- Created by Andy Mayer, last modified by Manoj Nair on Nov 28, 2018
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 67 Next »
This page is intended to capture the ongoing study and discussion in the Ext-API project related to the inter-CSP interaction enabled through the MEF interlude specification. This is related to the JIRA item planned in the Casablanca cycle. While it is essential to carry out a detailed study on the inter-provider interactions and overall impact on ONAP as a solution, the scope of this page will be limited to the impact on External API. Additionally, while the focus is on the MEF interlude specification, there is some good amount of work being done in many SDOs to address the scope of inter-provider management interactions - notably TMForum, ETSI, NGMN, ONF, IETF etc. It is worth noting the scope and outcome of these SDOs and analyze some best practices that ONAP can incorporate. It is also worthwhile to note how other opensource communities like OSM, 5GPPP/5GEx etc tackled this issue. Further, the page also captures the short term and long term requirements to support Interlude like inter-provider interaction.
Overview
MEF LSO defines a set of specifications and reference points aimed at providing end to end service orchestration across multiple network domains using standardized APIs. One of the reference points in this set is interlude which focuses on providing control related management interactions between service provider and partner (link). The other inter-provider reference point in LSO is SONATA which mainly focuses on the OSS/BSS level business interactions. As ONAP is not specifically on the SONATA level of interactions, the rest of the document focuses mainly on the interlude reference point in MEF and similar specifications in other standard organizations. While interlude is one of the reference point and specification which addresses inter-provider interaction, it is worthwhile to look at the broader scope considering typical operational, business use cases and aspects impacting such interactions in ONAP External API specifically and ONAP in general. MEF Interlude scope is covered in detail in a separate section.
5GExchange (link) as part of 5GPPP is one of the relevant project worth referring which focuses on "cross-domain orchestration of services over multiple administrations or over multi-domain single administrations" (link). 5GEx project defines a multi-domain logical interworking architecture which covers multi-operator interaction and multi-domain interaction within the same operator. As part of the 5GEx project a detailed study is being conducted around inter-domain and inter-provider interactions and results are published here. The 5GEx proposed system consists of multi-domain orchestrator (MdO), domain orchestrators and interactions between MdO (marked as #2 in the diagram below), the interaction between MdO and Domain orchestrators (marked as #3 in the diagram), the interaction between customer and MdO (marked as #1), interaction between Domain Orchestrators and controllers (marked as #5) and interaction between domain orchestrators (marked as #4). Each of these interactions is identified by different types of interfaces. There is also a classification based on business level interactions, management/orchestration level interaction, control level interactions, and data level interaction. Out of these #2 is the one which close matches the MEF interlude reference point, but the scope is slightly different because in 5GEx project business, management/orchestration related interactions are expected to be handled by the same interface (i.e #2). While #3 (between MdO and DO) is quite relevant in the case of External API, this may be an item for future study as domain orchestration concept is currently under discussion in ONAP Tiger team as of September 2018. For the sake of this document, MdO is functionally mapped to the External API component in ONAP as it is providing an end to end service management capability.
Following diagram captures the interface mapping to standards as defined by 5GEx in their functional model found here
Looking at the picture above, it can be observed that 5GEx mostly follows the ETSI MANO specific interfaces for interactions across MdOs or between MdO and DO. But the picture also includes some additional scope as listed below
- Topology distribution across domains for exchanging network topology details that may be used by MLPCE.
- Multi-domain path computation engine interaction across domains for exchanging path specific data
- SLA Management interaction across domains for exchanging business agreement.
- Service Catalogue interactions across domains for exchanging service specifications
Summarizing the scope in5GExproject, its key focus is in virtualized infrastructure with ETSI MANO building blocks with additional scope for exchanging the network topology, network path, business agreement and service specification across different domains. For ONAP Ext-API this may not be quiterelevantasitfunctionsatalayerabovetheNFVO. However, if External API scope is expanded to have cross-layer interaction, i.e MdO of one operator domain interacting with DO of another operator domain 5GEx specific interfaces may be relevant. But what can be learned from the 5GEx project is the concept of SLA Management, Catalogue exchange, Security mechanisms and approaches for supporting use cases such as Slicing.
The topic of inter-provider/inter-domain interaction is being discussed in TMF ODA, ETSI ZSM, but these specifications are still in the early stages of development and may not be relevant in the near future of ONAP development.
Another specification worth referring is ETSI IFA 028 v3.1.1 - wherein MANO architectural options to support multiple administrative domains is being discussed. This specification introduces two concepts - MLPOC (Multiple Logical Point of Contact) andSLPOC (Single Logical Point of Contact) with varying degrees of cross-layer interaction and information abstraction across domains. This specification also defines an Or-Or interface across NFVOs in different administrative domains. As described in the case of 5GEx, ETSI Or-Or level interaction may not be of immediate focus for External API project in the context of Interlude. However this may be relevant in case Ext-API is promoted as a sole external facing component from ONAP and interaction between two VFC or SO systems need to be enabled across operators favoring the ETSI SOL0011 interface. This requires further discussion with the architecture team and EUAG.
SDO/OSSP activities around inter-provider APIs are covered in detail in subsequent sections.
Update 11/14 : As per discussion in Ext-API weekly call, the scope of Ext-API will not cover multi-level interaction (similar to MLPOC referred in IFA 028) . So the interaction will be limited to communication between Ext-API in SP and Partner domain. The reasoning is that MEF interlude scope is interaction of functions at Service level and not between functions in the Service and Resource level.
Multi-domain Interaction
As defined in 5GEx project multi-domain can be multiple network operators or it can be multiple subdomains within a single operator. The scope of interaction might be slightly different within single operator domains and across multiple operators because the latter will be governed by SLAs with strict policies and predefined trust/contract between the two operators. So security and trust are some of the key criteria for interaction across multiple parties. All interaction should be governed, policy controlled based on the trust agreement. Within the same operator domain, there can be multiple administrative domains which can be governed by SLO/OLOs and trust agreement as in the case of inter-provider interaction. But there can also be a model of distributed deployment which may not fit into the purview of multi-domain interaction. For example, geo-redundancy and HA deployments may not be classified as multi-domain interaction, but governed mostly by policies defined between two software components and interaction over internal APIs. Another consideration for multi-domain is the scope of domain - for example, a domain might just focus on the legacy network or a domain might focus on providing WAN services or another domain may implement only the network control capability without orchestration functions, or it can be a classification based on infrastructure, platform services. In all these cases the relevance of multi-domain might be applicable but need to be read along with the federation-delegation models and the administrative boundaries that separate through a business agreement. The topic of Domain orchestration is under discussion in ONAP as well as other SDOs. So this topic may be revisited at a later stage.
