Use Cases

  • ETSI Package Onboarding and Distribution
    • SOL004 VNF/PNF Package includes SOL001 VNFD/PNFD with the original vendor package will be distributed from SDC to SVNFM/External NFVO.
    • SOL007 NS Package includes SOL001 NSD with the original vendor package will be distributed from SDC to External NFVO.
    • SOL003 and SOL005 Package Management APIs will be used for the distribution.
    • SOL004 VNF/PNF Package Security will be supported by the package signature and certificate.
    • SOL007 NS Package Security will be supported by the package signature and certificate
  • ETSI Package Pre-onboarding validation
    • VNF SDK will support SOL004 VNF package pre-onboarding
    • VNF SDK will support SOL007 NS package pre-onboarding 

Feature Descriptions

Feature

Description

ETSI Package Management
  • SOL004 VNF/PNF Package includes SOL001 VNFD/PNFD with the original vendor package will be distributed from SDC to SVNFM/External NFVO.
  • SOL007 NS Package includes SOL001 NSD with the original vendor package will be distributed from SDC to SVNFM/External NFVO.
  • SOL003 and SOL005 Package Management APIs will be used for the distribution.
    • SOL003/SOL005 Adapters passes vendor packages to SVNFM/NFVO
ETSI Package Security

If the vendor package includes signature and certificate, ONAP supports the package security.

  • SOL004 VNF/PNF Package security will be supported by the package signature and certificate
  • SOL007 NS Package security will be supported by the package signature and certificate
  • SDC will store the vendor package with signature and certificate in a zip format in the ONBOARDED_PACKAGE directory.
  • SO stores ONBOARDED_PACKAGE zip files in the ONAP-ETSI Catalog DB through ONAP-ETSI Catalog Manager APIs.
  • SVNFM/NFVO extracts the CSAR file from the vendor package 
    • For Frankfurt, extracting the CSAR without validation is allowed
ETSI Package Validation
  • VNF SDK will support SOL004 VNF package pre-onboarding for validation - optional
  • VNF SDK will support SOL007 NS package pre-onboarding for validation - optional

Epic and User Story

Epic

User Story

Description

Frankfurt?JIRA
Support ETSI Package Management onboarding and distribution


SDC supports ETSI package management (onboarding and distribution) and package securityPartially Done

SDC-2610 - Getting issue details... STATUS


SDC supports onboarding of the SOL004 VNF package includes SOL001 VNFD

  • VNFD onboarding is testing in El Alto, and its regression testing will be done
  • SOL004 VNF package onboarding is tested in El Alto
    • Further testing is necessary in Frankfurt
    • Mapping from SOL001 VNFD to SDC internal TOSCA template
    • Mapping from SOL001 VNFD to SDC AID DM is under consideration
No

SDC-2611 - Getting issue details... STATUS


SDC supports onboarding of the SOL004 PNF package includes SOL001 PNFD

  • PNFD onboarding is done and its regression testing will be done
  • SOL004 PNF package onboarding is done in Dublin
    • Mapping from SOL001 PNFD to SDC AID DM is done
YesDone

SDC supports onboarding of the SOL007 NS package includes SOL001 NS
  • SOL007 NS package onboarding will be supported
    • Mapping from SOL001 NSD to SDC internal TOSCA template needs to be done
    • Mapping from SOL001 NSD to SDC AID DM is under consideration
No

SDC-2612 - Getting issue details... STATUS


SDC VSP and Resource CSAR files include the original vendor package

  • This is done in Dublin and its regression testing will be done
  • Storing the original vendor package in the SDC CSAR is done
YesDone

The vendor package will be distributed from SDC to SVNFM/External NFVO

  • The vendor package will be stored at the ONAP-ETSI Catalog DB
  • SOL003 and SOL005 Package Management APIs will be used for the distribution
  • SOL003/SOL005 Adapters passes vendor packages to SVNFM/NFVO
  • Refer to the ONAP-ETSI Catalog Manager, SO ETSI Catalog Manager and SOL003/SOL005 Package Management use cases
Yes-

