf_module_id`` and the parameter **MUST**
+ be defined as type: ``string``.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vf_module_index
+----------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-37039`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vf_module_index`` parameter
+ ``vf_module_index`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+.. container:: note
+
+ :need:`R-50816`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property ``metadata`` **MAY**
+ contain the key/value pair ``vf_module_index``
+ and the value **MUST** be obtained via a ``get_param``.
+
+
+.. container:: note
+
+ :need:`R-09811`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vf_module_index`` **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-55306`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vf_module_index`` **MUST NOT**
+ be used in a ``OS::Cinder::Volume`` resource and **MUST NOT** be
+ used in VNF's Volume template;
+ it is not supported.
+
+
+.. container:: note
+
+ :need:`R-54340`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vf_module_index`` parameter **MUST**
+ be declared as ``vf_module_index`` and the parameter **MUST** be
+ defined as type: ``number``.
+
+
+.. container:: note
+
+ :need:`R-22441`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vf_module_index`` is passed into a
+ Nested YAML file, the key/value pair
+ ``vf_module_index`` **MUST NOT** change.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vf_module_name
+---------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-15480`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vf_module_name`` parameter ``vf_module_name``
+ **MUST NOT** have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-80374`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vf_module_name``
+ parameter ``vf_module_name`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+.. container:: note
+
+ :need:`R-39067`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vf_module_name`` parameter **MUST** be
+ declared as ``vf_module_name`` and the parameter **MUST**
+ be defined as type: ``string``.
+
+
+.. container:: note
+
+ :need:`R-68023`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` **SHOULD**
+ contain the key/value pair ``vf_module_name`` and the value **MUST**
+ be obtained via a ``get_param``.
+
+
+.. container:: note
+
+ :need:`R-49177`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vf_module_name`` is passed into a
+ Nested YAML
+ file, the key/value pair name ``vf_module_name`` **MUST NOT** change.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vm_role
+--------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-67597`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vm_role`` parameter ``vm_role``
+ **MUST NOT** have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-86476`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vm_role`` value **MUST**
+ only contain alphanumeric characters and underscores (i.e., '_').
+
+
+.. container:: note
+
+ :need:`R-70757`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vm_role`` is passed into a Nested
+ YAML
+ file, the key/value pair name ``vm_role`` **MUST NOT** change.
+
+
+.. container:: note
+
+ :need:`R-95430`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property
+ ``metadata`` key/value pair ``vm_role`` value is obtained via
+ ``get_param``, the parameter **MUST** be declared as ``vm_role``
+ and the parameter **MUST** be defined as type: ``string``.
+
+
+.. container:: note
+
+ :need:`R-85328`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
+ ``metadata`` **MAY**
+ contain the key/value pair ``vm_role`` and the value **MUST** be
+ obtained either via
+
+ - ``get_param``
+ - hard coded in the key/value pair ``vm_role``.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vnf_id
+-------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-55218`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property
+ ``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-37437`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property ``metadata`` **MUST**
+ contain the key/value pair ``vnf_id``
+ and the value **MUST** be obtained via a ``get_param``.
+
+
+.. container:: note
+
+ :need:`R-44491`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vnf_id`` is passed into a Nested YAML
+ file, the key/value pair name ``vnf_id`` **MUST NOT** change.
+
+
+.. container:: note
+
+ :need:`R-07507`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property
+ ``metadata`` key/value pair ``vnf_id`` parameter
+ **MUST** be declared as ``vnf_id`` and the parameter **MUST**
+ be defined as type: ``string``.
+
+
+.. container:: note
+
+ :need:`R-20856`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server``
+ resource property
+ ``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+Resource: OS::Nova::Server Metadata Parameters > vnf_name
+---------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-36542`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vnf_name`` parameter
+ ``vnf_name`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+.. container:: note
+
+ :need:`R-16576`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property
+ ``metadata`` key/value pair ``vnf_name`` is passed into a Nested YAML
+ file, the key/value pair name ``vnf_name`` **MUST NOT** change.
+
+
+.. container:: note
+
+ :need:`R-44318`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vnf_name``
+ parameter ``vnf_name`` **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-72483`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
+ ``metadata`` **MUST** contain the key/value pair ``vnf_name`` and the
+ value **MUST** be obtained via a ``get_param``.
