Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
Introduction

This document explains the steps to on-board and instantiate vFW on Azure

...

  1. Onboard the vSINC VNF using the TOSCA designed using Simple profile nodes. TOSCA csar is available on Github: https://github.com/onapdemo/demo/rawblob/masterbeijing/tosca/aria_csars/simple_vfw_vSNC.csar?raw=true
  2. Onboard the vPG VNF using the TOSCA designed using Simple profile nodes. TOSCA csar is available on Github: https://github.com/onapdemo/demo/rawblob/masterbeijing/tosca/aria_csars/simple_vfw_vPG.csar?raw=true
  3. Import the vSINC VSP and create the VNF as shown in the video
  4. After creating the VNF, use the deployment artifact link to add the Azure specific TOSCA in the OTHER folder.
    1. Azure specific TOSCA for vSINC is available on Github: https://github.com/onapdemo/demo/rawblob/masterbeijing/tosca/aria_csars/aria-vsink-fwazurevsnk.csar?raw=true
  5. Similarly, import the vPG VSP and add the Azure specific TOSCA
    1. Azure specific TOSCA for vPG is available on Github: https://github.com/onapdemo/demo/rawblob/masterbeijing/tosca/aria_csars/aria-vpkgazurevpkg.csar?raw=true
  6. Using SDC catalog, create the vFW service by adding two VNFs that were imported.
  7. Distribute the service to SO and AAI

    Note
    titleNaming of CSAR files

    The csar names of aria TOSCA should be same as in github. This allows the Multivim adapter to pick up the correct TOSCA file for instantiation

Service Provisioning

Once the service model gets distributed to SO & AAI, service instantiation can be done using VID UI

...

  1. Login to VID and click on Browse Service Models(Left menu)
  2. Click on Deploy and then enter the service instance name and other details to create the service.
  3. Once created, you can see the service instance details with an option to "Add VNF".
  4. Click on Add VNF and select the VNF module related to vSINC.Enter the the VNF name and : "zdfw1fwl01vfw01" and other details to create the VNF for vSINC.
  5. The VNF name should be same as mentioned in above step to run the Closed loop.
  6. Preload SDNC data by capturing the VNF model data information
    1. POST /restconf/operations/VNF-API:preload-vnf-topology-operation

      Code Block
      titlevSINC Preload Request Body
      collapsetrue
      {
      	  "input": {
         		 "vnf-topology-information": {
      			      "vnf-topology-identifier": {
      				
              "service-type": "{{so_service-instance-id}}",
      				
              "vnf-name": "VF_VSINC1",
      				
              "vnf-type": "SimpleVsinc..base_vfw..module-0",
      				
              "generic-vnf-name": "VNF_SINC1zdfw1fwl01vfw01",
      				        "generic-vnf-type": "azure-vfw-service/azure-vfw-vsp 0"
      			},
      			
            },
            "vnf-assignments": {
      				
              "availability-zones": [],
      				
              "vnf-networks": [],
      				
              "vnf-vms": []
      			
            },
      			  "vnf-parameters": [  {
                          "vnf-parameter-name": "image_name",   
                          "vnf-parameter-value": "UbuntuServer"
                      },
       				{               {
           "               "vnf-parameter-name": "flavor_name",  
                           "vnf-parameter-value": "Standard_D2"
                      },
                      {
                          "vnf-parameter-name": "public_net_id",  
                           "vnf-parameter-value": "private_vnet"
                      },
      				
                      {
                          "vnf-parameter-name": "onap_private_subnet_id",  
                           "vnf-parameter-value": "private_vsubnet"
                      },
      				
                      {
                          "vnf-parameter-name": "unprotected_private_net_cidr",  
                           "vnf-parameter-value": "172.23.0.0/24"
                      },
      				
                      {
                          "vnf-parameter-name": "protected_private_net_cidr",   
                          "vnf-parameter-value": "172.23.1.0/24"
                      },
      				{                {
                          "vnf-parameter-name": "onap_private_net_cidr",  
                           "vnf-parameter-value": "172.23.3.0/24"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_0",   
                          "vnf-parameter-value": "172.23.0.150"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_1",   
                          "vnf-parameter-value": "172.23.1.50"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_2",  
                           "vnf-parameter-value": "10.0.100.1"
                      },
        				{              {
            "              "vnf-parameter-name": "vsn_private_ip_0",  
                           "vnf-parameter-value": "172.23.1.100"
                      },
      				