Support ETSI Package Security and validation

  • ONAP supports vendor ETSI Package Security and validation

    • If the vendor package includes signature and certificate, ONAP supports the package security
Yes

SDC-2613 - Getting issue details... STATUS


  • SOL004 VNF/PNF Package security will be supported by SDC, based on the package signature and certificate
  • ONAP SDC supports the package security
Done-

  • SOL007 NS Package security will be supported by SDC, based on the package signature and certificate
  • ONAP SDC supports the package security
No

SDC-2614 - Getting issue details... STATUS


  • SDC will store the vendor package with signature and certificate in a zip format in the ONBOARDED_PACKAGE directory.
  • It is done in El Alto
Done-

  • SO stores ONBOARDED_PACKAGE zip files in the ONAP-ETSI Catalog DB through ONAP-ETSI Catalog Manager APIs.
  • Refer to the ONAP-ETSI Catalog Manager and SO ETSI Catalog Manager use cases
Yes-

  • SVNFM/NFVO extracts the CSAR file from the vendor package 
    • For Frankfurt, extracting the CSAR without validation is allowed
  • SVNFM and External NFVO requirements on how to handle the zip-format packages
    • For Frankfurt, extracting the CSAR file without validation is allowed
Yes-
Support of ETSI Package Validation
VNF SDK will support ETSI package validation for VNF and NSTBD

VNF SDK will support ETSI VNF package pre-onboarding for validationVNF SDK will support ETSI VNF package pre-onboarding for validationTBD

VNF SDK will support ETSI NS package pre-onboarding for validationVNF SDK will support ETSI NS package pre-onboarding for validationTBD

ETSI Package Management Architecture

The diagram depicts the package management architecture. 

  1. SDC supports SOL004 VNF/PNF package onboarding, and stores the original vendor VNF/PNF package inside the SDC package
    1. SOL004 package includes SOL001 VNFD/PNFD
    2. PNF onboarding has been tested
    3. VNF onboarding will be tested in El Alto / Frankfurt
  2. SDC will support SOL007 NS package onboarding and store the original vendor NS package inside the SDC package
    1. NS onboarding will be supported
    2. This feature is postponed to the Guilin release
  3. SDC supports VNF/PNF package management interfaces from OSS/BSS via SOL005 Package Management APIs (TBD)
  4. SO supports NS package management interfaces from OSS via SOL005 Package Management APIs (TBD)
  5. ONAP Runtime components store SOL004 Packages for their operations
    1. For the SO case, SO stores SOL004 packages for VNF and PNF by leveraging the ONAP-ETSI Catalog Manager
    2. For the SO case, SO stores SOL007 packages for NS by leveraging the ONAP-ETSI Catalog Manager
  6. SOL003 VNFM Adapter provides VNFMs Query/Fetch VNF packages/contents/artifacts, Reading VNFD and subscription/notification services
  7. SOL005 Adapter provides NS/PNF/VNF package management to VF-C/External NFVO by leveraging SOL005 package management APIs


ONAP ETSI Package Management


  • ETSI Package Distribution Flows

OSS_BSS OSS_BSS SDC SDC SO SO ONAP_ETSI_Catalog_Mgr ONAP_ETSI_Catalog_Mgr SOL003_Adapter SOL003_Adapter SOL005_Adapter SOL005_Adapter VNFM VNFM VFC VFC Ext_NFVO Ext_NFVO 1Vendor SOL004/SOL007 package onboarding,including SOL001 VNF PACKAGE TO SVNFM 2ONAP internal package with theoriginal vendor CSAR/Zip 3invoke ETSI Catalog Manager, passing 4query the SDC CSAR with the SDC CSAR id 5extract SOL004 package CSAR/Zip from the SDC CSARand store it 6retrieve the original vendor CSAR/Zip 7forward the original vendor CSAR/Zip VNF PACKAGE TO Ext NFVO 8ONAP internal package with the original vendor CSAR/Zip 9store ONAP internal package with the original vendor CSAR/Zip 10query the SDC CSAR with the SDC CSAR id 11extract SOL007 package CSAR/Zip from the SDC CSAR \and store it 12retrieve the original vendor CSAR/Zip 13forward the original vendor CSAR/Zip VNF PACKAGE TO VFC 14ONAP internal package with the original vendor CSAR/Zip