+
+
+.. container:: note
+
+ :need:`R-62428`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``vnf_name`` parameter **MUST**
+ be declared as ``vnf_name`` and the parameter **MUST** be defined as
+ type: ``string``.
+
+
+Resource: OS::Nova::Server Metadata Parameters > workload_context
+-----------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-34055`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``workload_context``
+ parameter ``workload_context`` **MUST NOT**
+ have parameter constraints defined.
+
+
+.. container:: note
+
+ :need:`R-75202`
+
+ If a VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``workload_context``
+ is passed into a Nested YAML
+ file, the key/value pair name ``workload_context`` **MUST NOT** change.
+
+
+.. container:: note
+
+ :need:`R-74978`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``workload_context``
+ parameter **MUST**
+ be declared as ``workload_context`` and the parameter **MUST**
+ be defined as type: ``string``.
+
+
+.. container:: note
+
+ :need:`R-02691`
+
+ A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
+ property ``metadata`` key/value pair ``workload_context``
+ parameter ``workload_context`` **MUST NOT**
+ be enumerated in the Heat Orchestration Template's environment file.
+
+
+VNF On-boarding and package management > Resource Description
+-------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-22346`
+
+ The VNF package MUST provide `VES Event Registration <https://onap.readthedocs.io/en/latest/submodules/vnfsdk/model.git/docs/files/VESEventRegistration.html>`_ for all VES events provided by that xNF.
+
+
+VNF On-boarding and package management > Testing
+------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-43958`
+
+ The xNF Package **MUST** include documentation describing
+ the tests that were conducted by the xNF provider and the test results.
+
+
+VNF Resiliency > Virtual Function - Container Recovery Requirements
+-------------------------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-46851`
+
+ The VNF **MUST** support ONAP Controller's Evacuate command.
+
+
+.. container:: note
+
+ :need:`R-48761`
+
+ The VNF **MUST** support ONAP Controller's Snapshot command.
+
+
+VNF Security > VNF API Security Requirements
+--------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-21210`
+
+ The VNF **MUST** implement the following input validation control
+ on APIs: Validate that any input file has a correct and valid
+ Multipurpose Internet Mail Extensions (MIME) type. Input files
+ should be tested for spoofed MIME types.
+
+
+.. container:: note
+
+ :need:`R-54930`
+
+ The VNF **MUST** implement the following input validation controls:
+ Do not permit input that contains content or characters inappropriate
+ to the input expected by the design. Inappropriate input, such as
+ SQL expressions, may cause the system to execute undesirable and
+ unauthorized transactions against the database or allow other
+ inappropriate access to the internal network (injection attacks).
+
+
+.. container:: note
+
+ :need:`R-43884`
+
+ The VNF **SHOULD** integrate with the Operator's authentication and
+ authorization services (e.g., IDAM).
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-02137
+
+ The VNF **MUST** implement all monitoring and logging as
+ described in the Security Analytics section.
+
+
+.. container:: note
+
+ R-15659
+
+ The VNF **MUST** restrict changing the criticality level of
+ a system security alarm to administrator(s).
+
+
+.. container:: note
+
+ R-19367
+
+ The VNF **MUST** monitor API invocation patterns to detect
+ anomalous access patterns that may represent fraudulent access or
+ other types of attacks, or integrate with tools that implement anomaly
+ and abuse detection.
+
+
+.. container:: note
+
+ R-19804
+
+ The VNF **MUST** validate the CA signature on the certificate,
+ ensure that the date is within the validity period of the certificate,
+ check the Certificate Revocation List (CRL), and recognize the identity
+ represented by the certificate where PKI-based authentication is used.
+
+
+.. container:: note
+
+ R-23772
+
+ The VNF **MUST** validate input at all layers implementing VNF APIs.
+
+
+.. container:: note
+
+ R-25878
+
+ The VNF **MUST** use certificates issued from publicly
+ recognized Certificate Authorities (CA) for the authentication process
+ where PKI-based authentication is used.
+
+
+.. container:: note
+
+ R-37608
+
+ The VNF **MUST** provide a mechanism to restrict access based
+ on the attributes of the VNF and the attributes of the subject.
+
+
+.. container:: note
+
+ R-78066
+
+ The VNF **MUST** support requests for information from law
+ enforcement and government agencies.
+
+
+.. container:: note
+
+ R-87135
+
+ The VNF **MUST** comply with NIST standards and industry
+ best practices for all implementations of cryptography.