Form Ext API point of view the relevance of interlude level interaction is mostly between two administrative domains those are governed by predefined policies and offering services that can be queried and consumed within the purview of the agreed policies.
Federation and Delegation
Similar to multi-domain interaction, federation and delegation are two terminologies used for interaction between two logically separated endpoints. While there is no standard terminology defined at the ONAP level, we can assume federation to be the east-west interaction between systems/components at same logical domains- for example between Orchestrators in two administrative domains, or controller in two administrative domains. The delegation terminology can be associated with the interactions between systems/components at different logical domains- for example, an end to end orchestrator interacting with a domain orchestrator. Federation and Delegation can be classified with reference to the diagram above from 5GEx. Interactions marked 2 can be classified in federation and interaction marked 3 and 5 can be classified as delegation. Here the federation is across domains of different operators, whereas delegation is between the same operator domains. Another differentiator is that federation is between logical domains with similar scope whereas delegation is between logical domains with a different scope. The logical separation can be based on the technology abstraction, geographic abstraction or deployment model. One example of the federation model is the interactions in the CCVPN use case where a partner operator service is initialized and consumed. An example of the delegation model is interaction possible between the central site and edge site orchestrators in an edge automation use case.
In the ETSIIFA028there are two models of inter-administrative domain interactions -SLPOC (Single Logical Point of Contact) and MLPOC (Multi Logical Point of Contact). In SLPOC there is a single interaction point between two administrative domains whereas in MLPOC there are multiple interaction points between administrative domains. In simple terms, it is possible based on ETSI MLPOC model for NFVO in one administrative domain to interact with VNFM or VIM in another administrative domain over the ETSI interfaces. Since External API functions at a layer above NFVO, the current scope of interaction is limited to the federation model described above -i.einteraction between External API in two operator domains.
The delegation model support in External API requires further discussion based on specific use cases. There is also discussion around Recursive Orchestration, Orchestration Hierarchy and Domain Orchestration. The delegation model can be considered within the scope of External API once some concrete decision is made by the Architecture team. For the current scope, only the federation model is considered.
Business Agreement and Policy
MEF Interlude does not have a specific scope for managing the Business Agreement between SP and Partner, however, the interaction between the parties might be governed and controlled based on the predefined business agreement and associated policy rules, security mechanism. 5GEx document on Business and Economic Layer (link) elaborates this aspect in detail but limits the focus on the SLA between parties. Some interesting aspects to be considered for Interlude are as follows
- Roles of the parties (SP and Partner) which will determine the mode of communication, specific controls required at either end, Policies to be enforced, the direction of communication (Some examples given for the 5G case are - Infrastructure Service Provider, Network Service Provider, Communication Service Provider, Over the top service provider, Exchange point service provider . The roles defined by 5GEx are mostly inspired by those defined by 3GPP 28.801.
- Centralized vs Distributed Interaction: The interaction between parties can be centralized i.e coordinated by an aggregator provider acting as an exchange point between parties or it can be one to one. The aggregator model is better as it will avoid the need for multiple business agreements while ensuring centralized enforcement SLA and policies
- Coordination model: Consists of two phases - publishing phase where information is exchanged between parties on the offered services and service composition phase when the actual customer request for a service is forwarded from one party to other. In the case of Ext-API this will be translated to a query on the other parties Service Catalog and initiation of service Configuration/Control Request
- Agreement Push vs Pull Model: In Push model the Business Agreement and policies are predetermined/agreed before any interaction between parties over the inter-provider API whereas in pull model business agreement is dynamically decided based on the customer request and required SLA, monitoring levels.
The 5GEx project defines Business Agreement in terms of SLA and the document referred at the beginning of this section also gives a template for defining SLA. For ONAP Ext-API this may not be useful as it currently does not have any referenceable entities for defining policies for interaction between parties, which is quite relevant at the interlude level.
Other relevant SDO References for adapting Business Agreement are as follows
- TMF B2B2X Partnering Step by Step Guide (link): Lifecycle model for B2B partner management, templates for B2B agreement mostly focused on the business layer, but the operating agreement may be relevant for defining the interlude policies
- Recent ONS presentation on BlockChain based inter-operator agreement implemented based on HyperLedger (link)
ONAP Policy Framework support creation of Guard Policies and Blacklist Guard Policies based on a specific Policy Model (link). These are decision policies with a "Permit" or "Deny" response. While this is one potential option to control interaction between microservices or components within a single instance of ONAP, when it is applied to the inter provider APIs , need to check whether the Guard policies can be used as is or need to be augmented with additional properties. Another aspect to consider is the NBI that need to be exposed to create the policies, i.e to extend the existing Policy APIs via Ext-API.
ONAP Policy FW also support creation of Configuration Policies. These are set of key value pairs which indicate the applicable limits for certain conditions/contexts. In the Ext-API context Configuration policy can be reused to store the partner resource access control parameters, conditions. In either cases (i.e Guard or Configuration Policy) EXT-API act like a Policy Enforcement Point and may trigger policy requests based on API invocations.
For External-API project a new set of APIs needs to be defined between Business Application layer and SOF over Legato to push the policies for interacting with the partner. In the absence of this API, it may be assumed that Ext-API will consult the Policy Engine in ONAP for determining the control mechanisms that need to be established before interacting with the partner over the inter-provider API.
Cross-layer Interaction
IN MEF LSO, the interlude reference point is between SOF in Service Provider domain and Partner Domain. If this principle is strictly followed the interaction can be confined to External API level or External API+SO combined. i.e SOF functionality can be assumed to be fulfilled using Ext-API and SO as a unified block. However, in practical deployments, there may be scenarios which might require cross-layer interaction, for example, MLPOC proposed in ETSI IFA028 wherein the Orchestration function in one domain interacts with VIM or VNFM in another domain. The multilayer interaction might also be possible in a hybrid orchestration scenario wherein the Virtualization and Non-Virtualized domains might have to interact at different levels - for example, a MEF LSO compatible system needs to interact with a non-MEF LSO compatible system. One more practical case is the domain orchestration scenario wherein different logical domains interact with each other. This is a wider consideration and decision requiring input from architecture subcommittee and EUAG.
Another aspect of inter-operator cross-layer interaction is cross-layer data reconciliation say at the inventory level or at the assurance level assuming the cross-layer interaction is permissible as per the business agreement and requires for efficiency. But this aspect is outside the scope of the interlude and may be a topic for wider discussions across SDOs.
