ETSI Package Management
- Byung-Woo Jun
Use Cases
ETSI Package Onboarding and Distribution
SOL004 VNF/PNF Package includes SOL001 VNFD/PNFD with the original vendor package will be distributed from SDC to SVNFM/External NFVO.
SOL007 NS Package includes SOL001 NSD with the original vendor package will be distributed from SDC to External NFVO.
SOL003 and SOL005 Package Management APIs will be used for the distribution.
SOL004 VNF/PNF Package Security will be supported by the package signature and certificate.
SOL007 NS Package Security will be supported by the package signature and certificate
ETSI Package Pre-onboarding validation
VNF SDK will support SOL004 VNF package pre-onboarding
VNF SDK will support SOL007 NS package pre-onboarding
Feature Descriptions
Feature | Description |
|---|---|
ETSI Package Management |
|
ETSI Package Security | If the vendor package includes signature and certificate, ONAP supports the package security.
|
ETSI Package Validation |
|
Epic and User Story
Epic | User Story | Description | Frankfurt? | JIRA |
|---|---|---|---|---|
Support ETSI Package Management onboarding and distribution | SDC supports ETSI package management (onboarding and distribution) and package security | Partially Done | SDC-2610: Support Onboard ETSI 3.3.1 SOL004 compliant VNF / CNF packagesClosed | |
SDC supports onboarding of the SOL004 VNF package includes SOL001 VNFD
|
| No | SDC-2611: Support for onboarding ETSI v3.3.1 SOL001 VNF DescriptorsClosed | |
SDC supports onboarding of the SOL004 PNF package includes SOL001 PNFD
|
| Yes | Done | |
SDC supports onboarding of the SOL007 NS package includes SOL001 NS |
| No | SDC-2612: SDC supports onboarding of the SOL007 NS package for VFC as the NFVOClosed | |
SDC VSP and Resource CSAR files include the original vendor package
|
| Yes | Done | |
The vendor package will be distributed from SDC to SVNFM/External NFVO
|
| Yes | - | |
Support ETSI Package Security and validation |
| Yes | ||
|
| Done | - | |
|
| No | ||
|
| Done | - | |
|
| Yes | - | |
|
| Yes | - | |
Support of ETSI Package Validation | VNF SDK will support ETSI package validation for VNF and NS | TBD | ||
VNF SDK will support ETSI VNF package pre-onboarding for validation | VNF SDK will support ETSI VNF package pre-onboarding for validation | TBD | ||
VNF SDK will support ETSI NS package pre-onboarding for validation | VNF SDK will support ETSI NS package pre-onboarding for validation | TBD |
ETSI Package Management Architecture
The diagram depicts the package management architecture.
SDC supports SOL004 VNF/PNF package onboarding, and stores the original vendor VNF/PNF package inside the SDC package
SOL004 package includes SOL001 VNFD/PNFD
PNF onboarding has been tested
VNF onboarding will be tested in El Alto / Frankfurt
SDC will support SOL007 NS package onboarding and store the original vendor NS package inside the SDC package
NS onboarding will be supported
This feature is postponed to the Guilin release
SDC supports VNF/PNF package management interfaces from OSS/BSS via SOL005 Package Management APIs (TBD)
SO supports NS package management interfaces from OSS via SOL005 Package Management APIs (TBD)
ONAP Runtime components store SOL004 Packages for their operations
For the SO case, SO stores SOL004 packages for VNF and PNF by leveraging the ONAP-ETSI Catalog Manager
For the SO case, SO stores SOL007 packages for NS by leveraging the ONAP-ETSI Catalog Manager
SOL003 VNFM Adapter provides VNFMs Query/Fetch VNF packages/contents/artifacts, Reading VNFD and subscription/notification services
SOL005 Adapter provides NS/PNF/VNF package management to VF-C/External NFVO by leveraging SOL005 package management APIs
ETSI Package Distribution Flows
Open Issues:
Will the external NFVO get the NS package thru ONAP-ETSI Catalog Mgr and SOL005 Adapter? <need input from Verizon>
SDC VNF/PNF Onboarding and Distribution
This section describes SDC VNF/PNF onboarding and the End-to-End package distribution from SDC to SVNFM/external NFVOs.
SDC takes the vendor provided package and adds some files or changes files and meta data according to SDC procedure.
SDC VNF/PNF Onboarding Procedure and Original Vendor VNF/PNF Package Handling
Enhancement (Ericsson contribution) was made to the SDC Dublin to support SOL004 PNF onboarding with .zip and .csar file extensions.
The enhancement can be used for VNF onboarding – it is being tested.
SDC VSP and Resource csar files have the ONBOARDED_PACKAGE, which contains the original vendor VNF package.
The VNFM and external NFVO use the original vendor VNF/NS packages.
ONAP-ETSI Catalog Manager will be changed for the location of the original vendor package.
At onboarding, SDC checks the file extension and performs the following procedures
If the file is .zip, SDC unzips
If it has .cert & .cms, it is a package with security and security validation will be performed.
If it does not include .cert & .cms, it is an existing Heat template onboarding, and SDC follows the Heat template onboarding procedure
If the file is .csar, it is a package without security.
Next, SDC will check the TOSCA.meta file.
If it contains SOL004v2.?.1 keywords, the package will be handled as SOL004v2.?.1.
Otherwise, it will be handled as existing TOSCA (non-SOL004) package onboarding which will not have the ONBOARDED_PACKAGE artifact.
SDC SOL004/SOL007 VNF Package Security
Among the SOL004/SOL007 VNF package security options, the SDC supports the option2 as depicted below. In the option 2, there are two ways to zip the VNF packages, and SDC supports both.
SDC validates the VNF packages based on the embedded signature and certificate by leveraging CA.
Vendor SOL004/SOL007 VNF Package with certificate and signature is onboarded into SDC
ZIP-format VNF package includes CSAR, Signature and Certificate
SDC validates VNF package based on the certificate and signature
SDC generates SDC internal model plus the vendor SOL004/SOL007 package CSAR and ZIP (with certificate and signature) – the supported format is TBD based on the security requirement
ETSI Package Distribution
ETSI packages will be distributed from SDC to other ONAP runtime components such as SO and VF-C. SO will store the packages to its ETSI Catalog DB and further distribute the packages to SVNFMs/external NFVOs thru the SOL003/SOL005 Adapters.
The original vendor package contents between the Adapters and SVNFMs/NFVOs could be one of the following.
Vendor package including certificate and signature (Zip format)
Vendor package without certificate and signature (CSAR format)
Open Issues:
Distribution of vendor VNF packages with certificates and signatures to SVFNM need to be sorted out.
Currently, VF-C supports CSAR-format without certificate or signature – TBD
The following diagram depicts the ETSI package distribution.
The following sequence diagram depicts the Package Information Flows.
Package Security
A VNF package uses the signature and certificate to ensure package integrity and validity. A CSAR file is digitally signed with the VNF provider private key. During the VNF package onboarding to SDC, SDC validates the package and then does the following:
Transform SOL001-based VNFD into SDC internal models
Store the original Vendor package into the ONBOARDED_PACKAGE directory
If the original vendor package is a zip file with signature and certificate, the ONBOARDED_PACKAGE directory will contain the zip file.
VNFM and VF-C will receive the zip-format file.
For Frankfurt, the SVNFM and external NFVO will receive a zip-format package with signature and certificate if the original vendor package contains signature and certificate.
SVNFM and NFVO will unzip the incoming zip package files and extract CSAR files from the zip package files without validation.
After the Frankfurt release, it is assumed that SVNFM and NFVO validate the incoming packages based on signature and certificate.