5 Implementing the Sample Network Services

This chapter provides information about the sample network services that are provided with Oracle Communications Unified Inventory Management (UIM) NFV Orchestration.

NFV Orchestration includes the following sample cartridges that you can use as references for designing and implementing your own network services:

  • NPaaS_NetworkService. This sample cartridge provides the functionality to implement a Network Protection as a Service (NPaaS) network service.

  • ResidentialGateway_NetworkService. This sample cartridge provides the functionality to implement a Residential Gateway network service.

  • IMS_NetworkService. This sample cartridge provides the functionality to implement an IMS network service.

  • Juniper_vSRX. This sample cartridge contains the Juniper vSRX firewall VNF to use with the network protection service.

  • Checkpoint_NG_FW. This sample cartridge contains the Checkpoint firewall VNF to use with the network protection service.

  • Cisco_xRV. This sample cartridge contains the Cisco XRV router PNF to use with the residential gateway network service or the network protection service.

  • Clearwater_vIMS. This sample cartridge contains the Clearwater IMS VNF to use with the IMS network service.

Configuring the Juniper vSRX Base Image

Before you implement the sample network services, you must configure the software image of the Juniper vSRX firewall VNF. You use this VNF with the Network Protection and the Residential Gateway network services.

To configure the Juniper vSRX base image:

  1. Download the Juniper vSRX base image from Juniper's web site.

  2. Install OpenStack and source the tenant's credentials file.

  3. In OpenStack, upload the downloaded base image to the Glance repository by running the following command:

     glance image-create --name vsrx-vmdisk-15.1X49-D40_base --is-public true --container-format bare --disk-format qcow2 --file media-vsrx-vmdisk-15.1X49-D40.6.qcow2

    where:

    • vsrx-vmdisk-15.1X49-D40_base is the name of the image uploaded into the repository

    • media-vsrx-vmdisk-15.1X49-D40.6.qcow2 is the name of the base image downloaded from the vendor's web portal.

  4. In OpenStack, create a flavor with the following specifications by running the following command:

    Specifications:

    • Name: vsrx.medium

    • VCPUs: 2

    • Root Disk: 20 GB

    • Ephemeral Disk: 0 GB

    • RAM: 4096 MB

    Command:

    nova flavor-create vsrx.medium auto 4096 20 2

  5. Boot the image by running the following command:

    nova boot --flavor vsrx.medium --image vsrx-vmdisk-15.1X49-D40_base --nic net-ID=networkID vsrx_base_instance

    where:

    • networkID is the ID of your management network in OpenStack.

    • vsrx-vmdisk-15.1X49-D40_base is the name of the base image that is uploaded into the repository.

    • vsrx_base_instance is the name of the vsrx instance you are spawning in OpenStack.

  6. After the image boots up, navigate to the Instances console in OpenStack and run the following commands:

    root@%cli
root>config
root#
delete security
set system root-authentication plain-text-password
New password: Enter a password
Retype new password:Enter a password

    OpenStack prompts for a password.

  7. Enter any password and run the following commands:

    set system login user admin class super-user authentication plain-text-password
New password:password
Retype new password:password

    OpenStack prompts for a password.

  8. Enter any password.

    The username and the password that you specify here become the username and password of the VNF image that you specify in the VNF descriptor. NFV Orchestration uses these credentials to update the configuration.

