244 lines
12 KiB
ReStructuredText
244 lines
12 KiB
ReStructuredText
..
|
|
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
not use this file except in compliance with the License. You may obtain
|
|
a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
License for the specific language governing permissions and limitations
|
|
under the License.
|
|
|
|
=========================================
|
|
VNF Forwarding Graph Advanced Usage Guide
|
|
=========================================
|
|
|
|
This section cover some examples about advanced VNFFG usage guide in Tacker.
|
|
Users should have some basic knowledge about VNFFG [#f1]_, before following
|
|
this document.
|
|
|
|
Two VNFFGs go through one VNF
|
|
=============================
|
|
|
|
This scenario describes an example, where 2 VNFFGs go through one virtual
|
|
network functions (VNFs). The VNFFG1 creates the chain from VNF1 and VNF2, and
|
|
VNFFG2 creates the chain from VNF1. VNF1 belongs to both of VNFFGs.
|
|
|
|
Bellow example is the template of VNFFG1 [#f2]_, in **properties** of
|
|
Forwarding_path1, the **path** shows that VNFFG1 will go through VNF1 and VNF2.
|
|
|
|
.. code-block:: yaml
|
|
|
|
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
|
|
|
|
description: Sample VNFFG template
|
|
|
|
topology_template:
|
|
|
|
node_templates:
|
|
|
|
Forwarding_path1:
|
|
type: tosca.nodes.nfv.FP.TackerV2
|
|
description: creates path (CP12->CP22)
|
|
properties:
|
|
id: 51
|
|
policy:
|
|
type: ACL
|
|
criteria:
|
|
- name: block_tcp
|
|
classifier:
|
|
network_src_port_id: 640dfd77-c92b-45a3-b8fc-22712de480e1
|
|
destination_port_range: 80-1024
|
|
ip_proto: 6
|
|
ip_dst_prefix: 192.168.1.2/24
|
|
path:
|
|
- forwarder: VNFD1
|
|
capability: CP12
|
|
- forwarder: VNFD2
|
|
capability: CP22
|
|
|
|
groups:
|
|
VNFFG1:
|
|
type: tosca.groups.nfv.VNFFG
|
|
description: HTTP to Corporate Net
|
|
properties:
|
|
vendor: tacker
|
|
version: 1.0
|
|
number_of_endpoints: 2
|
|
dependent_virtual_link: [VL12,VL22]
|
|
connection_point: [CP12,CP22]
|
|
constituent_vnfs: [VNFD1,VNFD2]
|
|
members: [Forwarding_path1]
|
|
|
|
Similar to the above example, VNFFG2 template [#f3]_ only create a chain that
|
|
goes through VNF1.
|
|
|
|
.. code-block:: yaml
|
|
|
|
tosca_definitions_version: tosca_simple_profile_for_nfv_1_0_0
|
|
|
|
description: Sample VNFFG template
|
|
|
|
topology_template:
|
|
|
|
node_templates:
|
|
|
|
Forwarding_path1:
|
|
type: tosca.nodes.nfv.FP.TackerV2
|
|
description: creates path (CP12->CP22)
|
|
properties:
|
|
id: 51
|
|
policy:
|
|
type: ACL
|
|
criteria:
|
|
- name: block_tcp
|
|
classifier:
|
|
network_src_port_id: 640dfd77-c92b-45a3-b8fc-22712de480e1
|
|
destination_port_range: 8080-8080
|
|
ip_proto: 6
|
|
ip_dst_prefix: 192.168.1.2/24
|
|
path:
|
|
- forwarder: VNFD1
|
|
capability: CP12
|
|
|
|
groups:
|
|
VNFFG1:
|
|
type: tosca.groups.nfv.VNFFG
|
|
description: HTTP to Corporate Net
|
|
properties:
|
|
vendor: tacker
|
|
version: 1.0
|
|
number_of_endpoints: 1
|
|
dependent_virtual_link: [VL12]
|
|
connection_point: [CP12]
|
|
constituent_vnfs: [VNFD1]
|
|
members: [Forwarding_path1]
|
|
|
|
For testing VNF Forwarding graph feature, we create 2 servers, **http_client**
|
|
and **http_server**. The example uses **net0** to create VNFFG on that network.
