I have been able to successfully run the vFWCL closed loop policy test via
robot a number of times.
Now, I am trying to connect the dots to figure out how it works.
I see the vFW sending out VES events. The identifying info I see in the event
message are these:
"eventName": "vFirewallBroadcastPackets",
"reportingEntityName": "ete-vfwclvfwsnk-55bad04b-0",
"sourceName": "Ete_vFWCLvFWSNK_55bad04b_0",
I see a policy that looks like (I updated the closedLoopControlName in Consul
to match my service):
{
"eventName": "vFirewallBroadcastPackets",
"controlLoopSchemaType": "VM",
"policyScope": "DCAE",
"policyName": "DCAE.Config_tca-hi-lo",
"policyVersion": "v0.0.1",
"thresholds": [
{
"closedLoopControlName":
"ControlLoop-vFirewall-cd1780bc-a451-478d-a052-89b2e79a02d3",
"version": "1.0.2",
"fieldPath":
"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta",
"thresholdValue": 300,
"direction": "LESS_OR_EQUAL",
"severity": "MAJOR",
"closedLoopEventStatus": "ONSET"
},
{
"closedLoopControlName":
"ControlLoop-vFirewall-cd1780bc-a451-478d-a052-89b2e79a02d3",
"version": "1.0.2",
"fieldPath":
"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta",
"thresholdValue": 700,
"direction": "GREATER_OR_EQUAL",
"severity": "CRITICAL",
"closedLoopEventStatus": "ONSET"
}
]
},
If I query DCAE as follows, I see events as follows:
curl -X GET
http://10.12.5.110:30227/events/unauthenticated.DCAE_CL_OUTPUT/group1/C1 -H
'Accept: application/json' -H 'Content-Type: application/c
ambria'
{
"closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca",
"policyVersion": "v0.0.1",
"policyName": "DCAE.Config_tca-hi-lo",
"policyScope": "DCAE",
"target_type": "VM",
"AAI": {
"vserver.prov-status": "ACTIVE",
"vserver.resource-version": "1564514347926",
"vserver.is-closed-loop-disabled": false,
"vserver.vserver-name2": "Ete_vFWCLvFWSNK_55bad04b_0",
"vserver.vserver-id": "f1245f7f-ff31-482b-babe-69f0bbe8d63a", <-- Id in
Openstack of the VM
"vserver.vserver-selflink":
"http://10.12.25.2:8774/v2.1/6bbd2981b210461dbc8fe846df1a7808/servers/f1245f7f-ff31-482b-babe-69f0bbe8d63a";,
"vserver.in-maint": false,
"vserver.vserver-name": "Ete_vFWCLvFWSNK_55bad04b_0"
},
"closedLoopAlarmStart": 1564594293276883,
"closedLoopEventStatus": "ONSET",
"closedLoopControlName":
"ControlLoop-vFirewall-cd1780bc-a451-478d-a052-89b2e79a02d3",
"version": "1.0.2",
"target": "vserver.vserver-name",
"requestID": "19883bd6-5558-4e51-b0f2-1ad24edb786e",
"from": "DCAE"
}
Some questions:
1. when an event from 'Ete_vFWCLvFWSNK_55bad04b_0' with event name of
'vFirewallBroadcastPackets' is received, something is able to look up the
vserver by name in AAI and associate the event with the policy which has a
control loop name based on the invariant model id of the VNF (e.g.
ControlLoop-vFirewall-cd1780bc-a451-478d-a052-89b2e79a02d3) - is that basically
right - or is there another step(s)?
2. What if I have another Service (based on a different vFW model) that I
also want to do the same kind of closed loop policy for:
a. Do I add another similar policy with the correct closedLoopControlName
for that service?
b. Or, do I just add entries for the correct closedLoopControlName in the
threasholds list of the existing policy (like the one above)?
c. And how do I do it - via pushing to policy - or editing the
'dcae-tca-analytics' key/value in consul? (like I did to get the vfwcl via
robot test to work)
3. Once the policy is triggered, I suppose APPC is somehow invoked to
cause the vPKTGEN to be configured to 5 streams.
a. I don't see where that configuration of '5' streams is specified in the
policy - is that done somewhere else?
b. I see the appc netconf mount for the vPKTGEN - e.g.
<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">
<node-id>d0dda659-d2be-4f9e-9aaa-19fbe585b4ce</node-id>
<reconnect-on-changed-schema
xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>
<password xmlns="urn:opendaylight:netconf-node-topology">admin</password>
<username xmlns="urn:opendaylight:netconf-node-topology">admin</username>
<sleep-factor
xmlns="urn:opendaylight:netconf-node-topology">1.5</sleep-factor>
<port xmlns="urn:opendaylight:netconf-node-topology">2831</port>
<tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>
<connection-timeout-millis
xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>
<max-connection-attempts
xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>
<host xmlns="urn:opendaylight:netconf-node-topology">10.12.6.219</host>
<between-attempts-timeout-millis
xmlns="urn:opendaylight:netconf-node-topology">2000</between-attempts-timeout-millis>
<keepalive-delay
xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>
</node>
But, I don't see where it is configured (or how appc? knows) to talk to
http://{{VPKTGEN_IP}}:8183/restconf/config/stream-count:stream-count/<http://%7b%7bVPKTGEN_IP%7d%7d:8183/restconf/config/stream-count:stream-count/>
to configure the stream count of the vPKTGEN.
Any answer, pointers on docs, other queries to look at, etc. are greatly
appreciated.
Thanks,
Eric
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18369): https://lists.onap.org/g/onap-discuss/message/18369
Mute This Topic: https://lists.onap.org/mt/32673950/21656
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