+
+
+VNF Security > VNF Cryptography Requirements
+--------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-49109`
+
+ The VNF **MUST** support HTTP/S using TLS v1.2 or higher
+ with strong cryptographic ciphers.
+
+
+.. container:: note
+
+ :need:`R-48080`
+
+ The VNF **SHOULD** support an automated certificate management protocol
+ such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or
+ Automated Certificate Management Environment (ACME).
+
+
+.. container:: note
+
+ :need:`R-93860`
+
+ The VNF **SHOULD** provide the capability to integrate with an
+ external encryption service.
+
+
+VNF Security > VNF Data Protection Requirements
+-----------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-58964`
+
+ The VNF **MUST** provide the capability to restrict read
+ and write access to data handled by the VNF.
+
+
+.. container:: note
+
+ :need:`R-95864`
+
+ The VNF **MUST** support digital certificates that comply with X.509
+ standards.
+
+
+.. container:: note
+
+ :need:`R-69610`
+
+ The VNF **MUST** provide the capability of using X.509 certificates
+ issued by an external Certificate Authority.
+
+
+.. container:: note
+
+ :need:`R-73067`
+
+ The VNF **MUST** use NIST and industry standard cryptographic
+ algorithms and standard modes of operations when implementing
+ cryptography.
+
+
+.. container:: note
+
+ :need:`R-32641`
+
+ The VNF **MUST** provide the capability to encrypt data on
+ non-volatile memory.Non-volative memory is storage that is
+ capable of retaining data without electrical power, e.g.
+ Complementary metal-oxide-semiconductor (CMOS) or hard drives.
+
+
+.. container:: note
+
+ :need:`R-70933`
+
+ The VNF **MUST** provide the ability to migrate to newer
+ versions of cryptographic algorithms and protocols with minimal impact.
+
+
+.. container:: note
+
+ :need:`R-12467`
+
+ The VNF **MUST NOT** use compromised encryption algorithms.
+ For example, SHA, DSS, MD5, SHA-1 and Skipjack algorithms.
+ Acceptable algorithms can be found in the NIST FIPS publications
+ (https://csrc.nist.gov/publications/fips) and in the
+ NIST Special Publications (https://csrc.nist.gov/publications/sp).
+
+
+.. container:: note
+
+ :need:`R-02170`
+
+ The VNF **MUST** use, whenever possible, standard implementations
+ of security applications, protocols, and formats, e.g., S/MIME, TLS, SSH,
+ IPSec, X.509 digital certificates for cryptographic implementations.
+ These implementations must be purchased from reputable vendors or obtained
+ from reputable open source communities and must not be developed in-house.
+
+
+.. container:: note
+
+ :need:`R-47204`
+
+ The VNF **MUST** be capable of protecting the confidentiality and integrity
+ of data at rest and in transit from unauthorized access and modification.
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-22645
+
+ The VNF **SHOULD** use commercial algorithms only when there
+ are no applicable governmental standards for specific cryptographic
+ functions, e.g., public key cryptography, message digests.
+
+
+.. container:: note
+
+ R-99112
+
+ The VNF **MUST** provide the capability to restrict access
+ to data to specific users.
+
+
+VNF Security > VNF General Security Requirements
+------------------------------------------------
+
+
+Requirements Added
+~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-638682`
+
+ The VNF **MUST** log any security event required by the VNF Requirements to
+ Syslog using LOG_AUTHPRIV for any event that would contain sensitive
+ information and LOG_AUTH for all other relevant events.
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-21819`
+
+ The VNF **MUST** provide functionality that enables the Operator to comply
+ with requests for information from law enforcement and government agencies.
+
+
+.. container:: note
+
+ :need:`R-23882`
+
+ The VNF **SHOULD** provide the capability for the Operator to run security
+ vulnerability scans of the operating system and all application layers.
+
+
+.. container:: note
+
+ :need:`R-92207`
+
+ The VNF **SHOULD** provide a mechanism for performing automated
+ system configuration auditing at configurable time intervals.
+
+
+.. container:: note
+
+ :need:`R-19082`
+
+ The VNF **MUST** allow the Operator to disable or remove any security
+ testing tools or programs included in the VNF, e.g., password cracker,
+ port scanner.
+
+
+.. container:: note
+
+ :need:`R-40813`
+
+ The VNF **SHOULD** support the use of virtual trusted platform
+ module.