For the scope of External API in the short term it is assumed that the cross-layer interaction is limited to the interaction between two systems in SP and Partner domains at least one of those is Ext-API component and other one is the entity which is logically equivalent in functionality and having permissible scope and APIs as defined in the MEF interlude specification and compatible with the Agreement between the two parties (SP and Partner)
Design Time Impact
In the CCVPN use case the Partner capabilities and management connectivity details are represented using a place-holder resource by name SPPartner. The SPPartner model is given in the link here. The CCVPN use case assumes that Services are designed independently by SP and Partner by respective Design time environment. This means that there will be redundant Service descriptors on the SP and Partner Design time catalog. The Service Model ID in SDC catalog is used to associate a Partner Service ID with a Service Specification in Inventory on either domain. Additionally, the Service Model ID maintained in the SDC catalog by the other party is manually referred for invoking operations - for example as a payload parameter on Service Order Management across SP and Partner. In practical scenarios, such redundancies and manual referencing cannot be avoided but if either domain use ONAP it shall be possible with additional capability on the design-time environment to design services using a single instance (managed by SP) and distribute the service models to both SP and Partner runtime environment.
From External API point of view, since it refers currently to the SDC Catalog for any Catalog management operations, there may be a need to identify the service specifications uniquely between SP and partner and refer to such specification for any interactions like Service Configuration and Control. There is also a need to reconcile the service specification based on incremental changes or versions updated in the design time catalog on either domain. Without such reconciliation and associated validations, the interactions may be inconsistent.
Another important consideration is maintaining the internal view of the service specification and external view. For example the Service Model Identifier maintained within External API can be considered as an external reference for the service specification whereas the Service model id within SDC catalog can be viewed as the internal ONAP identifier for the service model. The mapping between these two may be stored either in SDC or in External API. While referring to service specification over interlude reference point it may be more appropriate to use the identifier used by External API.
Mastership Management
In all practical cases, a typical SP may have to manage a group of Partners and corresponding inter-provider interactions. In such scenarios, it is important to assign the roles of the SP and Partner as to what each party is authorized on the SOF-SOF reference point. It is also possible that a Partner SOF is managed by multiple SPs or the SPs have a peer to peer relationship between them with each playing different roles at different contexts. As the interlude reference point focus on the Service Control and Configuration, it is important to ensure that simultaneous Service modification is avoided. One of the key requirement here would be to assign designated roles (mastership) for SP or Partner as to who is authorized to make Service related changes. Another requirement might be that before initiating any Service control the respective resources/applications are locked in inventory or through access control mechanisms. From Ext-API point of view this leads to a requirement to define the roles and authorizations while creating the Partner registration in inventory. This can be supplied either at the design time (through SDC - for example, while creating the SPPartner resource) or at runtime/design time through Policy association with a Service. Another option would be to leverage the ESR provided capabilities to manage the Partner registration where appropriate restrictions can be incorporated. The particular model of mastership assignment needs to be discussed further and selected during the implementation time.
Update 11/14: As per the discussion in Ext-API weekly call Master-ship management is not critical requirement in near future. In the MEF interlude context the chances of many to many interaction or delegation of control to a Partner are yet to be finalized. With this input, it is assumed that Ext-API will not need an additional parameter to check the mastership before initiating interaction over interlude.
This section mainly focuses on the identifiers shared between SP and Partner - For e.g.Service Specification being referred by the Service Provider and Partner at the Ext-API level, the mapping between Service specification used in Ext-API and ONAP SDC Catalog Service Model Identifier.
Service Assurance and Closed Loop Control
Currently, ONAP DCAE supports the deployment of a closed-loop application chain based on a preconfigured blueprint. This includes deployment of collectors, mappers and analytics applications. The closed-loop control is mainly driven by the event/data propagation from NF to collectors and further to analytics application. The decision for closed-loop control is preconfigured through operational policies defined in the policy engine. This model works fine in a single operator domain. However, this may not work very well across operator boundaries as thereisstrict access restrictions and security guidelines which will prevent SP to launch control loop chains on Partner domain.
MEF Interlude defines the scope for receiving Service specific event notifications from the partner. In ONAP Ext-API scope there can be two options for supporting this capability
1) Have custom control loop chains on either side of the operator domains to collect the service-specific event notifications and publish on internal message bus (DMaaP) which may be processed by Ext-API
2) Have a REST-based callback mechanism enabled between operator API gateways to support such service notifications - similar to the Hub resources used for Service Order status monitoring
The first option is scalable and probably more suitable in the long run, but this has the limitation that the event notification needs to follow the currently supported VES specification. The second method is more suitable in the short term with the assumption that either Operator systems are capable of generating/handling service level notification.
While Interlude specification does not define the type of Service notification possible the initial view is that it can be used for sharing the service instance status, service performance or service faults. So any resource level performance/faults need to be aggregated before notifying to the other party. In the case of ONAP, if both sides are realized using ONAP, there might be a need to have analytics applications to consolidate resource level performance/faults to service level and send the aggregate data across Interlude reference point.
Management Connectivity to Partner
TBD (MSB extension, REST API Call, ESR, DMaaP)
S3P Requirements
- Security: There are multiple aspects of security to be considered in the context of inter-provider interaction 1) Physical Security: Ensuring the partner and service provider interactions are not tampered through physical access 2) Information/Platform Security: Securing the data at SP and Partner side so that unauthorized and unintended data access can be avoided, Securing the SP and Partner Access credentials, Keys in a secure storage 3) Communication security : Securing the communication channel between SP and Partner 4) Regulatory controls : Lawful intercept support, Inter-provider exchange guidance, Country-specific controls etc.5) Policy-based controls: Security controls driven by business agreement between parties.
For the Ext-API scope it is assumed that the management/control interaction between SP and Partner domains will be carried out through a secure HTTP based channel having SSL/TLS based encryption with a trusted Certificate issued by a third party CA. Additionally, at the inter-provider reference point, it is also important to ensure the interaction is controlled as per the inter-provider business agreement. From Ext-API point of view the expectation is that any interaction between the two endpoints will be governed by the policies defined in Policy Engine in ONAP. So there might be additional APIs or Policy Configurations might be required to govern the interaction of Ext-API. Generally, the security controls vary across operators based on the implemented IT/Network security standards (such as ISO27001, BS7759, ISO/IEC 27002 etc) and also the restrictions/regulatory controls in specific countries. So defining an Ext-API level consideration may be difficult. These aspects need to be driven by overall guidance by the Security Subcommittee and EUAG in ONAP.
