This chapter provides information about the sample network services that are provided with Oracle Communications Unified Inventory Management (UIM) NFV Orchestration.
NFV Orchestration includes the following sample cartridges that you can use as references for designing and implementing your own network services:
NPaaS_NetworkService. This sample cartridge provides the functionality to implement a Network Protection as a Service (NPaaS) network service.
ResidentialGateway_NetworkService. This sample cartridge provides the functionality to implement a Residential Gateway network service.
IMS_NetworkService. This sample cartridge provides the functionality to implement an IMS network service.
Juniper_vSRX. This sample cartridge contains the Juniper vSRX firewall VNF to use with the network protection service.
Checkpoint_NG_FW. This sample cartridge contains the Checkpoint firewall VNF to use with the network protection service.
Cisco_xRV. This sample cartridge contains the Cisco XRV router PNF to use with the residential gateway network service or the network protection service.
Clearwater_vIMS. This sample cartridge contains the Clearwater IMS VNF to use with the IMS network service.
Before you implement the sample network services, you must configure the software image of the Juniper vSRX firewall VNF. You use this VNF with the Network Protection and the Residential Gateway network services.
To configure the Juniper vSRX base image:
Download the Juniper vSRX base image from Juniper's web site.
Install OpenStack and source the tenant's credentials file.
In OpenStack, upload the downloaded base image to the Glance repository by running the following command:
glance image-create --name vsrx-vmdisk-15.1X49-D40_base --is-public true --container-format bare --disk-format qcow2 --file media-vsrx-vmdisk-15.1X49-D40.6.qcow2
where:
vsrx-vmdisk-15.1X49-D40_base is the name of the image uploaded into the repository
media-vsrx-vmdisk-15.1X49-D40.6.qcow2 is the name of the base image downloaded from the vendor's web portal.
In OpenStack, create a flavor with the following specifications by running the following command:
Specifications:
Name: vsrx.medium
VCPUs: 2
Root Disk: 20 GB
Ephemeral Disk: 0 GB
RAM: 4096 MB
Command:
nova flavor-create vsrx.medium auto 4096 20 2
Boot the image by running the following command:
nova boot --flavor vsrx.medium --image vsrx-vmdisk-15.1X49-D40_base --nic net-ID=networkID vsrx_base_instance
where:
networkID is the ID of your management network in OpenStack.
vsrx-vmdisk-15.1X49-D40_base is the name of the base image that is uploaded into the repository.
vsrx_base_instance is the name of the vsrx instance you are spawning in OpenStack.
After the image boots up, navigate to the Instances console in OpenStack and run the following commands:
root@%cli root>config root# delete security set system root-authentication plain-text-password New password: Enter a password Retype new password:Enter a password
OpenStack prompts for a password.
Enter any password and run the following commands:
set system login user admin class super-user authentication plain-text-password New password:password Retype new password:password
OpenStack prompts for a password.
Enter any password.
The username and the password that you specify here become the username and password of the VNF image that you specify in the VNF descriptor. NFV Orchestration uses these credentials to update the configuration.
Run the following commands:
set system services netconf ssh set interfaces fxp0 description "Managament Interface" unit 0 family inet dhcp set interfaces ge-0/0/0 description "Customer Interface" unit 0 family inet dhcp set interfaces ge-0/0/1 description "Internet interface" unit 0 family inet dhcp set security zones security-zone Customer host-inbound-traffic system-services ping set security zones security-zone Internet host-inbound-traffic system-services ping set security zones security-zone Customer interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp set security zones security-zone Customer interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone Internet interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp set security zones security-zone Internet interfaces ge-0/0/1.0 host-inbound-traffic system-services ping set routing-instances Traffic instance-type virtual-router set routing-instances Traffic interface ge-0/0/0.0 set routing-instances Traffic interface ge-0/0/1.0 set groups security-rules security policies from-zone <*> to-zone <*> policy <*> then log session-init session-close set security policies apply-groups security-rules set security policies from-zone Customer to-zone Internet policy Customer-Internet-Access match source-address any destination-address any application any set security policies from-zone Customer to-zone Internet policy Customer-Internet-Access then permit set security policies from-zone Internet to-zone Customer policy Deny-All match source-address any destination-address any application any set security policies from-zone Internet to-zone Customer policy Deny-All then deny set security utm custom-objects url-pattern bad-sites value http://www.example.com set security utm custom-objects custom-url-category bad-category value bad-sites set security utm feature-profile web-filtering juniper-local profile wf-profile custom-block-message "Website blocked by NPaaS. Powered by Oracle" default log-and-permit fallback-settings default block too-many-requests block set security utm utm-policy utm-protect web-filtering http-profile wf-profile set snmp location lab set snmp contact "labguy@juniper.net" set snmp community public authorization read-only commit exit exit
Create a snapshot of the running instance of the Juniper vSRX image by running the following command:
nova image-create --poll vsrx_base_instance vsrx-vmdisk-15.1X49-D40_updated
where:
vsrx_base_instance is the name of the vsrx instance
vsrx-vmdisk-15.1X49-D40_updated is the name of the vsrx image snapshot uploaded to OpenStack Glance.