+
+
+.. container:: note
+
+ :need:`R-61354`
+
+ The VNF **MUST** provide a mechanism (e.g., access control list) to
+ permit and/or restrict access to services on the VNF by source,
+ destination, protocol, and/or port.
+
+
+.. container:: note
+
+ :need:`R-19768`
+
+ The VNF **SHOULD** support Layer 3 VPNs that enable segregation of
+ traffic by application (i.e., AVPN, IPSec VPN for Internet routes).
+
+
+.. container:: note
+
+ :need:`R-69649`
+
+ The VNF Provider **MUST** have patches available for vulnerabilities
+ in the VNF as soon as possible. Patching shall be controlled via change
+ control process with vulnerabilities disclosed along with
+ mitigation recommendations.
+
+
+.. container:: note
+
+ :need:`R-99771`
+
+ The VNF **MUST** have all code (e.g., QCOW2) and configuration files
+ (e.g., HEAT template, Ansible playbook, script) hardened, or with
+ documented recommended configurations for hardening and interfaces that
+ allow the Operator to harden the VNF. Actions taken to harden a system
+ include disabling all unnecessary services, and changing default values
+ such as default credentials and community strings.
+
+
+.. container:: note
+
+ :need:`R-23740`
+
+ The VNF **MUST** implement and enforce the principle of least privilege
+ on all protected interfaces.
+
+
+.. container:: note
+
+ :need:`R-62498`
+
+ The VNF **MUST** support encrypted access protocols, e.g., TLS,
+ SSH, SFTP.
+
+
+.. container:: note
+
+ :need:`R-80335`
+
+ For all GUI and command-line interfaces, the VNF **MUST** provide the
+ ability to present a warning notice that is set by the Operator. A warning
+ notice is a formal statement of resource intent presented to everyone
+ who accesses the system.
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-26586
+
+ The VNF **SHOULD** support the ability to work with aliases
+ (e.g., gateways, proxies) to protect and encapsulate resources.
+
+
+.. container:: note
+
+ R-33981
+
+ The VNF **SHOULD** interoperate with various access control
+ mechanisms for the Network Cloud execution environment (e.g.,
+ Hypervisors, containers).
+
+
+.. container:: note
+
+ R-39342
+
+ The VNF **MUST**, if not using the NCSP's IDAM API, comply
+ with "password changes (includes default passwords)" policy. Products
+ will support password aging, syntax and other credential management
+ practices on a configurable basis.
+
+
+.. container:: note
+
+ R-40521
+
+ The VNF **MUST**, if not using the NCSP's IDAM API, support
+ use of common third party authentication and authorization tools such
+ as TACACS+, RADIUS.
+
+
+.. container:: note
+
+ R-42681
+
+ The VNF **MUST** use the NCSP's IDAM API or comply with
+ the requirements if not using the NCSP's IDAM API, for identification,
+ authentication and access control of OA&M and other system level
+ functions.
+
+
+.. container:: note
+
+ R-49956
+
+ The VNF **MUST** pass all access to applications (Bearer,
+ signaling and OA&M) through various security tools and platforms from
+ ACLs, stateful firewalls and application layer gateways depending on
+ manner of deployment. The application is expected to function (and in
+ some cases, interwork) with these security tools.
+
+
+.. container:: note
+
+ R-52085
+
+ The VNF **MUST**, if not using the NCSP's IDAM API, provide
+ the ability to support Multi-Factor Authentication (e.g., 1st factor =
+ Software token on device (RSA SecureID); 2nd factor = User Name+Password,
+ etc.) for the users.
+
+
+.. container:: note
+
+ R-55830
+
+ The VNF **MUST** distribute all production code from NCSP
+ internal sources only. No production code, libraries, OS images, etc.
+ shall be distributed from publically accessible depots.
+
+
+.. container:: note
+
+ R-63217
+
+ The VNF **MUST**, if not using the NCSP's IDAM API, support
+ logging via ONAP for a historical view of "who did what and when."
+
+
+.. container:: note
+
+ R-68589
+
+ The VNF **MUST**, if not using the NCSP's IDAM API, support
+ User-IDs and passwords to uniquely identify the user/application. VNF
+ needs to have appropriate connectors to the Identity, Authentication
+ and Authorization systems that enables access at OS, Database and
+ Application levels as appropriate.