                      {
                          "vnf-parameter-name": "vsn_private_ip_1",   
                          "vnf-parameter-value": "172.23.3.50"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_name_0",   
                          "vnf-parameter-value": "zdfw1fwl01vfw01"
                      },
      				
                      {
                          "vnf-parameter-name": "vsn_name_0",  
                           "vnf-parameter-value": "zdfw1fwl01vsinc01"
                      },
        				{              {
            "              "vnf-parameter-name": "dcae_collector_ip",  
                           "vnf-parameter-value": "12723.096.053.1127"
                      },
                      {
                          "vnf-parameter-name": "dcae_collector_port",   
                          "vnf-parameter-value": "808030235"
                      },
                      {
                          "vnf-parameter-name": "repo_url_blob",  
                           "vnf-parameter-value": "https://raw.githubusercontent.com/onapdemo/onap-scripts/master/usecases"
                      },
                      {
                          "vnf-parameter-name": "repo_url_artifacts",  
                           "vnf-parameter-value": "https://nexusraw.onapgithubusercontent.orgcom/contentonapdemo/groupsonap-scripts/publicbeijing"
                      },
                      {
                          "vnf-parameter-name": "demo_artifacts_version",   
                          "vnf-parameter-value": "1.1.1"
                      },
                      {
                          "vnf-parameter-name": "install_script_version",   
                          "vnf-parameter-value": "1.1.1"
                      },
      				
                      {
                          "vnf-parameter-name": "pub_key",   
                          "vnf-parameter-value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD5zrmH1dHgXbNwP2qbNVySScnFVcEP25HBd2VJu2PiJLDhwgHj44Lj9ZvLyRFCetqd8CAKnLV5qy37rwaCtlH/t8Qb36cUGPhegxpF2++uTY0b6K7Zb6hEMBNw3J1z+GU7OoVwZJhsNAw4t8/7WWmJA4Owo99TJkEKvhCYjBCLoC5sIvG/lJsaFIG8A5MjnBlwgSZ3FsUU+aY1KYZUztodkyv7laDMOinwSvJggKrCugsqZdVo5bhmcSFbqrZa/a/wgqeok+79W0/DLh5Tlf7By46ASDKGnFlwDshPu++I3KMU3eRz0rJLOKeIUCz7k80X0WJ6BrSS7l+IrpDXV1M5 ubuntu@aria"
                      },
                      {
                          "vnf-parameter-name": "cloud_env",   
                          "vnf-parameter-value": "openstack"
                      } 
                      ]
         ]
      		     },
         		 "request-information": {
      			      "request-id": "robot9",
      			
            "order-version": "1",
      			
            "notification-url": "openecomp.org",
      			
            "order-number": "1",
      			
            "request-action": "PreloadVNFRequest"
          		},
       		   "sdnc-request-header": {
      			
            "svc-request-id": "robot9",
      			
            "svc-notification-url": "http://openecomp.org:8080/adapters/rest/SDNCNotify",
      			
            "svc-action": "reserve"
       		}   	}
      }  }
      }
      Note

      In preload parameters, repo_url_blob,repo_url_artifacts refers to Github link where the modified scripts for vSINC and vFW installation are kept.

      {
      "vnf-parameter-name": "repo_url_blob",
      "vnf-parameter-value": "https://raw.githubusercontent.com/onapdemo/onap-scripts/master/usecases"
      }
  7. Click on Add VF module.Enter the details and submit the request. This will instantiate the FW and SINC VMs on Azure
  8. Similarly,follow step 4(
    1. ,
      {
      "vnf-parameter-name": "repo_url_artifacts",
      "vnf-parameter-value": "https://raw.githubusercontent.com/onapdemo/onap-scripts/beijing"
      }

      Also, update the dcae_collector_ip(Load Balancer IP) in the request body to initiate Closed loop.
  9. Click on Add VF module.Enter the details and submit the request. This will instantiate the FW and SINC VMs on Azure
  10. Similarly,follow step 4(select vPG module related to vPG) and  create the VNF for vPG.
  11. Preload SDNC data by capturing the VNF model data information
    1. POST /restconf/operations/VNF-API:preload-vnf-topology-operation

      Code Block
      titlevPG Preload Request Body
      collapsetrue
      {
      	  "input": {
          		"vnf-topology-information": {
      			
            "vnf-topology-identifier": {
      				        "service-type": "{{so_service-instance-id}}",
      				
