...
PROJECT | IMPACT | PTL |
SO | SO to Controller to PNF communication | |
AAF | Security Enhancements | |
SDN-C/R | Controller to PNF communication (Ansible, NetConf) | |
PRH | PRH Enhancements & Integration | |
A&AI | A&AI enhancements, PNF-ID. ESR support. | |
VID | VID enhancements & Carry over from R3 | |
PORTAL | Impact on Functional Menus | Manoop Talasila |
SDC | PNF Package management | Ofir Sonsino |
SO IMPACTS
SDN-C/R (Controller) IMPACTS
The Controller to PNF service configuration happens in Steps 36 & 37 in the PNF Plug and Play flow (you can read more at the PNF PnP Wiki).
...
PnP DUBLIN WORK ITEM
...
DESCRIPTION
...
CTL1: Controller PNF Interaction
...
[CONTROLLER] Controller definition (SDN-C) came so late in Casablanca, we had defined some additional optional parameter for the step37 Service Configuration but likely more evolution needs to be done. SDN-C was not the theoretical proper controller and people objected as this is conceptually the L0-L3 controller.
[STEP 35-37] - The SO to SDN-C and Controller to PNF exchange (Ansible or NetConf) was a carry-over item from R3. This requires that an API between SO to SDN-C is in place to support this. It requires that SDN-C support the appropriate Ansible Playbook and Directed Graph. Generic API. CDS has its own API to SO. The work being done with the CDS work is re-used for PnP U/C, so no new development needs to be done.
ASSOCIATED DEVELOPMENT:
(Jira)
Controller Design Studio (Design Time) - to customize configuration. This might be used to set the values of parameters that might be send down to a PNF.
NetConf - see the NetConf 5G U/C Wiki: 5G - Configuration with NETCONF
PRH IMPACTS
PnP DUBLIN WORK ITEM
DESCRIPTION
Schema Adaptation
So PNF-id should be used for Identities. This differentiates the way that PRH is searching for PNFs in A&AI, when PRH does the PNF registration in A&AI (may also require SO change).
A PNF-name parameter will be used to search a relevant PNF instance, and then CRUD operations will be executed using the PNF-ID value obtained from that previous instance search.
PNF-id = UUID;
PNF-name = Correlation ID.
PRH use search API to find PNF instance based on PNF-name then get the PNF-id.
pnfRegistration VES Event to get the Key to search A&AI. use "sourcename" (part of VES Common header). Take value of sourcename search A&AI to find a PNF entry. In R3/Casa search against PNF-name = sourcename (search for object get PNFid); In R4/Dublin search against PNF-name = sourcename (with a different API). search for object. Change in primary key in A&AI.
ASSOCIATED DEVELOPMENT:
See task A&AI1 and SO4.This work is to be covered here:
PnP DUBLIN WORK ITEM | DESCRIPTION | ||||||||
SO1: SO support of A&AI creation | [SO] A&AI UI can create an inactive PNF (inactive) A&AI entry. In Step #19A instead of EXITING, SO would go into WAIT STATE pending rehydration of RLF w/ pnfReady DEVELOPMENT STATUS:
| ||||||||
SO2: SO support for already existing PNF A&AI entries | [SO] Support of SO for an already existing PNF (active) A&AI Entry (use case with a deleted & recreated service or instantiating 2nd service using the same PNF) DEVELOPMENT STATUS: In ONAP/Casablanca this was updated, and irrespective of AAI entry existence for a PNF instance, the workflow execution always waits to receive a PNF registration event.
This is not planned to be changed in ONAP/Dublin release. | ||||||||
SO3: SO to support updated A&AI PNF schema | [SO] Support of SO for updated AAI PNF instance model. ASSOCIATED DEVELOPMENT: See task A&AI1 and PRH1. JIRA: Epic Created: SO Dublin Page: Service Orchesrator Dublin Release | ||||||||
FUTURE (El Alto) | |||||||||
SO-future: Controller Association [FUTURE MOVED TO EL ALTO] | [SDC/SO] The PNF controller caused quite a stir in Casablanca, the tension between Design/Platform Model vs Run-Time/Deployment Model. As a result the SO controller design was sub-optimal and should be addressed in Dublin. |
AAF SECURITY IMPACTS
...
PnP DUBLIN WORK ITEM
...
DESCRIPTION
...
AAF1: Security Enhancement
[AAF] Security enhancements slated for Dublin will need to be working for PnP Use Case. Discussing with DCAE about supporting TLS authentication just with Certificate without Username & Password. If the NF already uses the UN&P for the HTTP connection (that should still work).
Certificate use should be working in Dublin to setup the HTTPS connection.
PROPOSAL: Thus, both Certificate & Username & Password will be supported. (This is suggested for backward compatibility). i.e. there are already existing deployment.
