We start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
Agenda
START RECORDING
Duration
Agenda Item
Requested by
Notes / Links
Duration
Agenda Item
Requested by
Notes / Links
30 mins
Cross-project discussion
This meeting is reduced to 30 minutes
host: @Byung-Woo Jun
ONAP and LFN Collaboration
@Byung-Woo Jun
Discussions between Arpit Joshipura, Byung-Woo Jun, Jill Lovato, Louis Illuzzi and Sunny Cai:
Highlight the value proposition of ONAP, including overall statistics (e.g., contributors, LOC, etc.) over its lifetime.
Provide deployment examples with links to DT, CMCC, China Telecom, Huawei, Ericsson, AT&T, TATA, Capegemini and others: hope we can finish our input for LFN by February 20th.
DT plans to deploy selected components into production environment (TNAP) this year - discussed during D&TF last year and in several TSC meetings
China Mobile & GenAI, @Keguang He , please summarize how China Mobile uses ONAP
China Telecom - using fork of ONAP (?) (presentation from 2024), @Dong Wang , please summarize how China Telecom uses ONAP
AT&T use case; Dan Timoney, please summarize how AT&T uses ONAP
What is Ericsson doing and why? Byung-Woo Jun , please summarize how Ericsson uses ONAP
Ericsson (input from Ramesh Murugan Iyer and Toine Siebelink)
Ericsson's new SMO offering is known as EIAP (Ericsson Intelligent Automation Platform) where the non-Real time RIC features are provided by the EIC (Ericsson Intelligent Controller) component. EIAP aims to provide advanced automation and orchestration capabilities for diverse RAN environments (both traditional and ORAN).
Policy-clamp component from the ONAP Policy Framework plays a major role in the EIC functionality within EIAP. Policy-clamp is responsible for the lifecycle management of rApps in EIC and works in conjunction with EIC adapter microservices to ensure complete lifecycle management of rApps. Additionally, EIAP is also considering the use of the opa-pdp component from ONAP's Policy Framework within their coordination-management component . This discussion is currently at an initial stage; however, opa-pdp has strong potential for integration into the coordination-management use case.
CPS/NCMP, which is part of Ericsson EIAP, provides the transparent proxy to multiple RAN OAM CM SMOS. It exposes the 3GPP ProvMnS, which serves as the foundation for RAN OAM CM.
Huawei, @zhuguanyu , please summarize how Huawei uses ONAP
Capgemini, Viresh Navalli, please summarize how Capgemini uses ONAP
Tata, please summerize how Tata uses ONAP
Emphasize the product integration of ONAP
Use headlines like: "From Control loops and Intent-based to full AI Orchestration and Management."
Highlight security contributions, such as those provided during the OPS 5G project by US Government for Networking slicing
Byung-woo Jun plans to add details about ONAP's service mesh and Ingress architecture and implementation
Mitre, NSA might be able to provide some info
Address past criticisms of ONAP being too large and complex by emphasizing recent efforts, such as "streamlining microservices and modules, archiving legacy software, etc."
Byung-Woo Jun explained the ONAP Streamlining Evolution initiative to address these concerns
Has gone from a full “platform” to a collection of “network automation components”
Byung-Woo Jun, created a page for ONAP DTF DAYs 2025; we plan to collect ONAP DTF session topics here before presenting them to LFN, and schedule for the event.
TSC Strategy
@Byung-Woo Jun
PTL input?
Byung-Woo Jun presented the brainstorm at the TSC meeting this week.
Brainstorm:
Ensure ONAP core components are focused and operate independently, from build to runtime
DT finishes Argo-CD based component independent deployment: @Andreas Geißler
Argo-CD is a DT choice, but ONAP can allow other CDs, e.g., Flux (need contributors)
DT plans to productize some of the selected ONAP core components early next year in their TNAP production environment
Declarative and Intent-based component operations by the Repository-based Network Automation : see the ideas from ONAP Architecture Evolution - 2025.pdf
Make ONAP core components more autonomous and ready for use by both ONAP, LF and other external users
During New Delhi and Oslo releases, CPS and Policy achieved the OpenSSF Gold Badging status. Kudos to the team!
Continue to promote/facilitate other ONAP core components for the Gold Badging status (e.g., UUI, SDNC, A&AI, Portal-NG)
@Dan Timoney , @Keguang He@Fiete Ostkamp : are you interested in this Gold Badging?