|
|
|
|
.. code-block:: console
|
|
|
|
$ net_id=$(openstack network list | grep net0 | awk '{print $2}')
|
|
$ openstack server create --flavor m1.tiny --image cirros-0.4.0-x86_64-disk --nic net-id=$net_id http_client
|
|
$ openstack server create --flavor m1.tiny --image cirros-0.4.0-x86_64-disk --nic net-id=$net_id http_server
|
|
|
|
To get information about neutron ports of **http_client** and **http_server**
|
|
that are used for classifying traffics, user can use openstack commands to
|
|
get these information.
|
|
|
|
.. code-block:: console
|
|
|
|
$ client_ip=$(openstack server list | grep http_client | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
|
|
$ network_source_port_id=$(openstack port list | grep $client_ip | awk '{print $2}')
|
|
$ ip_dst=$(openstack server list | grep http_server | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
|
|
|
|
.. note::
|
|
|
|
Please update parameters in **classifier** such as **network_src_port_id**,
|
|
**destination_port_range**, **ip_proto**, **ip_dst_prefix** to meet your
|
|
environment, which is described in VNFFG usage guide [#f4]_. Classifiers
|
|
must be different to each others.
|
|
|
|
We assume that **http_server** and **http_client** are already created.
|
|
VNF1 and VNF2 templates are shown in [#f5]_ and [#f6]_.
|
|
|
|
Once the OpenStack VIM is ready, firstly we can create VNFs (VNF1 and VNF2)
|
|
from VNFD templates. For easily, we put all VNFD templates and VNFFGD templates
|
|
in [#f7]_.
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd1.yaml VNFD1
|
|
$ openstack vnf create --vnfd-name VNFD1 --vim-name VIM0 VNF1
|
|
$ openstack vnf descriptor create --vnfd-file tosca-vnffg-vnfd2.yaml VNFD2
|
|
$ openstack vnf create --vnfd-name VNFD2 --vim-name VIM0 VNF2
|
|
|
|
To create VNFFG, we should get the **vnf id** for VNF1 and VNF2:
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack vnf list --fit-width
|
|
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
|
|
| ID | Name | Mgmt Url | Status | VIM ID | VNFD ID |
|
|
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
|
|
| 2ea1b577-89c1-478e-bedd- | VNF2 | {"VDU1": "192.168.120.5"} | ACTIVE | 45fecf6f-9080-4e8b-953c- | 69a4d2d4-9329-4807-9c59-09cb8d95 |
|
|
| 76f69951e840 | | | | d9556e6ad2cb | c612 |
|
|
| 45c6c5ee-517e- | VNF1 | {"VDU1": "192.168.120.9"} | ACTIVE | 45fecf6f-9080-4e8b-953c- | f4cb1509-c216-47a1-b76e- |
|
|
| 4fc3-ad41-6e86c38d1a63 | | | | d9556e6ad2cb | e419f8ae6534 |
|
|
+-------------------------------+------+---------------------------+--------+-------------------------------+----------------------------------+
|
|
|
|
Then we can create VNFFG1 that goes through VNF1, VNF2 and VNFFG2 that only
|
|
goes through VNF1. We need to record **vnf id** to provide them in create
|
|
VNFFG commands.
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack vnf graph descriptor create --vnffgd-file tosca-vnffgd-sample.yaml VNFFGD1
|
|
$ openstack vnf graph descriptor create --vnffgd-file tosca-vnffgd-sample-VNF1.yaml VNFFGD2
|
|
$ openstack vnf graph create --vnffgd-name VNFFGD1 --vnf-mapping VNFD1:45c6c5ee-517e-4fc3-ad41-6e86c38d1a63,VNFD2:2ea1b577-89c1-478e-bedd-76f69951e840 VNFFG1
|
|
$ openstack vnf graph create --vnffgd-name VNFFGD2 --vnf-mapping VNFD1:45c6c5ee-517e-4fc3-ad41-6e86c38d1a63 VNFFG2
|
|
|
|
To check the VNFFG works fine, we can use list VNFFG and neutron port chain
|
|
list to see what happens.