Another aspect to be considered is the Authentication and Authorization of interaction between SP and Partner. This requires that the credentials and rights are exchanged in advance between the parties before any interactions can take place. This has dependency at the BSS level for enabling the Ext-API to use the allowed capabilities. In ONAP the authentication and authorization is currently managed through the AAF component. The AAF component gives flexibility to use different types of authentication and authorization mechanisms . Inorder to use AAF for Ext-API requirements, a separate namespace need to be created in AAF , associated credentials need to be created and configured (x509 Client Certificate or Basic Authentication) , Server Certificate for HTTPS/TLS to be created and configured , Create permissions for the rights. Additionally Ext-API need to implement the AAF client to implement those permissions. AAF supports distributed deployment and look up mechanism. But AAF's role across multiple administrative domains need to be checked and developed in consultation with the AAF team. In the context of this document, it is assumed that AAF provides a mechanism/APIs to configure Partner services based on input received from the BSS (as per Business Agreement/Contract)
- Scalability: Currently there is no specific scalability requirement with respect to inter-provider interactions, except for supporting the scaling of management modules like collectors, Hub resources etc corresponding to the Partner systems. However, this aspect may be revisited in the future based on mandatory S3P level requirements to be achieved for each release.
- Stability: No specific requirements as of now. To be revisited in future.
- Performance: No specific requirements as of now. To be revisited in future.
Service Impact Assessment
As per the MEF 55 interlude scope of Service Configuration and control, there may be an impact on service if it is already in an Active state. There shall be a need to carry out a service impact assessment before initiating the Service Configuration and Control. This is typically done in operational environments by placing a work order and associated workflows will carry out the impact and corrective rerouting and roll back measure before actually initiating the Service Configuration or Control. This is very specific to the use case and it also depends on whether the service configuration and control is service impacting or not. In the current MEF 55 scope, a dedicated change management is not scoped. However, intheONAPExt-API scope this may be one of the prerequisites that need to be initiated before or along with any operation over the inter-provider interface. Generally, in the traditional OSS environments, any request for partner services are initiated through a work order. The need for supporting inter-provider service request through a work order needs to be assessed based on the opinion of EUAG. For Ext-API, it is assumed that the inter-provider API request may be preceded by an optional change management request, or the Service Configuration/Control Request itself may be piggybacked in the change management request.
Standard APIs
MEF Interlude is a reference point which is expected to accommodate many APIs going forward based on the scope defined. Few examples of APIs that may be suitable as per the scope in MEF 55 are as follows
- Service Provider controls aspects of the Service within the Partner domain (on behalf of the Customer) by requesting changes to dynamic parameters as permitted by service policies. - TMF 641 Service Order Management API or TMF 640 Service Configuration and Activation Management API
- Service Provider queries the operational state of the Service - TMF 638 Service Inventory Management API (This may be restricted in some deployment scenarios)
- Service Provider requests change to the administrative state of a service or service component (e.g. Service Interface) - TMF 640 Service Configuration and Activation API
- Service Provider requests update to defaulted service parameters which are allowed to be customized (policy-controlled) - TMF 641 Service Order API or TMF 640 Service Configuration and Activation API
- Service Provider requests the creation of connectivity between two Service Interfaces as permitted by established business arrangement - TMF 641 Service Order API or TMF 640 Service Configuration and Activation API
- Service Provider provider queries the Partner's Service Inventory for services provided by the Partner to the Service Provider. - TMF 638 Service Inventory Management API
- Service Provider receives Service specific event notifications from the Partner - TMF 642 Alarm Management API or TMF 640/641 Service Order API (ServiceOrderChangeNotification)
- Service Provider receives Service specific performance information from the Partner - TMF 628 Performance Management API , TMF 649 Performance Management Threshold API
- Service Provider requests test initiation and receive test results from the Partner. - TMF 653 Service Test Management API
Update 11/14: A proposal from Orange available here suggest the possibility of two types of APIs - TMF 641 if the request originated from BSS and TMF640 if it is originated from an end user (provided BSS has authorized to carry out the operation without notifying BSS). Going by this proposal, TMF640 will be more suitable for interlude primarily for the specific items where both TMF640 and TMF641 are listed as options. But the following are the potential issues that need to be considered
- The mechanism of authorization by BSS - in terms of policy or by a design option in SDC
- Where to maintain such authorization data - SDC or Policy or Locally in Ext-API
- The prerequisites before issuing a TMF 640 request - verifying the state of the service, access policies etc
- The scope of authorizing the configuration - i.e how deep, what specific parameters, what conditions.
- Keeping track of the service configuration request
- The mechanism for monitoring such configuration if it is overridden by a power user from the partner side.
List of TMF Open APIs can be found here
TMF Notification Patterns - link
Information/Data Model
There are multiple models found to be relevant for inter-provider API
- MCM aligned E-Line Service Model defined in MEF Interlude Contribution - Access E-Line Service Control Classes - 5th Draft
- Work in progress MEF Services Common Model (link) - Initial Proposal for Work Item
- CFS/RFS being referenced by the TMF 641 (based on SID) (link) - Currently followed by CCVPN use case
The choice of a specific model will depend on the decision of EUAG, TOSCA Task Force in ONAP. From Ext-API point of view it is expected to leverage the CFS/RFS model being referred by the TMF 641 API or the Generic Resource Model used in TMF 655. In future as Interludespecific model in MEF and MEF Services Common Model matures appropriate mapping can be incorporated to accommodate specific service characteristics to the TMF APIs. In MEF LSO there is also NRM model being used for the Presto interface (derived from ONF). The NRM model is assumed to be out of scope for Ext-API unless there is a cross-layer interaction between SOF in SP domain and ICM in Partner domain is required.
There are other aspects of Modelling wherein the Partner Service and Resources need to be represented in an Abstract manner without sharing confidential information. Additionally, there are requirements to represent Partner registration data including connectivity details, Catalog, Inventory access details etc. One more aspect to be considered is the list of Management Services (Management APIs) that are supported by either party and how this information is discovered and maintained in the registration data.
There was related discussion as part of Casablanca CCVPN use case for representation of cross domain logical link ( ONAPARC-177 - Getting issue details... STATUS ) in inventory where in one of the input from Architecture subcommittee was to consider representing partner as a PNF. Additionally there was also a recommendation to consider primary and subordinate relationship between SP and Partner.
Summarizing above there are two types of models to be considered with high level information of potential data to be maintained at run time and design time.