PROPOSAL: It is recommended to use the Certificate.
Certificates as part of the authorization? Subject of the certificate is something that can be used as authorization, the proposal to DCAE is that there is a list of authorized users/subjects. Initially it could be manually configured, but the objective is that this would come from AAF.
Start with Certificates local check: subjects against a list (w/ wildcards). Agree w/ appropriate interface w/ AAF then integrate w/ AAF. If identity not found use basic authentication a second check w/ username & password. otherwise access is rejected (HTTP return code).
ASSOCIATED DEVELOPMENT:
VNFRQTS - Certificate Authentication for HTTPS/TLS -
Jira Legacy | ||||||||
---|---|---|---|---|---|---|---|---|
|
DCAE Development for Authentication for HTTPS/TLS -
(Depends on the A&AI work:
Epic Created: SO Dublin Page: Service Orchesrator Dublin Release | ||||||||||||||||||||||||||||||
FUTURE (El Alto) | ||||||||||||||||||||||||||||||
SO-future: Controller Association [FUTURE MOVED TO EL ALTO] | [SDC/SO] The PNF controller caused quite a stir in Casablanca, the tension between Design/Platform Model vs Run-Time/Deployment Model. As a result the SO controller design was sub-optimal and should be addressed in Dublin. |
AAF SECURITY IMPACTS
PnP DUBLIN WORK ITEM | DESCRIPTION | ||||||||||
AAF1: Security Enhancement | [AAF] Security enhancements slated for Dublin will need to be working for PnP Use Case. Discussing with DCAE about supporting TLS authentication just with Certificate without Username & Password. If the NF already uses the UN&P for the HTTP connection (that should still work). Certificate use should be working in Dublin to setup the HTTPS connection. PROPOSAL: Thus, both Certificate & Username & Password will be supported. (This is suggested for backward compatibility). i.e. there are already existing deployment. PROPOSAL: It is recommended to use the Certificate. Certificates as part of the authorization? Subject of the certificate is something that can be used as authorization, the proposal to DCAE is that there is a list of authorized users/subjects. Initially it could be manually configured, but the objective is that this would come from AAF. Start with Certificates local check: subjects against a list (w/ wildcards). Agree w/ appropriate interface w/ AAF then integrate w/ AAF. If identity not found use basic authentication a second check w/ username & password. otherwise access is rejected (HTTP return code). ASSOCIATED DEVELOPMENT: VNFRQTS - Certificate Authentication for HTTPS/TLS -
DCAE Development for Authentication for HTTPS/TLS - |
SDN-C/R (Controller) IMPACTS
The Controller to PNF service configuration happens in Steps 36 & 37 in the PNF Plug and Play flow (you can read more at the PNF PnP Wiki).
PnP DUBLIN WORK ITEM | DESCRIPTION |
CTL1: Controller PNF Interaction | [CONTROLLER] Controller definition (SDN-C) came so late in Casablanca, we had defined some additional optional parameter for the step37 Service Configuration but likely more evolution needs to be done. SDN-C was not the theoretical proper controller and people objected as this is conceptually the L0-L3 controller. [STEP 35-37] - The SO to SDN-C and Controller to PNF exchange (Ansible or NetConf) was a carry-over item from R3. This requires that an API between SO to SDN-C is in place to support this. It requires that SDN-C support the appropriate Ansible Playbook and Directed Graph. Generic API. CDS has its own API to SO. The work being done with the CDS work is re-used for PnP U/C, so no new development needs to be done. ASSOCIATED DEVELOPMENT: (Jira) Controller Design Studio (Design Time) - to customize configuration. This might be used to set the values of parameters that might be send down to a PNF. NetConf - see the NetConf 5G U/C Wiki: 5G - Configuration with NETCONF |
PRH IMPACTS
[A&AI] Using the pnf-id (instead of pnf-name) as the index for PNF into A&AI. (discussion started in R3, socialized, Contact: Chesla Wechsler ). The URI will change, as a query parameter.
Get naming indexing consistency with PNFs and VNFs. Schema A&AI model update.
ACTIONS: Inform Clients of break in change & migration.