Use this snapshot as the software image for instantiation of the Juniper vSRX VNF.
NFV Orchestration provides sample cartridges that you can use as references for designing and implementing a network protection service.
The NPaaS_NetworkService sample cartridge contains the functionality to implement the sample Network Protection as a Service (NPaaS) network service.
The network protection service constitutes and uses the following VNFs:
Juniper vSRX firewall
The Juniper_vSRX sample cartridge contains the functionality to implement a Juniper vSRX firewall as a VNF.
Checkpoint firewall
The Checkpoint_NG_FW sample cartridge contains the functionality to implement a Checkpoint firewall as a VNF.
The network protection service requires and uses the following software components:
UIM 7.3.5 and the UIM NFV Orchestration 7.3.5 cartridges
OpenStack VIM, with Networking-SFC functionality
Software images of the firewall VNFs
To implement the network protection service:
Configure the Juniper vSRX base image. See "Configuring the Juniper vSRX Base Image" for instructions.
In OpenStack, create a tenant or reference an existing tenant with administrator privileges.
Reference an existing management network that can be shared by all the components of NFV Orchestration.
The management network requires, at a minimum:
One IP address for each machine on which UIM is installed
One IP address for each virtual machine on which you want to bring up the VNFs
Connect the management network and the external network to a virtual router. This enables you to use floating IP addresses for providing access to the data center.
Reference an existing data network that connects all the VNF instances within the network service, and do the following:
Create the ingress endpoint and egress endpoint ports in the data network
Bring up the ingress gateway VM using the ingress endpoint port
Bring up the egress gateway VM using the egress endpoint port
Open the UIM_Home/config/nso.properties file and update the following parameters.
NSO_HOST: IPv4address. Specify the host on which UIM is installed. By default, NFV Orchestration considers the host on which the UIM server is running. If the server is running on a private network that is unavailable to external network, specify a reachable IP address for the server.
NSO_USERNAME: username
where username is the username of the server on which UIM is installed.
NSO_PASSWORD: encrypted_password
where encrypted_password is the encrypted password of the server on which UIM is installed. See "Setting NFV Orchestration Properties" for information about encrypting the password.
Open the UIM_Home/config/NPaas.properties file and specify values for the parameters listed in Table 5-1:
Table 5-1 Parameters in the NPaaS Network Service Descriptor Properties File
Parameter | Description |
---|---|
VIM_Id.NPaas.ManagementNetwork |
Specify the VIM ID and the name of the management network. By default, the VIM ID is OpenStack. The management network is the VLD Name that is specified in the NPaas.xml file. If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the management network. |
VIM_Id.NPaas.Data_IN |
Specify the VIM ID and the name of the data network. By default, the VIM ID is OpenStack. If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-in network. |
sdnController.NPaas |
Specify an implementation class for the SDN controller interface. The default implementation class is com.oracle.communications.inventory.nso.nfvi.sdn.OpenStackSDNControlerImpl. |
Deploy the NFV Orchestration cartridges into UIM. See "Installing and Integrating the NFV Orchestration Components" for information about deploying the cartridges in the specified order.
Register the VIM by calling the corresponding RESTful API. See "Registering the VIM" for instructions.
Discover the VIM resources. See "Discovering VIM Resources" for instructions.
The Network Protection service is ready for instantiation.
NFV Orchestration provides sample cartridges that you can use as references for designing and implementing a residential gateway network service.
The ResidentialGateway_NetworkService sample cartridge contains the functionality to implement the Residential Gateway network service.
The Residential Gateway network service constitutes and uses the following VNFs and PNFs:
Juniper vSRX firewall VNF
The Juniper_vSRX sample cartridge contains the functionality to implement a Juniper vSRX firewall as a VNF.
Cisco xRV router PNF
The Cisco_xRV sample cartridge contains the functionality to implement a Cisco xRV router as a PNF.
The Residential Gateway network service requires and uses the following software components:
UIM 7.3.5 and the UIM 7.3.5 NFV Orchestration cartridges
OpenStack VIM
Software image of the Juniper firewall VNF
Cisco xRV PNF. Ensure that the PNF is up and running on a management IP address.