  9. Run the following commands:

    set system services netconf ssh
set interfaces fxp0 description "Managament Interface" unit 0 family inet dhcp
set interfaces ge-0/0/0 description "Customer Interface" unit 0 family inet dhcp
set interfaces ge-0/0/1 description "Internet interface" unit 0 family inet dhcp
set security zones security-zone Customer host-inbound-traffic system-services ping
set security zones security-zone Internet host-inbound-traffic system-services ping
set security zones security-zone Customer interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp 
set security zones security-zone Customer interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone Internet interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
set security zones security-zone Internet interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set routing-instances Traffic instance-type virtual-router
set routing-instances Traffic interface ge-0/0/0.0
set routing-instances Traffic interface ge-0/0/1.0
set groups security-rules security policies from-zone <*> to-zone <*> policy <*> then log session-init session-close
set security policies apply-groups security-rules
set security policies from-zone Customer to-zone Internet policy Customer-Internet-Access match source-address any destination-address any application any
set security policies from-zone Customer to-zone Internet policy Customer-Internet-Access then permit
set security policies from-zone Internet to-zone Customer policy Deny-All match source-address any destination-address any application any
set security policies from-zone Internet to-zone Customer policy Deny-All then deny
set security utm custom-objects url-pattern bad-sites value http://www.example.com
set security utm custom-objects custom-url-category bad-category value bad-sites
set security utm feature-profile web-filtering juniper-local profile wf-profile custom-block-message "Website blocked by NPaaS. Powered by Oracle" default log-and-permit fallback-settings default block too-many-requests block
set security utm utm-policy utm-protect web-filtering http-profile wf-profile
set snmp location lab
set snmp contact "labguy@juniper.net"
set snmp community public authorization read-only
commit
exit
exit

  10. Create a snapshot of the running instance of the Juniper vSRX image by running the following command:

    nova image-create --poll vsrx_base_instance vsrx-vmdisk-15.1X49-D40_updated

    where:

    • vsrx_base_instance is the name of the vsrx instance

    • vsrx-vmdisk-15.1X49-D40_updated is the name of the vsrx image snapshot uploaded to OpenStack Glance.

    Use this snapshot as the software image for instantiation of the Juniper vSRX VNF.

Implementing the Network Protection Service

NFV Orchestration provides sample cartridges that you can use as references for designing and implementing a network protection service.

The NPaaS_NetworkService sample cartridge contains the functionality to implement the sample Network Protection as a Service (NPaaS) network service.

The network protection service constitutes and uses the following VNFs:

  • Juniper vSRX firewall

    The Juniper_vSRX sample cartridge contains the functionality to implement a Juniper vSRX firewall as a VNF.

  • Checkpoint firewall

    The Checkpoint_NG_FW sample cartridge contains the functionality to implement a Checkpoint firewall as a VNF.

The network protection service requires and uses the following software components:

  • UIM 7.3.5 and the UIM NFV Orchestration 7.3.5 cartridges

  • OpenStack VIM, with Networking-SFC functionality

  • Software images of the firewall VNFs

To implement the network protection service:

  1. Configure the Juniper vSRX base image. See "Configuring the Juniper vSRX Base Image" for instructions.

  2. In OpenStack, create a tenant or reference an existing tenant with administrator privileges.

  3. Reference an existing management network that can be shared by all the components of NFV Orchestration.

    The management network requires, at a minimum:

    • One IP address for each machine on which UIM is installed

    • One IP address for each virtual machine on which you want to bring up the VNFs

  4. Connect the management network and the external network to a virtual router. This enables you to use floating IP addresses for providing access to the data center.

  5. Reference an existing data network that connects all the VNF instances within the network service, and do the following:

    • Create the ingress endpoint and egress endpoint ports in the data network

    • Bring up the ingress gateway VM using the ingress endpoint port

    • Bring up the egress gateway VM using the egress endpoint port

  6. Open the UIM_Home/config/nso.properties file and update the following parameters.

    • NSO_HOST: IPv4address. Specify the host on which UIM is installed. By default, NFV Orchestration considers the host on which the UIM server is running. If the server is running on a private network that is unavailable to external network, specify a reachable IP address for the server.

    • NSO_USERNAME: username

      where username is the username of the server on which UIM is installed.

    • NSO_PASSWORD: encrypted_password

      where encrypted_password is the encrypted password of the server on which UIM is installed. See "Setting NFV Orchestration Properties" for information about encrypting the password.

