Hello all, I would really appreciate if anyone can guide me through running the
vFWCL use-case end to end in ONAP Casablanca. I have an ONAP deployment on
Kubernetes using OOM, the branch used is Casablanca (with some modifications)
for all components, however for policy the dublin branch is deployed. Here are
my policy pods: ******************************************************
adilkamm01-mac:robot adilkamm$ kubectl -n fireants get pods | grep policy
dep-policy-handler-5bd9c8bf4f-rcgmn 2/2 Running 0 6d
fireants-onap-policy-brmsgw-86bbc7f9b4-d4p54 1/1 Running 0 104m
fireants-onap-policy-drools-0 1/1 Running 0 104m
fireants-onap-policy-nexus-5759454bff-fj7db 1/1 Running 0 104m
fireants-onap-policy-pap-7b67556bc9-gq7vw 2/2 Running 0 104m
fireants-onap-policy-pdp-0 2/2 Running 0 104m
fireants-onap-policy-policy-apex-pdp-0 1/1 Running 0 104m
fireants-onap-policy-policy-api-6b46787f74-k5wt8 1/1 Running 0 104m
fireants-onap-policy-policy-distribution-5c47dcdf8d-57bqh 1/1 Running 0 104m
fireants-onap-policy-policy-pap-5cccd97c49-cdpvt 1/1 Running 0 104m
fireants-onap-policy-policy-xacml-pdp-595c7f8f79-zrzcf 1/1 Running 0 104m
fireants-onap-policy-policydb-785998588c-2tg9t 1/1 Running 0 104m
******************************************************
I was able to instantiate the vFW vNFs using robot. I can see that the vPG is
oscillating b/w sending 1 and 10 streams to the vSINC.
I can also see that the vPG is posting messages on the
unauthenticated.VES_MEASUREMENT_OUTPUT topic as following:
****************************************************** [
"{\"event\":{\"commonEventHeader\":{\"startEpochMicrosec\":1563999354259213,\"eventId\":\"TrafficStats_1.2.3.4\",\"nfcNamingCode\":\"vVNF\",\"reportingEntityId\":\"No
UUID available\",\"internalHeaderFields\":{\"collectorTimeStamp\":\"Wed, 07 24
2019 08:16:02 UTC\"},\"eventType\":\"HTTP request
rate\",\"priority\":\"Normal\",\"version\":3,\"reportingEntityName\":\"fwll\",\"sequence\":0,\"domain\":\"measurementsForVfScaling\",\"lastEpochMicrosec\":1563999364486207,\"eventName\":\"vFirewallBroadcastPackets\",\"sourceName\":\"Ete_vFWSNK_9a447479-e252-4f19-906b-5af9d5f5e541\",\"nfNamingCode\":\"vVNF\"},\"measurementsForVfScalingFields\":{\"cpuUsageArray\":[{\"percentUsage\":0,\"cpuIdentifier\":\"cpu1\",\"cpuIdle\":66.7,\"cpuUsageSystem\":33.3,\"cpuUsageUser\":0}],\"measurementInterval\":10,\"requestRate\":1249,\"measurementsForVfScalingVersion\":2,\"vNicPerformanceArray\":[{\"transmittedOctetsDelta\":0,\"receivedTotalPacketsDelta\":1021,\"vNicIdentifier\":\"eth0\",\"valuesAreSuspect\":\"true\",\"transmittedTotalPacketsDelta\":0,\"receivedOctetsDelta\":43860}]}}}"
] ****************************************************** I can also see that
the TCA after reading the above messages is also raising ONSET alarms on the
unauthenticated.DCAE_CL_OUTPUT topic as following:
****************************************************** [
"{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"v0.0.1\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VNF\",\"AAI\":{\"generic-vnf.vnf-name\":\"Ete_vFWSNK_9a447479-e252-4f19-906b-5af9d5f5e541\"},\"closedLoopAlarmStart\":1563999425840384,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"target\":\"generic-vnf.vnf-name\",\"requestID\":\"eacaa159-a6bc-4d25-a183-48cb491dfbfd\",\"from\":\"DCAE\"}",
"{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"v0.0.1\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VNF\",\"AAI\":{\"generic-vnf.vnf-name\":\"Ete_vFWSNK_9a447479-e252-4f19-906b-5af9d5f5e541\"},\"closedLoopAlarmStart\":1563999436067808,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"target\":\"generic-vnf.vnf-name\",\"requestID\":\"fd1fdf2f-737b-4812-9302-d2b13a9fb4bb\",\"from\":\"DCAE\"}",
"{\"closedLoopEventClient\":\"DCAE_INSTANCE_ID.dcae-tca\",\"policyVersion\":\"v0.0.1\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyScope\":\"DCAE\",\"target_type\":\"VNF\",\"AAI\":{\"generic-vnf.vnf-name\":\"Ete_vFWSNK_9a447479-e252-4f19-906b-5af9d5f5e541\"},\"closedLoopAlarmStart\":1563999446299170,\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"target\":\"generic-vnf.vnf-name\",\"requestID\":\"cd5f9937-9020-4718-a8e0-c7f6063dc411\",\"from\":\"DCAE\"}"
] ****************************************************** To make sure this
part of the flow was working correctly I did reduce the number of streams to 5
manually and noticed that these ONSET messages stopped showing up.
I have also run the /tmp/policy-install/config/push-policies.sh script on the
PAP pod.
Before running the script I did change the resource version in the
com.BRMSParamvFirewall policy to match the model invariant id of my vPG vNF by
using the following:
sed -i
"s/Eace933104d443b496b8.nodes.heat.vpg/d5301ada-ecbf-4f6d-a1d0-74212b6eef04/g"
/tmp/policy-install/config/push-policies.sh
I have also manually mounted the vPG onto APPC using the VNF ID as following:
/restconf/config/network-topology:network-topology/topology/topology-netconf/node/d6682064-a3b6-4f43-a2d6-d44d105f4ff9
However, when attempting to run the demo.sh <namespace> vfwclosedloop
<pgn-ip-address> the policy does not kick in to bring the number of streams to
5.
Can someone point out what am I missing or doing wrong please, thank you.
Best,
Adil
Bell/Amdocs
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18309): https://lists.onap.org/g/onap-discuss/message/18309
Mute This Topic: https://lists.onap.org/mt/32606839/21656
Mute #policy: https://lists.onap.org/mk?hashtag=policy&subid=2740164
Mute #appc: https://lists.onap.org/mk?hashtag=appc&subid=2740164
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