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack vnf graph list
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
| ID | Name | VNFFGD ID | Status |
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
| 097dcd5d-b329-44da-9693-8e56ff3612e3 | VNFFG1 | 75f53d50-f79b-446b-b9bd-48e26c3a87d0 | ACTIVE |
|
|
| e33bc531-e124-432a-abf3-bec4f66ec15b | VNFFG2 | ead1a94f-2bf9-41fd-b543-8446cdbaac83 | ACTIVE |
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
|
|
$ openstack sfc port chain list --fit-width
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
| ID | Name | Port Pair Groups | Flow Classifiers | Chain Parameters | Chain ID |
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
| 03ca4afb-8fc9-4337-94a3-98 | VNFFG1-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'46fd7fac-29f9-49cd-8959 | {u'symmetric': False, | 1 |
|
|
| c90c5511a8 | | 9c85-6a6f31cf9906', | -42078d873487'] | u'correlation': u'mpls'} | |
|
|
| | | u'8be115b1-7422-417b- | | | |
|
|
| | | abc0-49b194d432cf'] | | | |
|
|
| 24cbfa45-4033-4f95-aaa0-dd | VNFFG2-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'6c94dd78-9cda-4891-ad71 | {u'symmetric': False, | 2 |
|
|
| 690ee1e9af | | 9c85-6a6f31cf9906'] | -81a46354356e'] | u'correlation': u'mpls'} | |
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
|
|
We can see that, both of port chain will go through port pair group with the id
|
|
**1f71e5b1-b8f2-4f1b-9c85-6a6f31cf9906**, that is created from neutron port of
|
|
VNF1.
|
|
|
|
If user delete VNFFG1, the VNFFG2 is not affected because the port pair group
|
|
**1f71e5b1-b8f2-4f1b-9c85-6a6f31cf9906** is not deleted.
|
|
|
|
.. code-block:: console
|
|
|
|
$ openstack vnf graph delete VNFFG1
|
|
All specified vnffg(s) deleted successfully
|
|
$ openstack vnf graph list
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
| ID | Name | VNFFGD ID | Status |
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
| e33bc531-e124-432a-abf3-bec4f66ec15b | VNFFG2 | ead1a94f-2bf9-41fd-b543-8446cdbaac83 | ACTIVE |
|
|
+--------------------------------------+--------+--------------------------------------+--------+
|
|
$ openstack sfc port chain list --fit-width
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
| ID | Name | Port Pair Groups | Flow Classifiers | Chain Parameters | Chain ID |
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
| 24cbfa45-4033-4f95-aaa0-dd | VNFFG2-port-chain | [u'1f71e5b1-b8f2-4f1b- | [u'6c94dd78-9cda-4891-ad71 | {u'symmetric': False, | 2 |
|
|
| 690ee1e9af | | 9c85-6a6f31cf9906'] | -81a46354356e'] | u'correlation': u'mpls'} | |
|
|
+----------------------------+-------------------+----------------------------+----------------------------+----------------------------+----------+
|
|
|
|
|
|
.. rubric:: Footnotes
|
|
|
|
.. [#f1] https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html
|
|
.. [#f2] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffgd-sample.yaml
|
|
.. [#f3] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffgd-sample-VNF1.yaml
|
|
.. [#f4] https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html
|
|
.. [#f5] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd1.yaml
|
|
.. [#f6] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd/tosca-vnffg-vnfd2.yaml
|
|
.. [#f7] https://github.com/openstack/tacker/blob/master/samples/tosca-templates/vnffgd
|