Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    1. Standard vFW is m1.medium but DANOS is a smaller footprint and an on disk image that is only 8 GB instead of a full Ubuntu volume.
  1. Add a tag for running tests with your VNF
    1. Add instantiateVFWCLDN tag and data for an  instantiate VNF testcase  to demo.robot
    2. The command line "./ete-k8s.sh onap  instantiateVFWCLDN"  would now onboard the vFWCLDN models and instantiate the VNF as a DANOS vFW and a traffic sink and a traffic generator without having to use the GUI's directly so it could be used for regression.
  2. Document any post instantiation steps
    1. DANOS Post Install Configuration
      1. Use curl/postman to make Netconf configuration changes to the vRouter to configure the ports - this demonstrates post instantiation configuration through SDNC
      2. Update the DACE collector ip addres and port in the vRouter if not provided on your VNF by cloud-init (also works for PNFs)
    2. Use horizon to remove the "Port Security" on the ports for the 3 virtual machines in case your version of openstack defaults to activate port security.
  3. Test that the VNF works with ONAP
    1. Closed Loop telemetry from DANOS to DCAE/VES can be confirmed indicting both correct traffic flow from the packet generator to the traffic sink through the DANOS vRouter but also that VES telemetry is properly going to DCAE and being processed as events.
    2. Use POSTMAN to get events from the VES collector output
    3. GET  https://{{dmaap_ssl_port}}/events/unauthenticated.VES_MEASUREMENT_OUTPUT/g1/c3?timeout=5000

      Code Block
      titledmaap VES event
         "{\"event\":{\"commonEventHeader\":{\"startEpochMicrosec\":1588882076723273,\"eventId\":\"mvfs00000001\",\"sequence\":0,\"domain\":\"measurementsForVfScaling\",\"lastEpochMicrosec\":1588882086723273,\"eventName\":\"vFirewallBroadcastPackets\",\"reportingEntityId\":\"No UUID available\",\"internalHeaderFields\":{\"collectorTimeStamp\":\"Thu, 05 07 2020 08:07:27 UTC\"},\"sourceName\":\"vofwl01fwleccf\",\"priority\":\"Normal\",\"version\":3,\"reportingEntityName\":\"vyatta\"},\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":2,\"vNicPerformanceArray\":[{\"transmittedOctetsDelta\":0,\"receivedTotalPacketsDelta\":1003,\"vNicIdentifier\":\"dp0s4\",\"valuesAreSuspect\":\"true\",\"transmittedTotalPacketsDelta\":0,\"receivedOctetsDelta\":60180}]}}}"


    4. Notice the sourceName is the DANOS firewall and the receivedTotalPacketsDelta is 10003 representing the stream:10 setting on the packet generator.
    5. Use POSTMAN to get the TCA EVENT output
    6. GET https://{{dmaap_ssl_port}}/events/unauthenticated.DCAE_CL_OUTPUT/g1/c3?timeout=5000

      Code Block
      titleDCAE TCA Event Output
      "{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"1.0.0\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VM\",\"AAI\":{\"vserver.prov-status\":\"ACTIVE\",\"vserver.resource-version\":\"1588875887013\",\"vserver.is-closed-loop-disabled\":false,\"vserver.vserver-name2\":\"vofwl01fwleccf\",\"vserver.vserver-id\":\"25413ae3-11ed-408d-9bdd-c2ce3926097c\",\"vserver.vserver-selflink\":\"http://10.12.25.2:8774/v2.1/712b6016580e410b9abfec9ca34953ce/servers/25413ae3-11ed-408d-9bdd-c2ce3926097c\",\"vserver.in-maint\":false,\"vserver.vserver-name\":\"vofwl01fwleccf\"},\"closedLoopAlarmStart\":1588877023057584,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-e713e960-8dd2-4b7e-9c8d-e439bdb30bc3\",\"version\":\"1.0.2\",\"target\":\"vserver.vserver-name\",\"requestID\":\"914a94eb-90c0-4b2a-baf3-fbc309385041\",\"from\":\"DCAE\"}",


    7. Notice the closedLoopEventStatus is ONSET since the traffic is above the 700 packets threshold in the policy.

  4. We can also use the netconf interface from SDNC to the DANOS virtual router to create and change the firewall rulesets.
    1. Configure DANOS Firewall


Info

Filter by label (Content by label)
showLabelsfalse
max5
spacesDW
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel = "kb-how-to-article" and type = "page" and space = "DW"
labelskb-how-to-article

...