+
+
+.. container:: note
+
+ R-85633
+
+ The VNF **MUST** implement Data Storage Encryption
+ (database/disk encryption) for Sensitive Personal Information (SPI)
+ and other subscriber identifiable data.
+
+ Note: Subscribers SPI/data must be encrypted at rest, and other
+ subscriber identifiable data should be encrypted at rest. Other
+ data protection requirements exist and should be well understood
+ by the developer.
+
+
+VNF Security > VNF Identity and Access Management Requirements
+--------------------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-59391`
+
+ The VNF **MUST NOT** not allow the assumption of the permissions of
+ another account to mask individual accountability.
+
+
+.. container:: note
+
+ :need:`R-15671`
+
+ The VNF **MUST** provide access controls that allow the Operator
+ to restrict access to VNF functions and data to authorized entities.
+
+
+.. container:: note
+
+ :need:`R-75041`
+
+ The VNF **MUST**, if not integrated the Operator's Identity and Access
+ Management system, support configurable password expiration.
+
+
+.. container:: note
+
+ :need:`R-99174`
+
+ The VNF **MUST** allow the creation of multiple IDs so that
+ individual accountability can be supported.
+
+
+.. container:: note
+
+ :need:`R-23135`
+
+ The VNF **MUST** authenticate all access to protected GUIs, CLIs,
+ and APIs.
+
+
+.. container:: note
+
+ :need:`R-46908`
+
+ The VNF **MUST**, if not integrated with the Operator's Identity
+ and Access Management system, comply with "password complexity"
+ policy. When passwords are used, they shall be complex and shall at
+ least meet the following password construction requirements: (1) be a
+ minimum configurable number of characters in length, (2) include 3 of
+ the 4 following types of characters: upper-case alphabetic, lower-case
+ alphabetic, numeric, and special, (3) not be the same as the UserID
+ with which they are associated or other common strings as specified
+ by the environment, (4) not contain repeating or sequential characters
+ or numbers, (5) not to use special characters that may have command
+ functions, and (6) new passwords must not contain sequences of three
+ or more characters from the previous password.
+
+
+.. container:: note
+
+ :need:`R-42874`
+
+ The VNF **MUST** allow the Operator to restrict access based on
+ the assigned permissions associated with an ID in order to support
+ Least Privilege (no more privilege than required to perform job
+ functions).
+
+
+.. container:: note
+
+ :need:`R-98391`
+
+ The VNF **MUST**, if not integrated with the Operator's Identity and
+ Access Management system, support Role-Based Access Control to enforce
+ least privilege.
+
+
+.. container:: note
+
+ :need:`R-71787`
+
+ Each layer of the VNF **MUST** support access restriction
+ independently of all other layers so that Segregation of Duties
+ can be implemented.
+
+
+.. container:: note
+
+ :need:`R-79107`
+
+ The VNF **MUST**, if not integrated with the Operator's Identity
+ and Access Management system, support the ability to disable the
+ userID after a configurable number of consecutive unsuccessful
+ authentication attempts using the same userID.
+
+
+.. container:: note
+
+ :need:`R-86835`
+
+ The VNF **MUST** set the default settings for user access
+ to deny authorization, except for a super user type of account.
+ When a VNF is added to the network, nothing should be able to use
+ it until the super user configures the VNF to allow other users
+ (human and application) have access.
+
+
+.. container:: note
+
+ :need:`R-85419`
+
+ The VNF **SHOULD** support OAuth 2.0 authorization using an external
+ Authorization Server.
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-05470
+
+ The VNF **MUST** host connectors for access to the database layer.
+
+
+.. container:: note
+
+ R-14025
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Session Hijacking.
+
+
+.. container:: note
+
+ R-19790
+
+ The VNF **MUST NOT** include authentication credentials
+ in security audit logs, even if encrypted.
+
+
+.. container:: note
+
+ R-24825
+
+ The VNF **MUST** provide Context awareness data (device,
+ location, time, etc.) and be able to integrate with threat detection system.
+
+
+.. container:: note
+
+ R-29301
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Password Attacks.
+
+
+.. container:: note
+
+ R-31412
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for XSS / CSRF.
+
+
+.. container:: note
+
+ R-31751
+
+ The VNF **MUST** subject VNF provider access to privilege
+ reconciliation tools to prevent access creep and ensure correct
+ enforcement of access policies.
