| Gary Wu | e4a2df8 | 2018-11-29 12:49:09 -0800 | [diff] [blame] | 1 | .. _docs_vfw: |
| 2 | |
| Marco Platania | e5064cd | 2018-11-28 15:33:47 -0500 | [diff] [blame] | 3 | vFirewall Use Case |
| 4 | ------------------ |
| 5 | |
| 6 | Source files |
| 7 | ~~~~~~~~~~~~ |
| 8 | |
| 9 | - vFirewall/vSink template file: https://git.onap.org/demo/plain/heat/vFWCL/vFWSNK/base_vfw.yaml |
| 10 | - vFirewall/vSink environment file: https://git.onap.org/demo/plain/heat/vFWCL/vFWSNK/base_vfw.env |
| 11 | |
| 12 | - vPacketGenerator template file: https://git.onap.org/demo/plain/heat/vFWCL/vPKG/base_vpkg.yaml |
| 13 | - vPacketGenerator environment file: https://git.onap.org/demo/plain/heat/vFWCL/vPKG/base_vpkg.env |
| 14 | |
| stark, steven | 6a507a4 | 2019-04-24 12:04:41 -0700 | [diff] [blame] | 15 | VVP Report |
| 16 | ~~~~~~~~~~ |
| 17 | |
| 18 | :download:`vFWCL/vPKG report <files/vFWCL_vPKG_report.json>` |
| 19 | |
| 20 | :download:`vFWCL/vFWSNK report <files/vFWCL_vFWSNK_report.json>` |
| Marco Platania | e5064cd | 2018-11-28 15:33:47 -0500 | [diff] [blame] | 21 | |
| 22 | Description |
| 23 | ~~~~~~~~~~~ |
| 24 | |
| 25 | The use case is composed of three virtual functions (VFs): packet generator, firewall, and traffic sink. |
| 26 | These VFs run in three separate VMs. The packet generator sends packets to the packet sink through the firewall. |
| 27 | The firewall reports the volume of traffic passing though to the ONAP DCAE collector. To check the traffic volume |
| 28 | that lands at the sink VM, you can access the link http://sink_ip_address:667 through your browser and enable |
| 29 | automatic page refresh by clicking the "Off" button. You can see the traffic volume in the charts. |
| 30 | |
| 31 | The packet generator includes a script that periodically generates different volumes of traffic. The closed-loop |
| 32 | policy has been configured to re-adjust the traffic volume when high-water or low-water marks are crossed. |
| 33 | |
| 34 | |
| 35 | Closed-Loop for vFirewall Use Case |
| 36 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 37 | |
| 38 | Through the ONAP Portal's Policy Portal, we can find the configuration and operation policies that are currently |
| 39 | enabled for the vFirewall use case: |
| 40 | |
| 41 | - The configuration policy sets the thresholds for generating an onset event from DCAE to the Policy engine. Currently, the high-water mark is set to 700 packets while the low-water mark is set to 300 packets. The measurement interval is set to 10 seconds. |
| 42 | - When a threshold is crossed (i.e. the number of received packets is below 300 packets or above 700 packets per 10 seconds), the Policy engine executes the operational policy to request APPC to adjust the traffic volume to 500 packets per 10 seconds. |
| 43 | - APPC sends a request to the packet generator to adjust the traffic volume. |
| 44 | - Changes to the traffic volume can be observed through the link http://sink_ip_address:667. |
| 45 | |
| 46 | |
| 47 | Adjust packet generator |
| 48 | ~~~~~~~~~~~~~~~~~~~~~~~ |
| 49 | |
| 50 | The packet generator contains 10 streams: fw_udp1, fw_udp2, fw_udp3, ..., fw_udp10. Each stream generates 100 packets |
| 51 | per 10 seconds. A script in /opt/run_traffic_fw_demo.sh on the packet generator VM starts automatically and alternates high |
| 52 | traffic (i.e. 10 active streams at the same time) and low traffic (1 active stream) every 5 minutes. |
| 53 | |
| 54 | To enable a stream, include |
| 55 | |
| 56 | :: |
| 57 | |
| 58 | {"id":"fw_udp1", "is-enabled":"true"} in the pg-stream bracket |
| 59 | |
| 60 | To adjust the traffic volume produced by the packet generator, run the following command in a shell, replacing PacketGen_IP in |
| 61 | the HTTP argument with localhost (if you run it in the packet generator VM) or the packet generator IP address: |
| 62 | |
| 63 | :: |
| 64 | |
| 65 | curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' "http://PacketGen_IP:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" |
| 66 | |
| 67 | The command above enables 5 streams. |
| 68 | |
| 69 | |
| 70 | Running the Use Case |
| 71 | ~~~~~~~~~~~~~~~~~~~~ |
| 72 | Users can run the use case using the automated Robot Framework or manually. For using the Robot Framework in an ONAP instance installed with OOM, users have to connect to the Rancher VM and run the following command: |
| 73 | |
| 74 | :: |
| 75 | |
| 76 | bash oom/kubernetes/robot/demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address> |
| 77 | |
| 78 | The script sets the packet generator to high and low rates, and checks whether the policy kicks in to modulate the rates back to medium. |
| 79 | |
| 80 | For documentation about running the use case manually for previous releases, please look at the videos and the material available at this `wiki page`__. |
| 81 | |
| 82 | __ https://wiki.onap.org/display/DW/Running+the+ONAP+Demos |
| 83 | |
| 84 | Although videos are still valid, users are encouraged to use the Heat templates linked at the top of this page rather than the old Heat templates in that wiki page. |
| 85 | |
| 86 | Known issues and resolution |
| 87 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 88 | The packet generator may become unresponsive to external inputs like changing the number of active streams. To solve the problem, reboot the packet generator VM. |