openstack
/
tacker
Code Issues Proposed changes

Add support symmetric parameter in VNFFG 

This patch address
1. Update Symmetric Port Chains by setting 'symmetric=True' as
'chain_parameters' key and value pair.
2. Remove 'symmetrical' in flow-classifier functions.
3. Update the doc and VNFFG samples

Change-Id: I04cfafd111b1024ad61b8f9ee48bfe0186a97d0d
Closes-Bug: #1736630
This commit is contained in:
Cong Phuoc Hoang 2017-12-06 12:20:30 +09:00
parent 9828498244
commit a546f58868
6 changed files with 92 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
doc/source/user/vnffg_usage_guide.rst
View File

@ -86,23 +86,49 @@ tosca-vnffgd-sample.yaml>`_.
ip_proto: 6
ip_dst_prefix: 192.168.2.2/24
You can get network_src_port_id and IP destination address through
OpenStack commands like bellow:
In above example, VNFFG will have 2 flow classifier. List flow classifiers
are defined in list of criteria.
You can get network_src_port_id, network_dest_port_id and destination IP
address through OpenStack commands like bellow:
.. code-block:: console
client_ip=$(openstack server list | grep http_client | \
grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
client_ip=$(openstack server list | grep http_client | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
network_source_port_id=$(openstack port list | grep $client_ip | awk '{print $2}')
ip_dst=$(openstack server list | grep http_server | \
grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
ip_dst=$(openstack server list | grep http_server | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
network_dest_port_id=$(openstack port list | grep $ip_dst | awk '{print $2}')
This is required due to a limitation of Neutron networking-sfc and only
applies to an OpenStack VIM.
Two "network_dst_port_id" and "ip_dst_prefix" parameters must be set when you
want to create VNFFG with "symmetrical" feature. If you want to create VNFFG
without "symmetrical", you can ommit "network_dst_port_id" and "ip_dst_prefix".
.. code-block:: yaml
policy:
type: ACL
criteria:
- network_src_port_id: 640dfd77-c92b-45a3-b8fc-22712de480e1
network_dst_port_id: ea206bba-7083-4364-a9f1-c0b7fdf61b6e
destination_port_range: 80-1024
ip_proto: 6
ip_dst_prefix: 192.168.1.2/24
You can use the sample VNFFGD template for symmetrical feature (in port chain)
such as this `link <https://github.com/openstack/tacker/tree/master/samples/
tosca-templates/vnffgd/tosca-vnffgd-symmetrical-sample.yaml>`_.
The symmetrical argument is used to indicate if reverse traffic should also
flow through the path. This creates an extra classifier to ensure return
traffic flows through the chain in a reverse path, otherwise this traffic
routed normally and does not enter the VNFFG.
Tacker provides the following CLI to create a VNFFGD:
.. code-block:: console
@ -135,31 +161,30 @@ Tacker provides the following CLI to create VNFFG from VNFFGD:
.. code-block:: console
tacker vnffg-create --vnffgd-name <vnffgd-name> \
--vnf-mapping <vnf-mapping> --symmetrical <boolean> <vnffg-name>
tacker vnffg-create --vnffgd-name <vnffgd-name> --vnf-mapping <vnf-mapping> --symmetrical <vnffg-name>
or you can create directly VNFFG from vnffgd template without initiating
VNFFGD.
.. code-block:: console
tacker vnffg-create --vnffgd-template <vnffgd-template> \
--vnf-mapping <vnf-mapping> --symmetrical <boolean> <vnffg-name>
tacker vnffg-create --vnffgd-template <vnffgd-template> --vnf-mapping <vnf-mapping> \
--symmetrical <vnffg-name>
If you use a parameterized vnffg template:
.. code-block:: console
tacker vnffg-create --vnffgd-name <vnffgd-name> \
--param-file <param-file> --vnf-mapping <vnf-mapping> \
--symmetrical <boolean> <vnffg-name>
tacker vnffg-create --vnffgd-name <vnffgd-name> --param-file <param-file> --vnf-mapping <vnf-mapping> \
--symmetrical <vnffg-name>
Here,
* vnffgd-name - VNFFGD to use to instantiate this VNFFG
* param-file - Parameter file in Yaml.
* vnf-mapping - Allows a list of logical VNFD to VNF instance mapping
* symmetrical - True/False
* symmetrical - If --symmetrical is present, symmetrical is True
(default: False)
VNF Mapping is used to declare which exact VNF instance to be used for
each VNF in the Forwarding Path. The following command would list VNFs
@ -178,23 +203,13 @@ to the desired VNF instance:
+--------------------------------------+------+---------------------------+--------+--------------------------------------+--------------------------------------+
tacker vnffg-create --vnffgd-name myvnffgd --vnf-mapping \
VNFD1:'91e32c20-6d1f-47a4-9ba7-08f5e5effe07',VNFD2:'7168062e-9fa1-4203-8cb7-f5c99ff3ee1b' myvnffg
VNFD1:'91e32c20-6d1f-47a4-9ba7-08f5e5effe07',VNFD2:'7168062e-9fa1-4203-8cb7-f5c99ff3ee1b' --symmetrical myvnffg
Alternatively, if no vnf-mapping is provided then Tacker VNFFG will attempt
to search for VNF instances derived from the given VNFDs in the VNFFGD. If
multiple VNF instances exist for a given VNFD, the VNF instance chosen to be
used in the VNFFG is done at random.
The symmetrical argument is used to indicate if reverse traffic should also
flow through the path. This creates an extra classifier to ensure return
traffic flows through the chain in a reverse path, otherwise this traffic
routed normally and does not enter the VNFFG.
.. note::
Enabling symmetrical is not currently supported by the OpenStack VIM
driver
Parameters for VNFFGD template
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -250,7 +265,6 @@ Known Issues and Limitations
- Matching on criteria with postfix 'name' does not work, for example
'network_name'
- NSH attributes not yet supported
- Symmetrical is not supported by driver yet
.. _VNF1: https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd1.yaml
.. _VNF2: https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd2.yaml