- Design time model :
- Partner as an abstract resource placeholder for management connectivity details - Currently this is represented as SPPartner Resource in SDC and A&AI. TMF 632 gives a reference to Organization Resource
- Role of the Partner - Primary or Subordinate (Mastership Relation)
- Partner activation status
- Services subscribed
- Related business agreement/policy
- Run-time Model :
- Partner abstract resource model with runtime connectivity parameters such as session details
- Partner provided services as an association between Partner abstract resource and Service IDs
- Partner consumed services as an association between Partner abstract resource and Service Specifications (SDC Model ID)
- Partner connectivity state
- Mastership status
- Partner Subscriptions (Hub Resources)
- Partner Service State
- Partner Service Performance (future)
- Partner Service Faults (future)
- Partner Service Health
Operational Threads
Referring to the MEF 55 Operational Threads as documented here, there are two levels of interactions between service provider and partner - at the Business Application level (over SONATA reference point) and SOF level (over Interlude). The SONATA reference point is out of scope for ONAP, however, the interactions over interlude will have some dependency over the interactions on Interlude reference point. As per the operational thread given above, following are the interactions at SONATA and Interlude reference point
SONATA (BUS<->BUS)
- Serviceability Enquiry and Quote Request/Response
- OPTION A: Product Order Request/Response
- OPTION B: Product Order for interfaces, network functions or connectivity
Interlude (SOF<->SOF)
- OPTION A: Service Request for configuration of interfaces, network functions or connectivity
- Connectivity and Performance Testing for the Partner Service
- Reconfigure Partner Service
- Request Performance and Fault Information for Partner Service
There are two options of interactions between SP and Partner
Option A: A product order is placed on the SONATA Reference Point and a separate Service Configuration request is sent over Interlude Reference point
Option B: Product order is placed on the SP, the business application layer creates a separate Product Order over the SONATA interface to Partner for the creation of interfaces, NF and connectivity.
The first case may be more suitable when the Service fulfillment request needs to be controlled by the Business application layer and any dynamic control need to be handled by the SOF level. Second case is more suitable when the Business application layer needs to control all type of interactions between SP and Partner.
In Casablanca release in the absence of the SONATA interface in ONAP a variant of OPTION A is being implemented without the service configuration. Additionally, the interaction is at a service order level rather than product order level. While this can continue in future releases, the scope of interlude is more focused on Service Configuration than Service Creation.
Interlude Scope as per MEF55
Referring to MEF55 document the Interlude reference point is used by Service Orchestration Functionality to request initiation of technical operations or dynamic control behavior associated with a Service with a partner network domain. The dynamic control (Service Control Orchestration) behavior is elaborated in section 8.2.3 of MEF55 as
- Scheduling, assigning and coordinating service control related activities;
- Undertaking necessary tracking of the execution process of service control requests;
- Adding additional information to an existing service control request under execution;
- Modifying information in an existing service control request under execution;
- Modifying the service control request status, and indicating completion of a service control request;
- Canceling a service control request; - Monitoring the jeopardy status of service control requests, and escalating service control requests as necessary;
- Instantiating, when appropriate, an event for the billing system to capture the policy-constrained change.
MEF55 also differentiates Order Fulfillment Orchestration, Service Configuration and Activation, Service Control Orchestration. While Order Fulfillment Orchestration deals with establishing or modifying a service through the ordering process, Service Control permits the service to be dynamically changed within specific bounds described in policies that are established at the time of ordering. After a service is provisioned and established, LSO may enable Service Control to Customers/parties, such as the ability to modify attributes subject to schedule policies and service constraint policies with for example specified ranges of valid values. Service Control relates to capabilities such as turning on or off connections, throttling bandwidth or other QoS characteristics, etc.
So considering the scope in MEF55, Interlude reference point is primarily used for Service Control Orchestration. Here Service Control Orchestration is considered to be an activity enabled after service is being provisioned. Note that service order management is not defined in the scope of MEF Interlude but expected to be carried over the SONATA interface (Product Order Management) and Legato (Service Order Management, Service Catalog Management).
While this clearly defines the scope of Interlude, there may be consideration of API and additional capabilities that a specific API supports in addtion to the defined scope. For example while the interlude reference point is meant for Service Configuration and Control for an already provisioned Service, use of Open API like TMF 641 (Service Order Management) at Interlude reference point may bring in additional capability of creating a service if either parties support such interactions.
MEF Interlude Interactions
The interactions factored in the MEF Interlude Reference point are as follows
- Service Provider controls aspects of the Service within the Partner domain (on behalf of the Customer) by requesting changes to dynamic parameters as permitted by service policies.
- Service Provider queries the operational state of the Service.
- Service Provider requests change to the administrative state of a service or service component (e.g. Service Interface)
- Service Provider requests update to defaulted service parameters which are allowed to be customized (policy-controlled)
- Service Provider requests the creation of connectivity between two Service Interfaces as permitted by established business arrangement.
- Service Provider provider queries the Partner's Service Inventory for services provided by the Partner to the Service Provider.
- Service Provider receives Service specific event notifications from the Partner.
- Service Provider receives Service specific performance information from the Partner.
- Service Provider requests test initiation and receive test results from the Partner.
The green one's are interactions currently supported in External API across SP-Partner in the CCVPN use case. In addition to the above-listed capabilities Ext-API also supports following interactions
- Service Provider Queries the Service Catalogue for the offered Services by Partner
- Service Provider places Service Order for a Service offered by Partner
The last two interactions are not specifically scoped as part of Service Control Orchestration in MEF55, but being supported for CCVPN use case in the absence of a SONATA interface at the Business application layer. As described above, while Interlude scope is limited to Service Configuration and Control, the API used for the interaction across the SP-Partner can be TMF 641 - Service Order Management as this API provides an option to include multiple Service request in a single API call, unlike in TMF 640 wherein each Service request need to be split as separate API invocations. Alternately partner domain Service Configuration and Control can also be initiated through a work order supported through the TMF 655 Change Management API. However, work order based change management is not considered to be a real-time process and incurs delay based on the SLAs agreed. For the Service Control requirements, which are mostly real-time in nature, TMF 655 may not be appropriate. The selection of appropriate API will be based on directions by EUAG architecture subcommittee.
Interlude Related Work Items in MEF
Following documents give details of the current work items being developed as part of MEF Interlude.
Note: To be verified by MEHMET TOY
- Interlude Guidelines: Gives the high-level scope of Interlude
- Access E-Line CIR Change Process Flow: Highlights the interactions between SP and Partner for CIR change for a provisioned e-line service over the interlude reference point leveraging the service configuration.
