Communication patterns
- Intra-Component communication (e.g. between so-bpmn-infra and so-sdnc-adapter)
- Inter-Component communication (e.g. between onap-cli and so)
- External communication (e.g. user → sdc-ui)
Assumptions (to be agreed)
Assumptions
...
- AAF will be removed
- → No Container port encryption
- Services must not use NodePorts NodePorts
- → external communication only via Ingress
- Ingress is the default for external communication
- Istio IngressGateway
- Nginx Ingress ?
- Inter-component communication can be
- direct communication directly (as today)
- via Ingress (Seshu's proposal) ?
- Istio IngressGateway
- Nginx Ingress ?
- Communication encryption can be done:
- on Ingress level (adding certificate to Gateway)
- on SM (e.g. Istio sidecars)
- on Kernel Level (using eBPF via Cilium)
Communication patterns
- Intra-Component communication (e.g. between so-bpmn-infra and so-sdnc-adapter)
- Inter-Component communication (e.g. between onap-cli and so)
- External communication (e.g. user → sdc-ui)
...
To be supported options in ONAP
No ONAP internal encryption:
- Intra-Component: unencrypted
- Inter-Component: unencrypted
- External: unencrypted/encrypted
- Inter-Component encryption:
- Intra-Component: unencrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
- Full encryption:
- Intra-Component: encrypted
- Inter-Component: encrypted
- External: unencrypted/encrypted
...
| draw.io Diagram | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Solution using eBPF via Cilium:
https://cilium.io/blog/2020/11/10/ebpf-future-of-networking/
https://ebpf.io/