  7. Open the UIM_Home/config/NPaas.properties file and specify values for the parameters listed in Table 5-1:

    Table 5-1 Parameters in the NPaaS Network Service Descriptor Properties File

    Parameter Description

    VIM_Id.NPaas.ManagementNetwork

    Specify the VIM ID and the name of the management network. By default, the VIM ID is OpenStack. The management network is the VLD Name that is specified in the NPaas.xml file.

    If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the management network.

    VIM_Id.NPaas.Data_IN

    Specify the VIM ID and the name of the data network. By default, the VIM ID is OpenStack.

    If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-in network.

    sdnController.NPaas

    Specify an implementation class for the SDN controller interface. The default implementation class is com.oracle.communications.inventory.nso.nfvi.sdn.OpenStackSDNControlerImpl.

  8. Deploy the NFV Orchestration cartridges into UIM. See "Installing and Integrating the NFV Orchestration Components" for information about deploying the cartridges in the specified order.

  9. Register the VIM by calling the corresponding RESTful API. See "Registering the VIM" for instructions.

  10. Discover the VIM resources. See "Discovering VIM Resources" for instructions.

    The Network Protection service is ready for instantiation.

Implementing the Residential Gateway Network Service

NFV Orchestration provides sample cartridges that you can use as references for designing and implementing a residential gateway network service.

The ResidentialGateway_NetworkService sample cartridge contains the functionality to implement the Residential Gateway network service.

The Residential Gateway network service constitutes and uses the following VNFs and PNFs:

  • Juniper vSRX firewall VNF

    The Juniper_vSRX sample cartridge contains the functionality to implement a Juniper vSRX firewall as a VNF.

  • Cisco xRV router PNF

    The Cisco_xRV sample cartridge contains the functionality to implement a Cisco xRV router as a PNF.

The Residential Gateway network service requires and uses the following software components:

  • UIM 7.3.5 and the UIM 7.3.5 NFV Orchestration cartridges

  • OpenStack VIM

  • Software image of the Juniper firewall VNF

  • Cisco xRV PNF. Ensure that the PNF is up and running on a management IP address.

To implement the Residential Gateway network service:

  1. Configure the Juniper vSRX base image. See "Configuring the Juniper vSRX Base Image" for instructions.

  2. In OpenStack, create a tenant or reference an existing tenant with administrator privileges.

  3. Reference an existing management network that can be shared by all the components of NFV Orchestration.

  4. Specify the details of the external network in the Endpoints tab. By default, NSO creates the floating IP address on the external network for providing access to the PNF. However, if you specify the floating IP address in the IP Address field, NSO uses this IP address for providing access to the PNF.

  5. Open the UIM_Home/config/ResidentialGateway.properties file and specify values for the parameters listed in Table 5-2.

    Table 5-2 Parameters in the Residential Gateway Descriptor Properties File

    Parameter Description

    VIM_Id.ResidentialGateway.ManagementNetwork

    Specify the VIM ID and the name of the management network. By default, the VIM ID is OpenStack. The management network is the VLD Name that is specified in the ResidentialGateway.xml file.

    If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the management network.

    VIM_Id.ResidentialGateway.Data_IN

    Specify the VIM ID and the name of the data-in network. By default, the VIM ID is OpenStack.

    If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-in network.

    VIM_Id.ResidentialGateway.Data_OUT

    Specify the VIM ID and the name of the data-out network. By default, the VIM ID is OpenStack.

    If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-out network.

    sdnController.ResidentialGateway

    Specify an implementation class for the SDN controller interface. The default implementation class is com.oracle.communications.inventory.nso.nfvi.sdn.OpenStackSDNControlerImpl.

  6. Deploy the NFV Orchestration cartridges into UIM. See "Installing and Integrating the NFV Orchestration Components" for information about deploying the cartridges in the specified order.

  7. Register the PNF by using the REST API. See "NFV Orchestration RESTful API Reference" for a sample request for registering PNFs.

    See "Working with PNFs in Network Services" for more information about working with PNFs.