- Access E-Line Service Information Model: Based on MEF MCM (Mef Core Model), with extensions to be used for elastic service levels and service schedule
- Business Requirements and Use Cases for Access E-Line Service Control
- MEF LSO Interlude Activation API
Standardization Work
Characteristic | ETSI | MEF | TMF | NGMN | ONF | IETF |
Use Case | NFVIaaS | Access E-Line + MEF-62 (May 2018) | NaaS | 5G Slicing | Inter Cluster ONOS Network Application (Collaboration withONOS) | Mainly transport network traffic engineering based on the multi-domain path computation |
Focus Area | Federation across MANO (virtualization domain) and ZSM Management Domains | Service Orchestration Function Federation – Focus on Service Layer | ODA : Autonomic Management interoperability across AD or Operational Domain interoperability – Focus on Service Layer | Slicing Management function interoperability, resource, and service Layer interoperability | •Cross Stratum Orchestration – end-to-end orchestration, abstraction and resource optimization across different SDN Controllers serving specific domains. | ACTN (Abstraction and Control of Traffic Engineered Networks ): Coordination of network resources across multiple independent networks, multiple technology layers, SDN & Non-SDN, Network abstraction, Network Slicing |
Scope | Interaction between MANO instances in different administrative domains , interaction across management domain in ZSM | Interaction between SOF function between operator and partner domains in LSO architecture | Interaction between Operational Domains through TMF Open API, Interaction between autonomic management functions | Interoperability between Slice management functions , service and resource layers | Orchestration of connectivity service that includes resources from several different domains, Coordinate service activation , monitor ongoing service | Multi-domain coordination, Network abstraction, Customer request mapping, virtual service coordination |
Standard Interfaces/Reference points | Define a new Or-Or interface for inter orchestrator federation | MEF Interlude Reference point | Open API for inter-domain interaction – specifically TMF 641, 640, 645, 656, 653, 677, 633 | None | Cross Stratum Orchestration CPI interface between CSO Controller and Domain Controller – TAPI | MPI – Interface between Multi-domain network controller and provisioning network controller – use NetConf Yang |
Relevance in ONAP | Interaction between NFVOs across Administrative domains assumingCatalogueis synchronized – ETSI Os-Ma or Or-Or interface | Interaction between SOF (ONAP Ext-API + SO) in two administrative domains through TMF APIs | Mostly Open API for interaction across Administrative Domains | General vision on Slicing across multiple domains | View on interaction between Orchestration and Controller functions across administrative domains. Use of Yang Models and TAPI | View on the interaction between Controllers in multiple administrative domains. May not be relevant for Ext-API but may be useful for ONAP in general |
Opensource (including ONAP) Work
Characteristic | OSM | ONAP | 5GEx |
Use Case | No specific use case | CCVPN | Many (NFVIaaS, VNFaaS, SlicingaaS etc) |
Focus Area | Interoperability between functional blocks across different domains | Federation across two operators ONAP instances for Service instantiation enabled through Ext-API | Federation in a multi-domain multi-layer orchestration scenario |
Scope | Interoperability between federated Functional blocks at different layers – i.e SO and RO, SO and SO etc. | Interoperability between Orchestration function and Ext-API across operator domains | Covers federation across multiple layers including business, orchestration and resource layers |
Standard Interfaces/Reference points | No standard interfaces, but SO expose SOL005 interfaces as of Release 3 | TMF 641 exposed by Ext-API | At NFVO layer 5GEx suggests the ETSI MANO specific interfaces, At RO layer, suggests NetConf/Yang |
Current capabilities in ONAP External API with respect to Interlude Reference point is elaborated in the presentation by Adrian here. To summarize the capabilities, currently Ext-API supports following types of interactions between Service Provider and Partner (specifically in the context of CCVPN use case, but can be applied in the case of other similar use cases as well
Note: To be verified by Adrian OSullivan
- End to End Service is Designed in SDC on SP and Partner side and independently distributed to the respective runtime environments
- SP or Partner details are prepopulated at respective inventories (A&AI) as customer of the service
- A service order is placed on the SP side ONAP instance using the Ext-API Service Order API (TMF 641) - using the UUI portal
- External API decomposes the service order to individual service order items and passes the service order items as a request for service creation to SO
- SO check the resource requirements - on encountering the SPPartner resource, a new Service Order request is constructed with information available in the SPPartner identifier in the service instantiation request
- SO places an order directly on the Ext-API of the partner and receives a Service Instance identifier in response
- SO keeps polling the status of Service instance until service is created/failed on the partner side
- SO update the SPPartner instance in inventory with the service instance details
Following are some of the shortcomings in the current capabilities
- Services need to be independently designed and distributed on both SP and Partner side
- SP and Partner need to be aware of the Service Specification id to be used while placing the order from either side
- SO from SP side directly invokes Ext-API on the partner side, not following the separation of concerns - i.e ideally the Service Order management should be limited at the Ext-API layer and Ext-API should act like a gateway between SP and Partner those are governed by contracts
- There is no contract or policy based interaction control between SP and Partner
- The scope of interaction is limited (Placing an Order and checking the status of the Order)
This is a draft . To be updated later
While the scope of the current study is limited to short-term Interlude specific capabilities to be supported in Ext-API project and corresponding dependencies, there is also a need to set the long-term scope. Ideally, this requirement should come from the EUAG or the contributors from operator organization. Following are some of the areas identified during the discussions in the Ext-API project. These areas need to be further studied in collaboration with PTLs and EUAG. Note that all these areas are focused onthe interaction between a Service Provider and Partner(s)
Business Cases
- NFaaS (Network Function as a Service)
- NaaS /SD-WAN
- SlicingaaS
- MVNO Scenario
- Connectivity as a Service
- NFVIaaS
- Application as a Service (For Edge scenarios)
Operational Use Cases
- Dynamic Service Control
- Query Service State
- Update Service
- Request Connectivity Service (across two Service interfaces)
- Query Service Inventory
- Receive Service Notification
- Receive Service Performance Update
- Initiate Service Test
Interlude specific considerations
- Layers of interaction, Separation of concerns: Whether to limit the interaction between SP and Partner through a specific layer - for example, Ext-API or support interactions across layer - i.e to support interaction between Ext-API in the Service Provider domain and SO or Controller in the Partner domain. What kind of APIs are used for such interactions?
- Security: Securing the interaction between Service Provider and Partner based on a predefined contract and policy
- Business contract - Policy: Business contract agreed between Service Provider and Partner that will govern the interactions
- SLA Management: The components and method for monitoring and managing SLA including the closed control loop across service provider and partner domains
- Inventory/State Management, Consistency Check, Identity mapping: How inventory across two domains are represented in respective domains, how it is reconciled and how the consistency is checked.
