openstack/tacker
Code Issues Proposed changes
840d754822
tacker/doc/source/user/vnffg_usage_guide_advanced.rst
Nguyen Hai f16ac7c79f Update cirros to 0.4.0 
Change-Id: Ie4ff403f803a16ca53c91c7d10d71ec80fbe1a9b
2018-07-25 01:42:48 +00:00

244 lines
12 KiB
ReStructuredText
Raw Blame History

..
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
=========================================
VNF Forwarding Graph Advanced Usage Guide
=========================================
This section cover some examples about advanced VNFFG usage guide in Tacker.
Users should have some basic knowledge about VNFFG [#f1]_, before following
this document.
Two VNFFGs go through one VNF
=============================
This scenario describes an example, where 2 VNFFGs go through one virtual
network functions (VNFs). The VNFFG1 creates the chain from VNF1 and VNF2, and
VNFFG2 creates the chain from VNF1. VNF1 belongs to both of VNFFGs.
Bellow example is the template of VNFFG1 [#f2]_, in **properties** of
Forwarding_path1, the **path** shows that VNFFG1 will go through VNF1 and VNF2.
.. code-block:: yaml
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Sample VNFFG template
topology_template:
node_templates:
Forwarding_path1:
type: tosca.nodes.nfv.FP.TackerV2
description: creates path (CP12->CP22)
properties:
id: 51
policy:
type: ACL
criteria:
- name: block_tcp
classifier:
network_src_port_id: 640dfd77-c92b-45a3-b8fc-22712de480e1
destination_port_range: 80-1024
ip_proto: 6
ip_dst_prefix: 192.168.1.2/24
path:
- forwarder: VNFD1
capability: CP12
- forwarder: VNFD2
capability: CP22
groups:
VNFFG1:
type: tosca.groups.nfv.VNFFG
description: HTTP to Corporate Net
properties:
vendor: tacker
version: 1.0
number_of_endpoints: 2
dependent_virtual_link: [VL12,VL22]
connection_point: [CP12,CP22]
constituent_vnfs: [VNFD1,VNFD2]
members: [Forwarding_path1]
Similar to the above example, VNFFG2 template [#f3]_ only create a chain that
goes through VNF1.
.. code-block:: yaml
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
description: Sample VNFFG template
topology_template:
node_templates:
Forwarding_path1:
type: tosca.nodes.nfv.FP.TackerV2
description: creates path (CP12->CP22)
properties:
id: 51
policy:
type: ACL
criteria:
- name: block_tcp
classifier:
network_src_port_id: 640dfd77-c92b-45a3-b8fc-22712de480e1
destination_port_range: 8080-8080
ip_proto: 6
ip_dst_prefix: 192.168.1.2/24
path:
- forwarder: VNFD1
capability: CP12
groups:
VNFFG1:
type: tosca.groups.nfv.VNFFG
description: HTTP to Corporate Net
properties:
vendor: tacker
version: 1.0
number_of_endpoints: 1
dependent_virtual_link: [VL12]
connection_point: [CP12]
constituent_vnfs: [VNFD1]
members: [Forwarding_path1]
For testing VNF Forwarding graph feature, we create 2 servers, **http_client**
and **http_server**. The example uses **net0** to create VNFFG on that network.
.. code-block:: console
$ net_id=$(openstack network list | grep net0 | awk '{print $2}')
$ openstack server create --flavor m1.tiny --image cirros-0.4.0-x86_64-disk --nic net-id=$net_id http_client
$ openstack server create --flavor m1.tiny --image cirros-0.4.0-x86_64-disk --nic net-id=$net_id http_server
To get information about neutron ports of **http_client** and **http_server**
that are used for classifying traffics, user can use openstack commands to
get these information.
.. code-block:: console
$ client_ip=$(openstack server list | grep http_client | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
$ network_source_port_id=$(openstack port list | grep $client_ip | awk '{print $2}')
$ ip_dst=$(openstack server list | grep http_server | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
.. note::
Please update parameters in **classifier** such as **network_src_port_id**,
**destination_port_range**, **ip_proto**, **ip_dst_prefix** to meet your
environment, which is described in VNFFG usage guide [#f4]_. Classifiers
must be different to each others.
We assume that **http_server** and **http_client** are already created.
VNF1 and VNF2 templates are shown in [#f5]_ and [#f6]_.
Once the OpenStack VIM is ready, firstly we can create VNFs (VNF1 and VNF2)
from VNFD templates. For easily, we put all VNFD templates and VNFFGD templates
in [#f7]_.