  8. Register the VIM by using the REST API. See "Registering the VIM" for instructions.

  9. Discover the VIM resources. See "Discovering VIM Resources" for instructions.

  10. To enable connectivity between the VNF and PNF, the VNF is assigned with a floating IP address. Configure the static routes corresponding to the floating IP in the PNF manually or by extending the cartridges.

    The Residential Gateway network service is ready for instantiation.

Implementing the Clearwater IMS

Project Clearwater is an open source implementation of the IP Multimedia Subsystem (IMS) for cloud computing environments. NFV Orchestration provides sample network service and VNF cartridges to orchestrate the Clearwater IMS. The network service includes the Clearwater IMS VNF and associated connectivity.

NFV Orchestration provides sample cartridges that you can use as references for designing and implementing the Clearwater IMS.

The following sample cartridges contain the details required to perform this implementation:

  • IMS_NetworkService. This sample cartridge provides the functionality to implement an IMS network service.

  • Clearwater_vIMS. This sample cartridge contains the Clearwater IMS VNF to use with the IMS network service.

Prerequisites

The Clearwater VNF is a complex, multi-component VNF that is orchestrated using OpenStack Heat.

To successfully instantiate the Clearwater IMS, ensure that the following prerequisites are met:

  • Create Management and Signaling Networks in OpenStack for use by the Clearwater VMs. Note down the names of these networks, because you will be required to enter the network names in the network service properties file. In this sample cartridge, pre-configured networks are used and the Networking Heat template is not required.

  • Create a router in OpenStack to connect the management and signaling Networks to the external network. Alternatively, you can create a separate router for each network. Create a pool of floating IP addresses to be assigned to the Clearwater VMs.

  • Create a key-pair in the OpenStack for use by the Clearwater VMs.

  • Create a flavor in OpenStack that should be used to instantiate the Clearwater VMs; for example, create a flavor with the following sizing:

    • Memory: 2000 (2GB)

    • Disk: 3 GB

    • vCPU: 1

  • Provide Internet access to the Clearwater Management network to allow the Clearwater VMs to access the Ubuntu and Clearwater repositories. Alternatively, provide local copies of the repositories and configure the initialization scripts embedded in the Heat templates to use those local repositories.

  • Create one or more Service Locations and associate them to an Inventory Group (Serving Area), which is in turn associated to the Virtual Data Center in which you want to deploy the Clearwater IMS. See "Instantiating Network Services" for more information.

Configuring the Network Service and VNF Descriptors

The sample implementation provides network service and VNF descriptors to allow instantiation of Clearwater. It also provides network service and VNF properties files, which define important settings for the orchestration environment. Verify the descriptors and properties files and modify them based on your environment before deploying them. Specifically, enter the names of the Management and Signalling networks that you created earlier into the network service properties file.

Configuring the Heat Templates

The sample implementation provides Heat templates for the Clearwater component VMs, which are updated versions of the open source templates that are modified to work with NFV Orchestration. Verify the Heat templates and modify them based on your environment before deploying them.

Instantiating and Operating the Clearwater IMS

Create an instance of the Clearwater IMS by using the Create command in the Network Service screen or by calling the Instantiate Network Service API. In either case, provide the following required parameters:

  • The network service descriptor name: IMS

  • A name for the new instance of the network service

  • The Service Location that the IMS will serve (which determines the Virtual Data Center where the IMS will be deployed)

    All other details are determined and populated by the NFVO Orchestration process.

After the IMS is instantiated, you can view the component VMs in OpenStack.

To use the new instance, do the following:

  • Determine the floating IP address that has been assigned to the Ellis VM on the management network, connect to it using your web browser, and then create Clearwater user accounts and assign phone numbers.

  • Determine the floating IP address that has been assigned to the Bono VM on the signalling network and configure that address in your VoIP clients. See the Clearwater documentation for information on how to configure VoIP clients to use Clearwater. By default, the domain name for the Clearwater instance is example.com.

