HI Srini, Scenario 1: design your basic service with enough virtual port(standby) to support the DLP function if/when the customer requests it. If the customer does request the DLP feature you can then orchestrate the DLP VNF and attach it to the standby Virtual networks (disadvantage: Not a good way to optimize the usage f you virtual resources) Scenario 2: would be to orchestrate the service as an advanced service with the DLP function deactivated (no routes configured from the security appliance VNF to the DLP VNF). when the customer requests the advanced feature you can modify the routes in the security VNF through the SDN controller (Disadvantage: wasting more resources but could be seamless from the customer perspective)
Just to make sure were on the same page: IPS= Intrusion Prevention System(VNF), DLP= Data Loss Prevention(VNF) Regards, Chaker From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On Behalf Of Srini Sent: Friday, November 09, 2018 11:16 AM To: onap-discuss@lists.onap.org Subject: [onap-discuss] Help on realizing dynamic services/VNFs using ONAP Scenario: - Customer of operator signs up for a basic function that requires o Creation of set of virtual networks. o Instantiation of security (firewall + IPS) with appropriate routes o Instantiation of SDWAN (could be set of workloads) with appropriate routes. - Customer after few days, also requests a DLP function, which requires o Creation of additional virtual networks o Instantiation of DLP workload o Modifying the routes in security and SDWAN workloads such that outbound traffic goes via security-to-DLP-to-SDWAN-Internet. How can this be realized in ONAP? One method is : - Onboarding: o On board Security VNF, SDWAN VNF and DLP VNF o Create two NSes : Basic and Advanced. ? Basic to have two VNFs (security VNF and SDWAN VNF and associated virtual networks). ? Advanced to have three VNFs (Security VNF, SDWNA VNF and DLP VNF) - Instantiation with Basic (when customer first signs up) - When customer requests additional function - DLP, then o Bring down existing service o Instantiate advanced service. Few challenges with above approach : - Disruption in the service as existing VNFs are being brought down. - Losing the configuration of existing VNFs. What are the best practices in mitigating above challenges? And how do NSes are expected to be defined? Does change management functionality help in this scenario? Appreciate your time and thoughts. Thanks Srini -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13669): https://lists.onap.org/g/onap-discuss/message/13669 Mute This Topic: https://lists.onap.org/mt/28050101/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-