+
+
+.. container:: note
+
+ R-44032
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Man in the Middle (MITM).
+
+
+.. container:: note
+
+ R-45496
+
+ The VNF **MUST** host connectors for access to the OS (Operating System) layer.
+
+
+.. container:: note
+
+ R-49945
+
+ The VNF **MUST** authorize VNF provider access through a
+ client application API by the client application owner and the resource
+ owner of the VNF before provisioning authorization through Role Based
+ Access Control (RBAC), Attribute Based Access Control (ABAC), or other
+ policy based mechanism.
+
+
+.. container:: note
+
+ R-51883
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Replay.
+
+
+.. container:: note
+
+ R-58977
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Eavesdropping.
+
+
+.. container:: note
+
+ R-58998
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Malware (Key Logger).
+
+
+.. container:: note
+
+ R-72243
+
+ The VNF **MUST** provide or support the Identity and Access
+ Management (IDAM) based threat detection data for Phishing / SMishing.
+
+
+.. container:: note
+
+ R-73541
+
+ The VNF **MUST** use access controls for VNFs and their
+ supporting computing systems at all times to restrict access to
+ authorized personnel only, e.g., least privilege. These controls
+ could include the use of system configuration or access control
+ software.
+
+
+.. container:: note
+
+ R-77157
+
+ The VNF **MUST** conform to approved request, workflow
+ authorization, and authorization provisioning requirements when
+ creating privileged users.
+
+
+.. container:: note
+
+ R-85028
+
+ The VNF **MUST** authenticate system to system access and
+ do not conceal a VNF provider user's individual accountability for
+ transactions.
+
+
+.. container:: note
+
+ R-89753
+
+ The VNF **MUST NOT** install or use systems, tools or
+ utilities capable of capturing or logging data that was not created
+ by them or sent specifically to them in production, without
+ authorization of the VNF system owner.
+
+
+.. container:: note
+
+ R-95105
+
+ The VNF **MUST** host connectors for access to the application layer.
+
+
+VNF Security > VNF Security Analytics Requirements
+--------------------------------------------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-74958`
+
+ The VNF **MUST** activate security alarms automatically when
+ it detects an unsuccessful attempt to gain permissions
+ or assume the identity of another user.
+
+
+.. container:: note
+
+ :need:`R-29705`
+
+ The VNF **MUST** restrict changing the criticality level of a
+ system security alarm to users with administrative privileges.
+
+
+.. container:: note
+
+ :need:`R-43332`
+
+ The VNF **MUST** activate security alarms automatically when
+ it detects the successful modification of a critical system or
+ application file.
+
+
+.. container:: note
+
+ :need:`R-41825`
+
+ The VNF **MUST** activate security alarms automatically when
+ a configurable number of consecutive unsuccessful login attempts
+ is reached.
+
+
+.. container:: note
+
+ :need:`R-94525`
+
+ The VNF **MUST** log connections to the network listeners of the
+ resource.
+
+
+.. container:: note
+
+ :need:`R-04492`
+
+ The VNF **MUST** generate security audit logs that can be sent
+ to Security Analytics Tools for analysis.
+
+
+.. container:: note
+
+ :need:`R-07617`
+
+ The VNF **MUST** log success and unsuccessful creation, removal, or
+ change to the inherent privilege level of users.
+
+
+.. container:: note
+
+ :need:`R-34552`
+
+ The VNF **MUST** be implemented so that it is not vulnerable to OWASP
+ Top 10 web application security risks.
+
+
+.. container:: note
+
+ :need:`R-58370`
+
+ The VNF **MUST** operate with anti-virus software which produces
+ alarms every time a virus is detected.
+
+
+.. container:: note
+
+ :need:`R-63330`
+
+ The VNF **MUST** detect when its security audit log storage
+ medium is approaching capacity (configurable) and issue an alarm.
+
+
+.. container:: note
+
+ :need:`R-54520`
+
+ The VNF **MUST** log successful and unsuccessful authentication
+ attempts, e.g., authentication associated with a transaction,
+ authentication to create a session, authentication to assume elevated
+ privilege.
+
+
+.. container:: note
+
+ :need:`R-30932`
+
+ The VNF **MUST** log successful and unsuccessful access to VNF
+ resources, including data.
+
+
+Requirements Removed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ R-08598
+
+ The VNF **MUST** log successful and unsuccessful changes to a privilege level.