  • Open Issues:
    • Will the external NFVO get the NS package thru ONAP-ETSI Catalog Mgr and SOL005 Adapter?   <need input from Verizon>


SDC VNF/PNF Onboarding and Distribution

This section describes SDC VNF/PNF onboarding and the End-to-End package distribution from SDC to SVNFM/external NFVOs.

SDC takes the vendor provided package and adds some files or changes files and meta data according to SDC procedure.

SDC VNF/PNF Onboarding Procedure and Original Vendor VNF/PNF Package Handling

  • Enhancement (Ericsson contribution) was made to the SDC Dublin to support SOL004 PNF onboarding with .zip and .csar file extensions.
    • The enhancement can be used for VNF onboarding – it is being tested.
    • SDC VSP and Resource csar files have the ONBOARDED_PACKAGE, which contains the original vendor VNF package.
      • The VNFM and external NFVO use the original vendor VNF/NS packages.
      • ONAP-ETSI Catalog Manager will be changed for the location of the original vendor package.

  1. At onboarding, SDC checks the file extension and performs the following procedures
    1. If the file is .zip, SDC unzips
      1. If it has .cert & .cms, it is a package with security and security validation will be performed.
      2. If it does not include .cert & .cms, it is an existing Heat template onboarding, and SDC follows the Heat template onboarding procedure
  2. If the file is .csar, it is a package without security.
  3. Next, SDC will check the TOSCA.meta file.
  4. If it contains SOL004v2.?.1 keywords, the package will be handled as SOL004v2.?.1.
  5. Otherwise, it will be handled as existing TOSCA (non-SOL004) package onboarding which will not have the ONBOARDED_PACKAGE artifact.

SDC SOL004/SOL007 VNF Package Security

Among the SOL004/SOL007 VNF package security options, the SDC supports the option2 as depicted below. In the option 2, there are two ways to zip the VNF packages, and SDC supports both.

SDC validates the VNF packages based on the embedded signature and certificate by leveraging CA.

  • Vendor SOL004/SOL007 VNF Package with certificate and signature is onboarded into SDC
    • ZIP-format VNF package includes CSAR, Signature and Certificate
  • SDC validates VNF package based on the certificate and signature
  • SDC generates SDC internal model plus the vendor SOL004/SOL007 package CSAR and ZIP (with certificate and signature) – the supported format is TBD based on the security requirement

ETSI Package Distribution

ETSI packages will be distributed from SDC to other ONAP runtime components such as SO and VF-C. SO will store the packages to its ETSI Catalog DB and further distribute the packages to SVNFMs/external NFVOs thru the SOL003/SOL005 Adapters.

  • The original vendor package contents between the Adapters and SVNFMs/NFVOs could be one of the following.
    • Vendor package including certificate and signature (Zip format)
    • Vendor package without certificate and signature (CSAR format)
  • Open Issues:
    1. Distribution of vendor VNF packages with certificates and signatures to SVFNM need to be sorted out.
    2. Currently, VF-C supports CSAR-format without certificate or signature – TBD
  • The following diagram depicts the ETSI package distribution. 



  • The following sequence diagram depicts the Package Information Flows.