              "vnf-name": "VF_VPG1",
      				
              "vnf-type": "SimpleVpg..base_vpkg..module-0",
      				
              "generic-vnf-name": "VNF_VPG1zdfw1fwl01pgn01",
      				
              "generic-vnf-type": "azure-vfw-service/azure-vfw-vpg-vspazureVfwVpgVsp 0"
      			
            },
      			"      "vnf-assignments": {
      				
              "availability-zones": [],
      				
              "vnf-networks": [],
      				
              "vnf-vms": []
      			
            },
      			     "vnf-parameters": [ 
      				
                      {
                          "vnf-parameter-name": "image_name",   
                          "vnf-parameter-value": "UbuntuServer"
                      },
      				{
                      {
             "vnf             "vnf-parameter-name": "flavor_name",  
                           "vnf-parameter-value": "Standard_D2"
                      },
                      {
                          "vnf-parameter-name": "public_net_id",  
                           "vnf-parameter-value": "private_vnet"
                      },
      				
                      {
                          "vnf-parameter-name": "onap_private_subnet_id",  
                           "vnf-parameter-value": "private_vsubnet"
                      },
      				
                      {
                          "vnf-parameter-name": "unprotected_private_net_cidr",   
                          "vnf-parameter-value": "172.23.0.0/24"
                      },
      				
                      {
                          "vnf-parameter-name": "protected_private_net_cidr",   
                          "vnf-parameter-value": "172.23.1.0/24"
                      },
       				{               {
           "               "vnf-parameter-name": "onap_private_net_cidr",  
                           "vnf-parameter-value": "172.23.3.0/24"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_0",  
                           "vnf-parameter-value": "172.23.0.150"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_1",   
                          "vnf-parameter-value": "172.23.1.50"
                      },
      				
                      {
                          "vnf-parameter-name": "vfw_private_ip_2",   
                          "vnf-parameter-value": "10.0.100.1"
                      },
       				{               {
           "               "vnf-parameter-name": "vpg_private_ip_1",  
                           "vnf-parameter-value": "10.0.100.2"
                      },
      				
                      {
                          "vnf-parameter-name": "vsn_private_ip_0",  
                           "vnf-parameter-value": "172.23.1.100"
                      },
      				
                      {
                          "vnf-parameter-name": "vpg_name_0",   
                          "vnf-parameter-value": "zdfw1fwl01pgn01"
                      },
      				
                      {
                          "vnf-parameter-name": "dcae_collector_ip",   
                          "vnf-parameter-value": "12723.096.053.1127"
                      },
                      {
                          "vnf-parameter-name": "dcae_collector_port",  
                           "vnf-parameter-value": "808030235"
                      },
                      {
                          "vnf-parameter-name": "repo_url_blob",   
                          "vnf-parameter-value": "https://raw.githubusercontent.com/onapdemo/onap-scripts/master/usecases"
                      },
                      {
                          "vnf-parameter-name": "repo_url_artifacts",  
                           "vnf-parameter-value": "https://nexus.onap.org/content/groups/public"
                      },
                      {
                          "vnf-parameter-name": "demo_artifacts_version",  
                           "vnf-parameter-value": "1.1.1"
                      },
                      {
                          "vnf-parameter-name": "install_script_version",  
                           "vnf-parameter-value": "1.1.1"
                      },
      				
                      {
                          "vnf-parameter-name": "pub_key",  
                           "vnf-parameter-value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD5zrmH1dHgXbNwP2qbNVySScnFVcEP25HBd2VJu2PiJLDhwgHj44Lj9ZvLyRFCetqd8CAKnLV5qy37rwaCtlH/t8Qb36cUGPhegxpF2++uTY0b6K7Zb6hEMBNw3J1z+GU7OoVwZJhsNAw4t8/7WWmJA4Owo99TJkEKvhCYjBCLoC5sIvG/lJsaFIG8A5MjnBlwgSZ3FsUU+aY1KYZUztodkyv7laDMOinwSvJggKrCugsqZdVo5bhmcSFbqrZa/a/wgqeok+79W0/DLh5Tlf7By46ASDKGnFlwDshPu++I3KMU3eRz0rJLOKeIUCz7k80X0WJ6BrSS7l+IrpDXV1M5 ubuntu@aria"
                      },
                      {
                          "vnf-parameter-name": "cloud_env",  
                           "vnf-parameter-value": "openstack"
                      },
                      {
                          "vnf-parameter-name": "vpkg_unprotected_private_ip",  
                           "vnf-parameter-value": "172.23.0.50"
                      } 
                      ]
             ] 		},
          		"request-information": {
      			
            "request-id": "robot9",
      			
            "order-version": "1",
      			
            "notification-url": "openecomp.org",
      			
            "order-number": "1",
      			      "request-action": "PreloadVNFRequest"
      		    },
          		"sdnc-request-header": {
      			
            "svc-request-id": "robot9",
      			
            "svc-notification-url": "http://openecomp.org:8080/adapters/rest/SDNCNotify",
      			
            "svc-action": "reserve"
          		}
      	  }
      }
      Note

      In preload parameters, repo_url_blob refers to Github link where the modified scripts for vPG installation are kept.