Integrating UIM NFV Orchestration with IP Service Activator

UIM NFV Orchestration provides a reference implementation for integrating with Oracle Communications IP Service Activator using the Juniper_vSRX sample cartridge. In this reference implementation, after the NFV Orchestration VNFs are instantiated, NFV Orchestration registers the VNFs with IP Service Activator, thus enabling IP Service Activator to discover and manage the VNFs.

To integrate NFV Orchestration with IP Service Activator:

  1. Create the following Java implementation class by extending the GenericVNFManagerClient class:

    com.oracle.communications.inventory.nso.nfvi.juniper.JuniperSBSystemManagerImpl

  2. In the GenericVNFManagerClient.postInstantiateVNF() method, use the following REST API to register the VNF with IP Service Activator:

    /Oracle/CGBU/IPSA/DomainController/resources/data/DiscoverDevices  [POST]

    JSON request:

    {
                    "network":"testSystem",               
    "devices":[
                 {
                          "AccessStyle":"TACACS",           
                          "UserName":"myuser",              
                                 "LoginPassword":"mypass",         
                                 "EnablePassword":"myenablepass",  
                                 "InheritsSecurity":"false",       
                                 "IpAddress":"IP_Address"             
                 }
    ]
}

    where:

    • myuser is the user name of the virtual machine on which the VNF is deployed.

    • mypass is the password of the virtual machine on which the VNF is deployed.

    • (Optional) myenablepass is the enable password of the virtual machine on which the VNF is deployed.

    • IP_Address is the IP address of the management network to which the VNF is connected.

      See Oracle Communications IP Service Activator User's Guide for more information.

      The postInstantiateVNF() method is called as part of the VNF instantiation process.

  3. In the GenericVNFManagerClient.postTerminateVNF() method, use the following REST API to unregister the VNF with IP Service Activator:

    /Oracle/CGBU/IPSA/DomainController/resources/data/Device?ip=IP_Address  [DELETE]

    where IP_Address is the IP address of the management network to which the VNF is connected.

    The postTerminateVNF() method is called as part of the VNF termination process.

  4. Set the properties in the Juniper.vSRX.properties file. See "Setting Juniper_vSRX Sample Cartridge Properties" for more information.

Setting Juniper_vSRX Sample Cartridge Properties

NFV Orchestration provides the Juniper_vSRX sample cartridge, which contains the Juniper_vSRX.properties file. You can configure the properties in the Juniper.vSRX.properties file to extend the reference implementation to meet your business requirements.

Table 5-3 lists the properties in the Juniper_vSRX.properties file.

Table 5-3 Juniper_vSRX Sample Cartridge Properties

Property Description

sbClient.Juniper_vSRX

Extends the GenericVNFManagerClient and provides the logic for enabling IP Service Activator to discover and manage NFV Orchestration VNFs.

For example, sbClient.Juniper_vSRX=oracle.communications.inventory.nso.nfvi.sample.JuniperSBSystemManagerImpl.

juniper.enableIPSAIntegration

Enables or disables the integration with IP Service Activator. Specify true if you want to enable integration with the IP Service Activator; otherwise, specify false. By default, this property is set to false.

For example, juniper.enableNetwork Service OrchestrationIPSAIntegration=false.

juniper.ipsa.delayInvocation

Delays (in milliseconds) registering the NFV Orchestration VNFs with IP Service Activator until the VNFs are instantiated.

For example, juniper.ipsa.delayInvocation=1.

ipsa.host

Contains the IP address of the IP Service Activator server.

For example, ipsa.host=localhost.

ipsa.port

Contains the port of the IP Service Activator server.

For example, ipsa.port=7001.

ipsa.secureProtocol

Indicates whether the REST APIs use HTTP or HTTPS protocol. Specify true to indicate that the REST API is using HTTPS protocol; otherwise, specify false. By default, this property is set to false.

For example, ipsa.secureProtocol=false.