Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A flow matrix should be established for each ONAP project.

It should be reviewd reviewed at each major release of the component.

As all projects already exist:

  1.  first external flow should be specified.
  2.  then proceed with inter-components flows.
  3.  Intra-component flows 

The 2 first steps are important to gather relevant information to build the access control strategy of ONAP platform.

The information regarding intra-component flows is interesting, but do not condition it.

HOW a flow matrix?

This may be too complicated to address all flows for a given project.

...

This file enables to provide information for each external flow for the DCAE example:


ParameterValue
namename of the ONAP project e.g. DCAE.
sub_components:
        - name:
real name of the sub component e.g. dcae-snmptrap-collector
external_server_side:

in external server side list only ingress (external -> ONAP) traffic

type:nodePort
To_Be_Specified_communication:

This can be:

  1. external_communication
  2. inter-component_communication
:N/A
  1. intra-component_communication
descriptione.g. SNMP trap
ide.g. DCAE_EXT_1.
communication_initiatorwhich component initiates the communication.
e.g.  any component sending SNMP either internally to ONAP platform or externally e.g. xNF.
communication_receiptwhich component is the dest of the communication.
protocolat least level 4 or higher, to be specified if applicable. 
versionto be specified if applicable
exposed_pod_portto be specified if applicable
exposed_portto be specified if applicable
encryptionnone or active e.g.
HTTps
HTTPS implemented.

...

data_exchangedspecifies the file format, the main exchanged information. e.g. SNMP trap information.
tls_serverto specify whether the component hosts a TLS sever or a TLS client (yes or no), if applicable.
tls_clientto specify whether the component hosts a TLS sever or a TLS client (yes or no), if applicable.
flow_directionincoming our outcoming.


==> This file has to be generated for each category: external, inter-components and intra-component flows.

AND WITH a flow matrix?

The YAML files will enable to dress a map of the different flows and then ports to be open and authorized for the running of the ONAP platform.

==> this enables a reliable and an efficient implementation of the access control.

A common repository is proposed, in order to have a central and common storage of the different files.

ProjectVersionYAML : external_flows YAML : inter_components_flowsYAML : intra_component_flows
DCAE



AAI



CLAMP



MSB



DMaaP



SDC



Policy



Service Orchestrator



OOF



AAF



logging



APPC



SDN-C