To implement the Residential Gateway network service:
Configure the Juniper vSRX base image. See "Configuring the Juniper vSRX Base Image" for instructions.
In OpenStack, create a tenant or reference an existing tenant with administrator privileges.
Reference an existing management network that can be shared by all the components of NFV Orchestration.
Specify the details of the external network in the Endpoints tab. By default, NSO creates the floating IP address on the external network for providing access to the PNF. However, if you specify the floating IP address in the IP Address field, NSO uses this IP address for providing access to the PNF.
Open the UIM_Home/config/ResidentialGateway.properties file and specify values for the parameters listed in Table 5-2.
Table 5-2 Parameters in the Residential Gateway Descriptor Properties File
Parameter | Description |
---|---|
VIM_Id.ResidentialGateway.ManagementNetwork |
Specify the VIM ID and the name of the management network. By default, the VIM ID is OpenStack. The management network is the VLD Name that is specified in the ResidentialGateway.xml file. If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the management network. |
VIM_Id.ResidentialGateway.Data_IN |
Specify the VIM ID and the name of the data-in network. By default, the VIM ID is OpenStack. If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-in network. |
VIM_Id.ResidentialGateway.Data_OUT |
Specify the VIM ID and the name of the data-out network. By default, the VIM ID is OpenStack. If you use multiple VIMs, add another entry of the same parameter and specify the VIM ID and the data-out network. |
sdnController.ResidentialGateway |
Specify an implementation class for the SDN controller interface. The default implementation class is com.oracle.communications.inventory.nso.nfvi.sdn.OpenStackSDNControlerImpl. |
Deploy the NFV Orchestration cartridges into UIM. See "Installing and Integrating the NFV Orchestration Components" for information about deploying the cartridges in the specified order.
Register the PNF by using the REST API. See "NFV Orchestration RESTful API Reference" for a sample request for registering PNFs.
See "Working with PNFs in Network Services" for more information about working with PNFs.
Register the VIM by using the REST API. See "Registering the VIM" for instructions.
Discover the VIM resources. See "Discovering VIM Resources" for instructions.
To enable connectivity between the VNF and PNF, the VNF is assigned with a floating IP address. Configure the static routes corresponding to the floating IP in the PNF manually or by extending the cartridges.
The Residential Gateway network service is ready for instantiation.
Project Clearwater is an open source implementation of the IP Multimedia Subsystem (IMS) for cloud computing environments. NFV Orchestration provides sample network service and VNF cartridges to orchestrate the Clearwater IMS. The network service includes the Clearwater IMS VNF and associated connectivity.
NFV Orchestration provides sample cartridges that you can use as references for designing and implementing the Clearwater IMS.
The following sample cartridges contain the details required to perform this implementation:
IMS_NetworkService. This sample cartridge provides the functionality to implement an IMS network service.
Clearwater_vIMS. This sample cartridge contains the Clearwater IMS VNF to use with the IMS network service.
The Clearwater VNF is a complex, multi-component VNF that is orchestrated using OpenStack Heat.
To successfully instantiate the Clearwater IMS, ensure that the following prerequisites are met:
Create Management and Signaling Networks in OpenStack for use by the Clearwater VMs. Note down the names of these networks, because you will be required to enter the network names in the network service properties file. In this sample cartridge, pre-configured networks are used and the Networking Heat template is not required.
Create a router in OpenStack to connect the management and signaling Networks to the external network. Alternatively, you can create a separate router for each network. Create a pool of floating IP addresses to be assigned to the Clearwater VMs.
Create a key-pair in the OpenStack for use by the Clearwater VMs.
Create a flavor in OpenStack that should be used to instantiate the Clearwater VMs; for example, create a flavor with the following sizing:
Memory: 2000 (2GB)
Disk: 3 GB
vCPU: 1
Provide Internet access to the Clearwater Management network to allow the Clearwater VMs to access the Ubuntu and Clearwater repositories. Alternatively, provide local copies of the repositories and configure the initialization scripts embedded in the Heat templates to use those local repositories.
Create one or more Service Locations and associate them to an Inventory Group (Serving Area), which is in turn associated to the Virtual Data Center in which you want to deploy the Clearwater IMS. See "Instantiating Network Services" for more information.
The sample implementation provides network service and VNF descriptors to allow instantiation of Clearwater. It also provides network service and VNF properties files, which define important settings for the orchestration environment. Verify the descriptors and properties files and modify them based on your environment before deploying them. Specifically, enter the names of the Management and Signalling networks that you created earlier into the network service properties file.