.. code-block:: console
$ openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd1.yaml VNFD1
$ openstack vnf create --vnfd-name VNFD1 --vim-name VIM0 VNF1
$ openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd2.yaml VNFD2
$ openstack vnf create --vnfd-name VNFD2 --vim-name VIM0 VNF2
To create VNFFG, we should get the **vnf id** for VNF1 and VNF2:
.. code-block:: console
$ openstack vnf list --fit-width
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
| ID | Name | Mgmt Url | Status | VIM ID | VNFD ID |
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
| 2ea1b577-89c1-478e-bedd- | VNF2 | {"VDU1": "192.168.120.5"} | ACTIVE | 45fecf6f-9080-4e8b-953c- | 69a4d2d4-9329-4807-9c59-09cb8d95 |
| 76f69951e840 | | | | d9556e6ad2cb | c612 |
| 45c6c5ee-517e- | VNF1 | {"VDU1": "192.168.120.9"} | ACTIVE | 45fecf6f-9080-4e8b-953c- | f4cb1509-c216-47a1-b76e- |
| 4fc3-ad41-6e86c38d1a63 | | | | d9556e6ad2cb | e419f8ae6534 |
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
Then we can create VNFFG1 that goes through VNF1, VNF2 and VNFFG2 that only
goes through VNF1. We need to record **vnf id** to provide them in create
VNFFG commands.
.. code-block:: console
$ openstack vnf graph descriptor create --vnffgd-file tosca-vnffgd-sample.yaml VNFFGD1
$ openstack vnf graph descriptor create --vnffgd-file tosca-vnffgd-sample-VNF1.yaml VNFFGD2
$ openstack vnf graph create --vnffgd-name VNFFGD1 --vnf-mapping VNFD1:45c6c5ee-517e-4fc3-ad41-6e86c38d1a63,VNFD2:2ea1b577-89c1-478e-bedd-76f69951e840 VNFFG1
$ openstack vnf graph create --vnffgd-name VNFFGD2 --vnf-mapping VNFD1:45c6c5ee-517e-4fc3-ad41-6e86c38d1a63 VNFFG2
To check the VNFFG works fine, we can use list VNFFG and neutron port chain
list to see what happens.
.. code-block:: console
$ openstack vnf graph list
+--------------------------------------+--------+--------------------------------------+--------+
| ID | Name | VNFFGD ID | Status |
+--------------------------------------+--------+--------------------------------------+--------+
| 097dcd5d-b329-44da-9693-8e56ff3612e3 | VNFFG1 | 75f53d50-f79b-446b-b9bd-48e26c3a87d0 | ACTIVE |
| e33bc531-e124-432a-abf3-bec4f66ec15b | VNFFG2 | ead1a94f-2bf9-41fd-b543-8446cdbaac83 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
$ openstack sfc port chain list --fit-width
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
| ID | Name | Port Pair Groups | Flow Classifiers | Chain Parameters | Chain ID |
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
| 03ca4afb-8fc9-4337-94a3-98 | VNFFG1-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'46fd7fac-29f9-49cd-8959 | {u'symmetric': False, | 1 |
| c90c5511a8 | | 9c85-6a6f31cf9906', | -42078d873487'] | u'correlation': u'mpls'} | |
| | | u'8be115b1-7422-417b- | | | |
| | | abc0-49b194d432cf'] | | | |
| 24cbfa45-4033-4f95-aaa0-dd | VNFFG2-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'6c94dd78-9cda-4891-ad71 | {u'symmetric': False, | 2 |
| 690ee1e9af | | 9c85-6a6f31cf9906'] | -81a46354356e'] | u'correlation': u'mpls'} | |
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
We can see that, both of port chain will go through port pair group with the id
**1f71e5b1-b8f2-4f1b-9c85-6a6f31cf9906**, that is created from neutron port of
VNF1.
If user delete VNFFG1, the VNFFG2 is not affected because the port pair group
**1f71e5b1-b8f2-4f1b-9c85-6a6f31cf9906** is not deleted.
.. code-block:: console
$ openstack vnf graph delete VNFFG1
All specified vnffg(s) deleted successfully
$ openstack vnf graph list
+--------------------------------------+--------+--------------------------------------+--------+
| ID | Name | VNFFGD ID | Status |
+--------------------------------------+--------+--------------------------------------+--------+
| e33bc531-e124-432a-abf3-bec4f66ec15b | VNFFG2 | ead1a94f-2bf9-41fd-b543-8446cdbaac83 | ACTIVE |
+--------------------------------------+--------+--------------------------------------+--------+
$ openstack sfc port chain list --fit-width
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
| ID | Name | Port Pair Groups | Flow Classifiers | Chain Parameters | Chain ID |
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
| 24cbfa45-4033-4f95-aaa0-dd | VNFFG2-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'6c94dd78-9cda-4891-ad71 | {u'symmetric': False, | 2 |
| 690ee1e9af | | 9c85-6a6f31cf9906'] | -81a46354356e'] | u'correlation': u'mpls'} | |
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
.. rubric:: Footnotes
.. [#f1] https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html
.. [#f2] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffgd-sample.yaml
.. [#f3] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffgd-sample-VNF1.yaml
.. [#f4] https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html
.. [#f5] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd1.yaml
.. [#f6] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd2.yaml
.. [#f7] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd
View Git Blame Copy Permalink