      {
      "vnf-parameter-name": "repo_url_blob",
      "vnf-parameter-value": "https://raw.githubusercontent.com/onapdemo/onap-scripts/master/usecases"
      }
  12. Click on Add VF module.Enter the details and submit the request. This will instantiate PG on Azure.

Traffic flow test

Open the browser and enter the URL: http://vsnctestapp.eastus.cloudapp.azure.com:667

This will show the graph with the packets coming to SINC vm

Image Removed


    1. Also, update the dcae_collector_ip(Load Balancer IP) in the request body to initiate Closed loop.



  1. Click on Add VF module.Enter the details and submit the request. This will instantiate PG on Azure.

Traffic flow test

Open the browser and enter the URL: http://vsnctestapp.eastus.cloudapp.azure.com:667

This will show the graph with the packets coming to SINC vm


Image Added

ClosedLoop Execution

Once the instantiation of vFW is done, the VES agent in vFW VM will send the measurement data to DCAE using the IP and Port given in Preload parameters.

Two manual steps are needed to run the closed loop flow which are mentioned below:

  1. Push polices 

    First go through below link and validate the health of the policy pods.

    https://lf-onap.atlassian.net/wiki/display/DW/Policy+on+OOM

    Then do these steps

    1. Go to pap container
    2. Go to  /tmp/policy-install/config/
    3. execute command "export PRELOAD_POLICIES=true"
    4. copy push-policies.sh to /tmp
    5. Go to /tmp and open push-policies.sh 
    6. Go to vid and search the service instance and then take the "model id" of vPG vnf.
    7. find resourceID  in the push-policies.sh and change its value to "model id" of vPG (shown as below)


    curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
    "policyConfigType": "BRMS_PARAM",
    "policyName": "com.BRMSParamvFirewall",
    "policyDescription": "BRMS Param vFirewall policy",
    "policyScope": "com",
    "attributes": {
    "MATCHING": {
    "controller" : "amsterdam"
    },
    "RULE": {
    "templateName": "ClosedLoopControlName",
    "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
    "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+%973ef-7b55-41ce-a633-62af3462a8220D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
    }
    }
    }' 'http://pdp:8081/pdp/api/createPolicy



          h. now execute push-policies.sh (./push-policies.sh)

  2. Create APPC Mount
    1. Get the VNF instance ID of vPG, either through VID or through AAI. 
    2. Get the public IP address of the Packet Generator from your deployment.
    3. Create file appc-mount.xml  with following content and replace VPG_IP with packet generator IP.

      <node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
      <node-id>VPG_VNF_INSTANCE_ID</node-id>
      <host xmlns="urn:opendaylight:netconf-node-topology">VPG_IP</host>
      <port xmlns="urn:opendaylight:netconf-node-topology">2831</port>
      <username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
      <password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
      <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
      <!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->
      <reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
      <connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
      <max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
      <between-attempts-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">2000</between-attempts-timeout-millis>
      <sleep-factor xmlns="urn:opendaylight:netconf-node-topology">1.5</sleep-factor>
      <!-- keepalive-delay set to 0 turns off keepalives-->
      <keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>
      </node>


    4. Create Network config in appc using below API

      curl -v  --user "admin":"admin" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT http://<load_balancer_ip>:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/<VNF_INSTANCE_ID>


    5. Use below GET to validate that PUT API  created config correctly

       curl -v  --user "admin":"admin"  -H "Accept: application/xml" -H "Content-type: application/xml" -X GET http://<load_balancer_ip>:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/<VNF_INSTANCE_ID>



      Note:

      Related link  https://lf-onap.atlassian.net/wiki/display/DW/Creating+a+Netconf+Mount

Running vFW with Robot Framework

...

Output of the Execution-

Console -

Image RemovedImage Added

Azure Portal - 

Image RemovedImage Added

Log-

vFW on Azure

...