- Direction of interaction : SP to Partner and Partner to SP (as governed by Policy)
- Interface/API – Reference Specification: What standard APIs to be supported over the Interlude reference point
- Licenses: How licenses are controlled across SP and Partner domains, What are the impacts and associated fulfillment implications due to resource licenses.
- Modelling impact: Interlude impact on Modelling work - especially the representation of Partner resources, reachability information, configuration.
- Integration: Requirements for the integration between SP and Partner components via standard APIs, channels for event and performance data collection, reconciliation
- Interoperability: Interaction between SP and Partner, with either one of them having an ONAP instance
- ONAP Role: Assigning roles - such as master, slave to ONAP considering deployments at SP and Partner domains -specifically for coordination of end to end service orchestration and data collection.
Best Practices and Standard Alignment
- ETSI GR NFV-IFA 028 V3.1.1 (2018-01)
- ETSI ZSM
- MEF LSO Interlude (link)
- Contributions by Mehmet and Jack
- TMF ODA
- ONAP CCVPN Use Case
- 5GPPP 5G-Ex Project
Operator/EUAG
- Do we need to consider intraoperator multi-administrative domain interaction – i.e communication across different instances of domain orchestrators (ONAP or non-ONAP) belonging to the same operator?
- Do we need to limit the scope of Interlude to Service Control, Activation, and Configuration or include Service Order Management?
- Use Cases: What use cases we should consider for the interlude specification? Generic Operational use cases (Service activation, query etc) or Specific Business use case ? (NaaS, NFaaS, Access E-Line etc) – Short term and Long Term Target?
- Consideration for interaction between ONAP and non-ONAP (Legacy) Management system across operator domains
- Strategy for closed-loop control (Assurance) – Who will manage? Partner managed or SP managed
- Resiliency requirements for inter-operator management connectivity – Failover mechanisms
- Do we need to consider inter-dependency of Interlude and Legato/Sonata interface? (for example contract)
- Service Impact Assessment - Need for doing a Service impact analysis before any operation over the interlude
- Need for Service Change Management: Interlude operations to be initiated as work order through a Change management API (e.g. TMF 655) - Is this the practical mode of operation? Or expect a more dynamic service control operation?
- Dynamic or Static workflows to be supported to accommodate Interlude operations (SO and beyond)
- Direction of interaction - Do we need to consider direction of interaction (SP initiated or Partner initiated) ? OR assume the initiator of the request over interlude is always the SP ? i.e Do we need to always have a client and server at either end of the administrative domain ?
- Initial View : The interaction should be always initiated by the SP admin domain. Ext-API should have flexibility to act like a client or server of request.
- Need for distribution of policy across administrative domains - Policy FW currently supports PAP, PDP level functional decomposition. Assuming PAP is managed by SP and PDP functionality deployed at SP and Partner ONAP instances, do we need to consider distribution of policy across admin domains ? Is this relevant in interlude ?
- Initial view : This is beyond scope of Ext-API or interlude
- Need for supporting ETSI Or-Or interface (ETSI SOL011) at Ext-API level or it can be supported as a component level (SO or VFC) east-west API
- Update from Ext-API meeting 11/14: This is not in the scope of Ext-API and should be handled by an ETSI compliant NFVO function in ONAP (VF-C for example)
Architecture Subcommittee
- Onboarding and distribution of SP and Partner Service Descriptors - Controlled by separate SDC instances or by common SDC instance
- Catalog and Inventory Management – Strategy for 1) onboarding the catalog with service specification across interdomain boundaries 2) Reconciliation and aggregation of inventory at each domain – Pull vs Push model
- ONAP specific terminology: Different SDOs follow different terminology e.g. operator interoperability, domain interoperability, administrative system interoperability etc.
- Cross-layer interaction requirement and the need to accommodate this as part of interlude scope: for example OOF layer of SP need to interact with Multi-VIM of Partner for resource utilization, SDNC of partner sharing data to DCAE of SP (both not via Ext-API interlude but inter-component APIs) – Is this model valid (MLPOC as per ETSI IFA028 )
- Federation vs Delegation
- Update from Ext-API meeting 11/14 : Only a federation method is considered for Ext-API
- Federation actors and Roles: What type of provider roles we should consider ? Infrastructure provider, Connectivity SP, Partner SP, Master/Slave), Do we also need to consider different layers of partners – infrastructure, connectivity etc.
- Update from Ext-API meeting 11/14: Interlude scope is at service layer. So infrastructure, Connectivity etc is irrelevant and as long as the interaction is limited to the service, there is no need to differentiate the layers
- Update from Ext-API meeting 11/14: Interlude scope is at service layer. So infrastructure, Connectivity etc is irrelevant and as long as the interaction is limited to the service, there is no need to differentiate the layers
- Need for including the Business layer interactions within the scope of interlude (for example dependency on Service Policy), Service Creation (in the absence of Business Application)
- Separation of concerns: All external facing interactions to be managed via External-API, Should SO be Service Order aware?
- Need for supporting Or-Or interface over the interlude reference point
- Authorization and Authentication : Currently AAF supports both, but can we use this across administrative domains. Policy framework provides Guard Policies for Access Control configuration. Which component is appropriate for controlling the interactions between SP and Partner - AAF or Policy ?
- Mastership Management : Should Ext-API assign mastership roles for getting exclusive right to initiate request over interlude ?
- Update 11/14: The mastership is always with SP system. Right now the interlude scope is between systems in two administrative domains. So Ext-API need not consider this as a requirement.
- Update 11/14: The mastership is always with SP system. Right now the interlude scope is between systems in two administrative domains. So Ext-API need not consider this as a requirement.
Modeling Subcommittee
- Service Model Impact: Service hierarchy in the Service model – i.e Composite or Nested Service, Constituent Service – How the service model is decomposed and distributed to operator and partner domains? Any pattern to follow? Or based on request attributes?
- Representation of Partner Service and Resources , Partner Registration data, Policy, Service associations between SP and Partner in Inventory
- Use of Allotted Network Function vs SPPartner for representing Partner Service
- Data Model Alignment for Ext-API : TMF vs MEF vs ONAP runtime model
- SPPartner and ANF have similar functionality - Are they redundant ?