6
samples/tosca-templates/vnffgd/tosca-vnffgd-param-sample.yaml
View File

@ -29,9 +29,9 @@ topology_template:
type: ACL
criteria:
- network_src_port_id: { get_input: net_src_port_id }
- destination_port_range: { get_input: dst_port_range }
- ip_proto: 6
- ip_dst_prefix: { get_input: ip_dst_pre }
destination_port_range: { get_input: dst_port_range }
ip_proto: 6
ip_dst_prefix: { get_input: ip_dst_pre }
path:
- forwarder: VNFD1
capability: CP12

40
samples/tosca-templates/vnffgd/tosca-vnffgd-symmetrical-sample.yaml Normal file
View File

@ -0,0 +1,40 @@
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Sample symmetrical VNFFG template (network_dst_port_id and ip_dst_prefix must be set)
topology_template:
description: Sample symmetrical VNFFG template
node_templates:
Forwarding_path1:
type: tosca.nodes.nfv.FP.Tacker
description: creates path (CP12->CP22)
properties:
id: 51
policy:
type: ACL
criteria:
- network_src_port_id: e8463552-f236-4127-afc2-571f2b1d81bb
network_dst_port_id: 8bff0400-a7b8-41eb-bbef-d7cff67a7361
ip_dst_prefix: 10.10.0.9/24
destination_port_range: 80-1024
ip_proto: 6
path:
- forwarder: VNFD1
capability: CP12
- forwarder: VNFD2
capability: CP22
groups:
VNFFG1:
type: tosca.groups.nfv.VNFFG
description: HTTP to Corporate Net
properties:
vendor: tacker
version: 1.0
number_of_endpoints: 2
dependent_virtual_link: [VL12,VL22]
connection_point: [CP12,CP22]
constituent_vnfs: [VNFD1,VNFD2]
members: [Forwarding_path1]