Details: Proposal to Change AAI PNF Entity to use PNF-ID as key
ASSOCIATED DEVELOPMENT:
(Jira Ticket needed)
PnP DUBLIN WORK ITEM | DESCRIPTION | ||||||||||
PRH1: A&AI New PNF Schema Adaptation | New A&AI schema adaptations: Chesla Wechsler found a discrepancy between PNFs and VNFs; VNFs are identified via VNF-ID (UUID), and PNFs - via PNF-name. PNF-id = UUID; PNF-name = Correlation ID. PRH use search API to find PNF instance based on PNF-name then get the PNF-id. pnfRegistration VES Event to get the Key to search A&AI. use "sourcename" (part of VES Common header). Take value of sourcename search A&AI to find a PNF entry. In R3/Casa search against PNF-name = sourcename (search for object get PNFid); In R4/Dublin search against PNF-name = sourcename (with a different API). search for object. Change in primary key in A&AI. ASSOCIATED DEVELOPMENT: See task A&AI1 and SO4.
| ||||||||||
PRH2: Integration | [PRH] There might be more integration or development for the PRH in Dublin. | ||||||||||
PRH3: PNF Registration Update the A&AI Entry | When the PNF registers, PRH should update the A&AI entry with the information in the VES event. PRH shall update A&AI with all fields from pnfRegistration VES event into all corresponding fields of A&AI entry. See the 5G - PNF Plug and Play wiki DEVELOPMENT STATUS:
| ||||||||||
PRH4: PRH Re-Registration Support | PRH support for the Re-Registration Use Case in PNF PnP (for BBS Nomadic ONT PNF Re-registration Use Case). Which fields to compare in mapping field to determine a reregistration PNF. DEVELOPMENT STATUS:
| ||||||||||
PRH2: Integration | [PRH] There might be more integration or development for the PRH in Dublin. | ||||||||||
PRH3: PNF Registration Update the A&AI Entry | When the PNF registers, PRH should update the A&AI entry with the information in the VES event. PRH shall update A&AI with all fields from pnfRegistration VES event into all corresponding fields of A&AI entry. See the 5G - PNF Plug and Play wiki DEVELOPMENT STATUS:
|
A&AI IMPACTS
|
A&AI IMPACTS
DUBLIN ITEM | DESCRIPTION | ||||||||||
A&AI1: A&AI pnf-id as INDEX for PNF | [A&AI] Using the pnf-id (instead of pnf-name) as the index for PNF into A&AI. (discussion started in R3, socialized, Contact: Chesla Wechsler ). The URI will change, as a query parameter. ACTIONS: Inform Clients of break in change & migration. ASSOCIATED DEVELOPMENT:
| ||||||||||
A&AI4: SO support of A&AI creation | [SO] A&AI UI can create an inactive PNF (inactive) A&AI entry. In Step #19A instead of EXITING, SO would go into WAIT STATE pending rehydration of RLF w/ pnfReady DEVELOPMENT STATUS: (Completed in ONAP/Casablanca -
| ||||||||||
A&AI5: SO support for already existing PNF A&AI entry | [SO] Support of SO for an already existing PNF (active) A&AI Entry (use case with a deleted & recreated service or instantiating 2nd service using the same PNF) In Step #19B SO would exit and service creation would continue | ||||||||||
MOVED TO R5 EL ALTO | |||||||||||
A&AI2: External Manager (EMS/NMS) [ESR] | [A&AI] IP address or association with the External Manager. Is the ESR concept sufficient? https://onap.readthedocs.io/en/beijing/submodules/aai/esr-server.git/docs/ During PnP, the IP address of the External Manager would saved/stored or set by user or by the PNF. Where would that be stored? would it be in A&AI. Information about the External Manager is discovered & stored. Note: The External Manager info is optional LOW PRIORITY | ||||||||||
A&AI3: Cloud Home Server (A&AI) | [A&AI] Tracking the Cloud Home Server (CLLI, Cloud ID); is the association with the COMPLEX Object sufficient? How-To: Register a VIM/Cloud Instance to ONAP LOW PRIORITY |
...
PnP DUBLIN WORK ITEM | DESCRIPTION | ||||||||||||||||||||
VID1: VID Enhancements | Confirm the PNF PnP still works with ONAP Dublin UI changes. There was VID GUI changes that happened in R4 Dublin to for new presentation layer with redesign of how VID presentation layer, new layout & buttons. VID displays pages only with certain conditions e.g. only shows PNF if it finds a PNF resource in the service model. HIGH PRIORITY. TESTING STATUS: | ||||||||||||||||||||
VID2: VID PNF Mgmt. Enhancements | VID A&AI Schema Changes PNFid vs PNFname. VID will have to be updated to support the new A&AI Schema change PNF model (PNF-id vs PNF-name). HIGH PRIORITY. PROPOSAL: ASSOCIATED DEVELOPMENT:
| ||||||||||||||||||||
VID3: VID Enhancements | VID A&AI INSTANCE CREATION – (optional) (slide 20/Step 4) – VID supporting Resource Declaration a PNF A&AI Instance creation. Similar flow in eCOMP. LOW PRIORITY. | ||||||||||||||||||||
VID4: Error Cases | ACTION: Error cases (check if SDC model parameters != A&AI PNF entry). LOW PRIORITY. |
...