The sample implementation provides Heat templates for the Clearwater component VMs, which are updated versions of the open source templates that are modified to work with NFV Orchestration. Verify the Heat templates and modify them based on your environment before deploying them.
Create an instance of the Clearwater IMS by using the Create command in the Network Service screen or by calling the Instantiate Network Service API. In either case, provide the following required parameters:
The network service descriptor name: IMS
A name for the new instance of the network service
The Service Location that the IMS will serve (which determines the Virtual Data Center where the IMS will be deployed)
All other details are determined and populated by the NFVO Orchestration process.
After the IMS is instantiated, you can view the component VMs in OpenStack.
To use the new instance, do the following:
Determine the floating IP address that has been assigned to the Ellis VM on the management network, connect to it using your web browser, and then create Clearwater user accounts and assign phone numbers.
Determine the floating IP address that has been assigned to the Bono VM on the signalling network and configure that address in your VoIP clients. See the Clearwater documentation for information on how to configure VoIP clients to use Clearwater. By default, the domain name for the Clearwater instance is example.com.
UIM NFV Orchestration provides a reference implementation for integrating with Oracle Communications IP Service Activator using the Juniper_vSRX sample cartridge. In this reference implementation, after the NFV Orchestration VNFs are instantiated, NFV Orchestration registers the VNFs with IP Service Activator, thus enabling IP Service Activator to discover and manage the VNFs.
To integrate NFV Orchestration with IP Service Activator:
Create the following Java implementation class by extending the GenericVNFManagerClient class:
com.oracle.communications.inventory.nso.nfvi.juniper.JuniperSBSystemManagerImpl
In the GenericVNFManagerClient.postInstantiateVNF() method, use the following REST API to register the VNF with IP Service Activator:
/Oracle/CGBU/IPSA/DomainController/resources/data/DiscoverDevices [POST]
JSON request:
{ "network":"testSystem", "devices":[ { "AccessStyle":"TACACS", "UserName":"myuser", "LoginPassword":"mypass", "EnablePassword":"myenablepass", "InheritsSecurity":"false", "IpAddress":"IP_Address" } ] }
where:
myuser is the user name of the virtual machine on which the VNF is deployed.
mypass is the password of the virtual machine on which the VNF is deployed.
(Optional) myenablepass is the enable password of the virtual machine on which the VNF is deployed.
IP_Address is the IP address of the management network to which the VNF is connected.
See Oracle Communications IP Service Activator User's Guide for more information.
The postInstantiateVNF() method is called as part of the VNF instantiation process.
In the GenericVNFManagerClient.postTerminateVNF() method, use the following REST API to unregister the VNF with IP Service Activator:
/Oracle/CGBU/IPSA/DomainController/resources/data/Device?ip=IP_Address [DELETE]
where IP_Address is the IP address of the management network to which the VNF is connected.
The postTerminateVNF() method is called as part of the VNF termination process.
Set the properties in the Juniper.vSRX.properties file. See "Setting Juniper_vSRX Sample Cartridge Properties" for more information.
NFV Orchestration provides the Juniper_vSRX sample cartridge, which contains the Juniper_vSRX.properties file. You can configure the properties in the Juniper.vSRX.properties file to extend the reference implementation to meet your business requirements.
Table 5-3 lists the properties in the Juniper_vSRX.properties file.
Table 5-3 Juniper_vSRX Sample Cartridge Properties
Property | Description |
---|---|
sbClient.Juniper_vSRX |
Extends the GenericVNFManagerClient and provides the logic for enabling IP Service Activator to discover and manage NFV Orchestration VNFs. For example, sbClient.Juniper_vSRX=oracle.communications.inventory.nso.nfvi.sample.JuniperSBSystemManagerImpl. |
juniper.enableIPSAIntegration |
Enables or disables the integration with IP Service Activator. Specify true if you want to enable integration with the IP Service Activator; otherwise, specify false. By default, this property is set to false. For example, juniper.enableNetwork Service OrchestrationIPSAIntegration=false. |
juniper.ipsa.delayInvocation |
Delays (in milliseconds) registering the NFV Orchestration VNFs with IP Service Activator until the VNFs are instantiated. For example, juniper.ipsa.delayInvocation=1. |
ipsa.host |
Contains the IP address of the IP Service Activator server. For example, ipsa.host=localhost. |
ipsa.port |
Contains the port of the IP Service Activator server. For example, ipsa.port=7001. |
ipsa.secureProtocol |
Indicates whether the REST APIs use HTTP or HTTPS protocol. Specify true to indicate that the REST API is using HTTPS protocol; otherwise, specify false. By default, this property is set to false. For example, ipsa.secureProtocol=false. |