+
+
+.. container:: note
+
+ R-19219
+
+ The VNF **MUST** provide audit logs that include user ID, dates,
+ times for log-on and log-off, and terminal location at minimum.
+
+
+.. container:: note
+
+ R-20912
+
+ The VNF **MUST** support alternative monitoring capabilities
+ when VNFs do not expose data or control traffic or use proprietary and
+ optimized protocols for inter VNF communication.
+
+
+.. container:: note
+
+ R-25094
+
+ The VNF **MUST** perform data capture for security functions.
+
+
+.. container:: note
+
+ R-31961
+
+ The VNF **MUST** support integrated DPI/monitoring functionality
+ as part of VNFs (e.g., PGW, MME).
+
+
+.. container:: note
+
+ R-56786
+
+ The VNF **MUST** implement "Closed Loop" automatic implementation
+ (without human intervention) for Known Threats with detection rate in low
+ false positives.
+
+
+.. container:: note
+
+ R-57271
+
+ The VNF **MUST** provide the capability of generating security
+ audit logs by interacting with the operating system (OS) as appropriate.
+
+
+.. container:: note
+
+ R-61648
+
+ The VNF **MUST** support event logging, formats, and delivery
+ tools to provide the required degree of event data to ONAP.
+
+
+{network-role}
+--------------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-96983`
+
+ A VNF's Heat Orchestration Template's Resource ID that is associated
+ with an internal network **MUST** include ``int_{network-role}`` as part
+ of the Resource ID, where ``int_`` is a hard coded string.
+
+
+.. container:: note
+
+ :need:`R-26506`
+
+ A VNF's Heat Orchestration Template's ``{network-role}`` **MUST** contain
+ only alphanumeric characters and/or underscores '_' and
+ **MUST NOT** contain any of the following strings:
+ ``_int`` or ``int_`` or ``_int_``.
+
+
+.. container:: note
+
+ :need:`R-84322`
+
+ A VNF's Heat Orchestration Template's Resource property parameter that
+ is associated with an internal network **MUST** include
+ ``int_{network-role}`` as part of the parameter name,
+ where ``int_`` is a hard coded string.
+
+
+{vm-type}
+---------
+
+
+Requirements Changed
+~~~~~~~~~~~~~~~~~~~~
+
+
+.. container:: note
+
+ :need:`R-01455`
+
+ When a VNF's Heat Orchestration Template creates a Virtual Machine
+ (i.e., ``OS::Nova::Server``),
+ each "class" of VMs **MUST** be assigned a VNF unique
+ ``{vm-type}``; where "class" defines VMs that
+ **MUST** have the following identical characteristics:
+
+ 1.) ``OS::Nova::Server`` resource property ``flavor`` value
+
+ 2.) ``OS::Nova::Server`` resource property ``image`` value
+
+ 3.) Cinder Volume attachments
+
+ - Each VM in the "class" **MUST** have the identical Cinder Volume
+ configuration
+
+ 4.) Network attachments and IP address requirements
+
+ - Each VM in the "class" **MUST** have the the identical number of
+ ports connecting to the identical networks and requiring the identical
+ IP address configuration.
+
+
+.. container:: note
+
+ :need:`R-82481`
+
+ A VNF's Heat Orchestration Template's Resource property parameter that is
+ associated with a unique Virtual Machine type **MUST** include
+ ``{vm-type}`` as part of the parameter name with two exceptions:
+
+ 1.) The Resource ``OS::Nova::Server`` property ``availability_zone``
+ parameter **MUST NOT** be prefixed with a common ``{vm-type}`` identifier,
+
+ 2.) The Resource ``OS::Nova::Server`` eight mandatory and optional
+ ``metadata``
+ parameters (i.e., ``vnf_name``, ``vnf_id``, ``vf_module_id``,
+ ``vf_module_name``, ``vm_role``,
+ ``vf_module_index``, ``environment_context``, ``workload_context``)
+ **MUST NOT** be prefixed with a common ``{vm-type}`` identifier.
+
+
+.. container:: note
+
+ :need:`R-98407`
+
+ A VNF's Heat Orchestration Template's ``{vm-type}`` **MUST** contain only
+ alphanumeric characters and/or underscores '_' and **MUST NOT**
+ contain any of the following strings:
+ ``_int`` or ``int_`` or ``_int_``.
+