Incorporate more GenAI capabilities and use cases to the ONAP components, and promote the adoption of open-source LLM models and frameworks aligned with LF AI & Data and GenAI Commons
Collaborate with LF AI & Data GenAI Commons and Nephio GenAI for 5G and 6G
Open-source based models and controls
AI-Based Control Loop: @Dong Wang
AI Model-As-A-Service : @Keguang He
ETSI ISG NFV compliance for AI?
Foster inter-community collaboration with other LF communities, such as O-RAN and Nephio
SDNC enhancements (which is used by O-RAN OAM as is): @Dan Timoney
Resource-based Orchestration Pattern (leveraging CD and Operator)
Energy saving / monitoring : @N.K. Shankaranarayanan
Ensure the security of ONAP components and operations : @SECCOM
The latest security mechanism for communications (service mesh enhancements leveraging Istio and coming Ambient Mesh)
Deprecate unused sub-components and mitigate security vulnerabilities
Define a secure LFN CI/CD pipeline by leveraging OpenSSF-associated reference tools : @SECCOM
Kevin Sandi, will check with Matt and estimate the effort
Kevin and Matt will discuss and get back to us.
SECCOM will review the Java 21, Python, and Maven upgrades from the security perspective.
Paweł Pawlak, will explore the current status of versions; will discuss this further at the SECCOM; scanner from the weekly pipelines may help?? Andreas Geißler, will check; Docker image is hard corded.
Golang scanning: waiting for Nexus; Kevin Sandi, will raise a support ticket for Nexus golang support.; no much update here; there is a feature request already by someone else; will monitor the progress.
How to deal with vulnerabilities. e.g., SDC, UUI - Angular dependency issues. Also, MPM;
SECCOM discussed these issues with PTLs at the next SECCOM meeting
Ramesh Murugan Iyer, Policy team will check vulnerabilities on direct dependencies; may need to open a ticket for the product (Sonatype) company; Kevin Sandi, asked Murali to send the test results before raising tickets; CycloneDX-based SBOM; may need a conversion between CycloneDX and SPDX;
So far, LFN supports SPDX only for their pipeline SBOM. SECCOM will discuss it further with the LF team. We need a conversion between CycloneDX and SPDX.
Kevin Sandi, the sonatype is already working on this issue. we need to monitor it, waiting their response.
report from Murali about kafka; Kevin Sandi is fixed and waiting for Murali's confirmation.; Kevin is waiting for Murali’s confirmation; asked Murali to fix some vulnerabilities, then we can close it.
@Fiete Ostkamp , Nexus scan action discussion with Matt; Matt is working on it, may return back in 2-3 days to Fiete; will let us know.
Update Jiras
Paris Package
@Amy Zwarico
@Paweł Pawlak
@Toine Siebelink
For the Paris release features, we need to discuss the package updates; who is doing what?
Note: PTLs, thank you very much for closing the package update.
Note: SO, SDC, MultiCloud and DCAE (without PTLs) are open; DT offered their help on SDC, MultiCloud and DCAE. Thank you very much!!! @Andreas Geißler , any update / plan? Thanks.
Note: SO does not have a new feature for Paris. Sanket will check the SO Package Upgrade
DB-operator use issue (shrikant dhakalu tarale); some parts were fixed
Tata is testing Docker Image handling implemented by the Integration team; some issues on testing; Andreas Geißler is investing this; will give some updates
@Andreas Geißler , working on helm charts update for supporting both ArgoCD and Flux.
@Fiete Ostkamp
Sonatype scanning reports from netxus-iq: some of the applications have not been scanned; need to clean up deprecated ones from the reports. @Fiete Ostkamp will issue a ticket to Matt.
NexusIQ V Spreadsheet
@Amy Zwarico
Amy’s presentation the NexusIQ vulnerability spreadsheet management to PTLs
Testing Environment
Testing Improvement
CSIT Review
ToolChain Improvement
Documentation
Other Improvement suggestion
Sharing Best Practices
IF TIME ALLOWS ....
15 mins
Release status
5 mins
Upcoming Events
@LJ Illuzzi
KubeCon+CloudNativeCon, and Open Networking & Edge Summit, next April 2025 in London
Call to Action- LFN is looking for both community members to help staff the booth, as well as project or collaborative demos that we can showcase in the booth.
2025 LFN Events- as per the guidance of LFN Governing Board
All projects can have a virtual dev event (with LF help) to focus on upcoming releases and strategy
A series of virtual workshops around a specific topic (to be determined by the TAC) - eg Domain Specific AI, Security, etc
next week PTL meeting
@Byung-Woo Jun
Next Monday is an US holiday. we will check if we have the PTL meeting or not. It is scheduled for February 18th at SECCOM. PTLs, please attend this. Thanks.