SDC SDC SO SO ONAP_ETSI_Catalog_Mgr ONAP_ETSI_Catalog_Mgr SOL003_Adapter SOL003_Adapter SOL005_Adapter SOL005_Adapter VNFM VNFM VFC VFC Ext_NFVO Ext_NFVO 1ASDC Distribution Enginesends a distribution notification 2ASDC Distribution Message Brokersends a distribution notification 3SO sends a distribution status 4SO pulls needed artifacts from ASDC Catalog VNF PACKAGE TO SVNFM 5ONAP internal package with theoriginal vendor CSAR/Zip 6store ONAP internal packagewith the original vendor CSAR/Zip 7retrieve the original vendor CSAR/Zip 8forward the original vendor CSAR/Zip VNF PACKAGE TO Ext NFVO 9ONAP internal package with the original vendor CSAR/Zip 10store ONAP internal package with the original vendor CSAR/Zip 11retrieve the original vendor CSAR/Zip 12forward the original vendor CSAR/Zip VNF PACKAGE TO VFC 13ONAP internal package with the original vendor CSAR/Zip

Package Security

A VNF package uses the signature and certificate to ensure package integrity and validity. A CSAR file is digitally signed with the VNF provider private key. During the VNF package onboarding to SDC, SDC validates the package and then does the following:

  • Transform SOL001-based VNFD into SDC internal models
  • Store the original Vendor package into the ONBOARDED_PACKAGE directory
    • If the original vendor package is a zip file with signature and certificate, the ONBOARDED_PACKAGE directory will contain the zip file. 
  • VNFM and VF-C will receive the zip-format file.
  • For Frankfurt, the SVNFM and external NFVO will receive a zip-format package with signature and certificate if the original vendor package contains signature and certificate.
    • SVNFM and NFVO will unzip the incoming zip package files and extract CSAR files from the zip package files without validation.
    • After the Frankfurt release, it is assumed that SVNFM and NFVO validate the incoming packages based on signature and certificate.



  • No labels

1 Comment

  1. Byung-Woo Jun

    Discussions between John D'Elia and Byung:

    • It would be good to clarify that the SOL 005/003 adapters produce ONAP-compliant API, and this API is (exclusively) what other ONAP components use to talk to it (correct?)

    BWJ: the SOL005/003 adapters produces ONAP-compliant API for their SBI towards NFVO and SVFNM. Currently, the SOL003 Adapter NBI is SO proprietary (very similar to SOL003), but it could be changed. Likewise, I assume the SOL005 Adapter NBI (connection between SO and the adapter) that Fred and his team is working on has SO proprietary interface (not SOL005) to my understanding. Fred could verify it.

    • SOL 003 adapter must produce an API for NFVO side of SOL 003, correct?

    BWJ: do you mean that the NFVO uses the SOL003 Adapter to communicate with SVNFM? Yes, if NFVO does not have its own SOL003 driver, it can leverage the SOL003 Adapter. However, the current SO SOL003 Adapter NBI is SO proprietary, so we need to discuss. It is a good point.

    • I don’t think we should imply that SDC will produce a SOL 005 package management interface, but instead only support onboarding NSD package similar to 004 package.

    BWJ: I put a question mark on the SOL005 package management of SDC. SOL005 package management supports interface between OSS/BSS and NFVO (e.g., create package). In ONAP, ETSI support is distributed in several ONAP components such as SDC, SO, DCAE, Policy. So, when the OSS/BSS wants to create VNF package (not thru onboarding), it should be able to access SDC SOL005 support. However, it is not clear to me if we want it or not. We need to discuss it further. I plan to discuss this question with John Quilty, Fred and others.

    • Why is it necessary to pass the SOL004 package to the non-ETSI components (A&AI, CLAMP, VID, etc.), i.e., wouldn’t they use only the SDC package format?  IMO, since we seems to be addressing ETSI compliance with an adaptation layer, we should not propagate unnecessary artifacts throughout ONAP (unless we can clearly articulate why they are needed)

    BWJ: You are right. I meant to put “SDC CSAR package”, but the SDC CSAR package contains the original vendor SOL004 package. I changed the diagram. We don’t know how the other components will support ETSI or not and when.

    • Why not have SDC use the SOL 005/003 adapters directly for package management?  Do we need the level of indirection going through SO?

    BWJ: once SOL005/SOL003 adapters are decoupled from SO, we have a flexibility. Fred’s diagram indicates the SOL005/SOL003 adapters communication vehicle is DMMAP. In that case, SDC could use the adapters. For now, the realization of SOL005/003 adapters are attached to SO. It can be changed.