20
tacker/nfvo/drivers/vim/openstack_driver.py
View File

@ -338,8 +338,7 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
sess = session.Session(auth=auth_plugin)
return client_type(session=sess)
def create_flow_classifier(self, name, fc, symmetrical=False,
auth_attr=None):
def create_flow_classifier(self, name, fc, auth_attr=None):
def _translate_ip_protocol(ip_proto):
if ip_proto == '1':
return 'icmp'
@ -354,9 +353,6 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
LOG.warning("auth information required for n-sfc driver")
return None
if symmetrical:
LOG.warning("n-sfc driver does not support symmetrical")
raise NotImplementedError('symmetrical chain not supported')
LOG.debug('fc passed is %s', fc)
sfc_classifier_params = {}
for field in fc:
@ -387,10 +383,6 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
LOG.warning("auth information required for n-sfc driver")
return None
if symmetrical:
LOG.warning("n-sfc driver does not support symmetrical")
raise NotImplementedError('symmetrical chain not supported')
neutronclient_ = NeutronClient(auth_attr)
port_pair_group_list = []
for vnf in vnfs:
@ -445,6 +437,9 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
port_chain['description'] = 'port-chain for Tacker VNFFG'
port_chain['port_pair_groups'] = port_pair_group_list
port_chain['flow_classifiers'] = fc_ids
if symmetrical:
port_chain['chain_parameters'] = {}
port_chain['chain_parameters']['symmetric'] = True
return neutronclient_.port_chain_create(port_chain)
def update_chain(self, chain_id, fc_ids, vnfs,
@ -466,16 +461,11 @@ class OpenStack_Driver(abstract_vim_driver.VimAbstractDriver,
neutronclient_ = NeutronClient(auth_attr)
neutronclient_.port_chain_delete(chain_id)
def update_flow_classifier(self, fc_id, fc,
symmetrical=False, auth_attr=None):
def update_flow_classifier(self, fc_id, fc, auth_attr=None):
if not auth_attr:
LOG.warning("auth information required for n-sfc driver")
return None
if symmetrical:
LOG.warning("n-sfc driver does not support symmetrical")
raise NotImplementedError('symmetrical chain not supported')
# for now, the only parameters allowed for flow-classifier-update
# is 'name' and/or 'description'.
# Currently we do not store the classifiers in the db with

6
tacker/nfvo/drivers/vnffg/abstract_vnffg_driver.py
View File

@ -52,14 +52,12 @@ class VnffgAbstractDriver(extensions.PluginInterface):
pass
@abc.abstractmethod
def create_flow_classifier(self, name, fc, symmetrical=False,
auth_attr=None):
def create_flow_classifier(self, name, fc, auth_attr=None):
"""Create flow classifier and returns an ID"""
pass
@abc.abstractmethod
def update_flow_classifier(self, fc_id, fc, symmetrical=False,
auth_attr=None):
def update_flow_classifier(self, fc_id, fc, auth_attr=None):
"""Update flow classifier"""
pass

6
tacker/nfvo/nfvo_plugin.py
View File

@ -344,8 +344,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
'create_flow_classifier',
name=vnffg_dict['name'],
fc=match,
auth_attr=vim_obj['auth_cred'],
symmetrical=sfc['symmetrical']))
auth_attr=vim_obj['auth_cred']))
sfc_id = self._vim_drivers.invoke(driver_type,
'create_chain',
name=vnffg_dict['name'],
@ -415,8 +414,7 @@ class NfvoPlugin(nfvo_db_plugin.NfvoPluginDb, vnffg_db.VnffgPluginDbMixin,
self._vim_drivers.invoke(driver_type, 'update_flow_classifier',
fc_id=classifier['instance_id'],
fc=classifier['match'],
auth_attr=vim_obj['auth_cred'],
symmetrical=new_vnffg['symmetrical'])
auth_attr=vim_obj['auth_cred'])
classifier_instances.append(classifier['instance_id'])
self._vim_drivers.invoke(driver_type, 'update_chain',
vnfs=sfc['chain'],