Security Subcommittee
- Security mechanism to be established between parties - Recommendations and guidance
- Regulatory guidance : What kind of regulatory checks to be incorporated
Project team input
- SO: Plan for supporting Service configuration, Service change - What REST APIs to use PUT or PATCH of Service or a dedicated action
- Policy: Representation of confguration policies for cross operator interaction, representation of constraints for scheduling operations on Interlude
- SDC : Modelling and managing Partner services, service access points, distribution of service
- A&AI : Representation of partner resources and services
External API Requirements for supporting Inter-Provider API
Roles / Actors
- SP A(ONAP deployment)
- Administrator: Manages lifecycle of Services and initiates operations over the inter administrative domain interface
- Operation Engineer: Manages operational tasks like distribution of packages, manage/process work orders
- Designer: Onboard VNF packages and designs Service Package
- Tester: Verifies the Service package and approves the package for distribution
- SP B (assuming anon-ONAP deployment)
- Administrator: Manages lifecycle of Services and initiates operations over the inter administrative domain interface
- Operation Engineer:Manages operational tasks
- Partner A (assuming an ONAP deployment)
- same as for ONAP SP
- Partner B (assuming anonONAP deployment)
- Administrator: Manages lifecycle of Services
- Operation Engineer :Manages Operational tasks
- SP A(ONAP deployment)
Types of Interactions
Scenario 1: Both SP and Partner have ONAP
Scenario 2: SP uses Non-ONAP solution and Partner uses ONAP (SP is the Master for all interactions - ONAP at Partner domain is Subordinate)
Scenario 3: SP uses ONAP solution and Partner uses non-ONAP solution (SP is Master)
General User Stories
- As a Designer in SP A ONAP, I shall be able to design a composite hybrid service with constituent services that may be realized by SP or Partner, so that I can design the services as per business need.
- As a designer of the SP A ONAP I shall be able to represent the access mechanism with end-point URL, security credentials in the partner service abstract model, so that unauthorized access to partner domain can be avoided
- As a designer of SP A ONAP I shall be able to create configuration policies that represent access rights, allowed management operations, overall interaction controls so that I can abide by the business agreement between the SP and Parties.
- As an Operation engineer of SP A ONAP I shall be able to dynamically register Partner API gateway on the A&AI Inventory so that reachability information to Partner can be configured on demand
- As an administrator of SP A ONAP I shall be able to query on boarded Services in the Partner Service Catalog via the SP A External API so that the correct service specification can be verified with the abstract model maintained locally
- As an operation engineer of SP A or Partner A ONAP, I shall be able to configure set of management operations that can be accessed on the partner side, so that unsubscribed operation access can be avoided
- As an administrator of SP A ONAP I shall be able to query the instantiated services in the Partner Service Inventory via the SP A External API so that state, configured service characteristics of the instantiated services can be verified and reconciled with the local inventory.
- As an administrator of SPA ONAP I shall be able to place a request for Service Configuration on Partner API gateway via the SP A External API with appropriate Service Characteristics as defined in a Service Specification so that desired end to end service requirement can be fulfilled.
- As an administrator of SP A ONAP I shall be able to enforce the policies for accessing the Partner API gateway from SP A External API so that I can manage the ongoing operational requirements.
- As an operations engineer of SP A ONAP I shall be able to define the filter and transformation rules that govern the API requests so that I can route the request to appropriate domain.
- As an administrator of SP A ONAP, I shall be able to register for Service notification on the Partner API gateway for receiving any notifications related to Service Configuration and Control Request so that requests placed on the Partner domain can be monitored in an asynchronous manner
- As an administrator of SP A ONAP I shall be able to manage life cycle of collectors for receiving the performance related statistics (this can be SLA update) from the Partner API gateway so that performance metrics associated with Partner Services can be collected on demand
- As an operations engineer of SP A I shall be able to uniquely identify Service models in the SP domain and Partner domain so that any internal changes to service models is handled by appropriate mapping within respective domains.
Service Configuration and Control Stories
- As a designer of SP A or Partner A ONAP, I shall be able to identify and represent service characteristics that can be modified on demand so that any unnecessary service impacting changes can be avoided
- As an administrator of SP A ONAP I shall be able to schedule Service Configuration request through SP A External API to be executed and forwarded to Partner API gateway so that I can ensure optimal execution of request based on the desired condition.
- As an administrator of SP A ONAP I shall be able to lock or unlock a partner service configuration and control through SP A External API so that any service impacting configurations or simultaneous access by multiple users can be avoided
- As an administrator of SP A ONAP I shall be able to assign mastership of the Partner Service (Partner owned, configured or SP owned configured) to SP A or Partner so that Service updates are carried out in a consistent manner
- As an administrator of SP A or Partner A ONAP, I shall be able to check the feasibility of Service configuration and control on the Partner domain so that I can ensure that the subsequent configuration request can be fulfilled without issue
- As an administrator of SPA ONAP Is hall be able to activate or deactivate a Service on the Partner domain via the SP A External API exposed REST APIs so that the partner services can be used during desired period and desired condition.
- As an administrator of SP A ONAP I shall be able to check the status of a Service Configuration and Control request placed on the Partner API gateway in an asynchronous manner so that state of the service can be updated in the inventory
- As an administrator of SP A ONAP I shall be able to retry a Service Configuration and Control request on the Partner API gateway or recover from the error by executing a predefined recovery logic so that Service jeopardy condition can be mitigated.
S3P Related stories
- As an administrator of SP A I shall be able to initiate the request to Partner over a secure channel so that my requests have not tampered and I can ensure that the request reached the intended endpoint
- As an Operation Engineer of SP A I shall be able to assign role-based access for the interaction with Partner administrative domain so that unintended request initiation can be avoided
- As an Operations engineer of SP A I shall be able to manage the credentials of accessing the Partner accessing the domain so that the access can be controlled and restricted.
- As an Operations engineer of SP A I shall be able to log, audit the access attempts and requests to Partner administrative domain so that any unintended access attempts can be traced and reported.
Component Specific Requirements (To be elaborated in detail later)
ONAP Component | Requirement |
---|---|
Ext-API |
|
SO |
|
SDC |
|
Policy |
|
AAF |
|
Requirements
Study how we can control modification requested at Interlude level – they are at least 2 subtopics there:
- Identify where the information could be managed within ONAP (in SDC ? have attribute change value and state change authorized at SOF-SOF interaction level ?)
- Explore if External API can be used by internal ONAP Components as a proxy to talk to external Partner ( e.g. ONAP 1 SO call ONAP 1 ExtAPI, then ONAP 1 ExtAPI call ONAP 2 ExtAPI ) i.e. ONAP internal components can communicate securely internally, External API act as proxy to forward request ( e.g. Service Order ) to Partner ( maybe a Partners ONAP External API Framework ).
- Define the API (resource model) that allow the system to request ‘authorized’ service modification (Policy API ?)
Dependency on other projects
- No labels