-**4. VNF Development Requirements**
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2017 AT&T Intellectual Property. All rights reserved.
+
+
+**VNF Development Requirements**
====================================
-a. VNF Design
-==============
+VNF Design
+--------------------
Services are composed of VNFs and common components and are designed to
be agnostic of the location to leverage capacity where it exists in the
* R-64768 The VNF **MUST** limit the size of application data packets to no larger than 9000 bytes for SDN network-based tunneling when guest data packets are transported between tunnel endpoints that support guest logical networks.
* R-74481 The VNF **MUST** NOT require the use of a dynamic routing protocol unless necessary to meet functional requirements.
-b. VNF Resiliency
-=================
+VNF Resiliency
+-------------------------
The VNF is responsible for meeting its resiliency goals and must factor
in expected availability of the targeted virtualization environment.
Below are more detailed resiliency requirements for VNFs.
All Layer Redundancy
---------------------
+^^^^^^^^^^^^^^^^^^
Design the VNF to be resilient to the failures of the underlying
virtualized infrastructure (Network Cloud). VNF design considerations
* R-36843 The VNF **MUST** support the ability of the VNFC to be deployable in multi-zoned cloud sites to allow for site support in the event of cloud zone failure or upgrades.
Minimize Cross Data-Center Traffic
-----------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Avoid performance-sapping data center-to-data center replication delay
by applying techniques such as caching and persistent transaction paths
* R-92935 The VNF **SHOULD** minimize the propagation of state information across multiple data centers to avoid cross data center traffic.
Application Resilient Error Handling
-------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Ensure an application communicating with a downstream peer is equipped
to intelligently handle all error conditions. Make sure code can handle
Application Resilient Error Handling Requirements
-* R-26371 The VNF **MUST** detect connectivity failure for inter VNFC instance and intra/inter VNF and re-establish connectivity automatically to maintain the VNF without manual intervention to provide service continuity.
+* R-26371 The VNF **MUST** detect communication failure for inter VNFC instance and intra/inter VNF and re-establish communication automatically to maintain the VNF without manual intervention to provide service continuity.
* R-18725 The VNF **MUST** handle the restart of a single VNFC instance without requiring all VNFC instances to be restarted.
* R-06668 The VNF **MUST** handle the start or restart of VNFC instances in any order with each VNFC instance establishing or re-establishing required connections or relationships with other VNFC instances and/or VNFs required to perform the VNF function/role without requiring VNFC instance(s) to be started/restarted in a particular order.
-* R-80070 The VNF **MUST** handle errors and exceptions so that they do not interrupt processing of incoming VNF requests to maintain service continuity.
-* R-32695 The VNF **MUST** provide the ability to modify the number of retries, the time between retries and the behavior/action taken after the retries have been exhausted for exception handling to allow the NCSP to control that behavior.
+* R-80070 The VNF **MUST** handle errors and exceptions so that they do not interrupt processing of incoming VNF requests to maintain service continuity (where the error is not directly impacting the software handling the incoming request).
+* R-32695 The VNF **MUST** provide the ability to modify the number of retries, the time between retries and the behavior/action taken after the retries have been exhausted for exception handling to allow the NCSP to control that behavior, where the interface and/or functional specification allows for altering behaviour.
* R-48356 The VNF **MUST** fully exploit exception handling to the extent that resources (e.g., threads and memory) are released when no longer needed regardless of programming language.
* R-67918 The VNF **MUST** handle replication race conditions both locally and geo-located in the event of a data base instance failure to maintain service continuity.
* R-36792 The VNF **MUST** automatically retry/resubmit failed requests made by the software to its downstream system to increase the success rate.
System Resource Optimization
-----------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^
Ensure an application is using appropriate system resources for the task
at hand; for example, do not use network or IO operations inside
* R-22059 The VNF **MUST NOT** execute long running tasks (e.g., IO, database, network operations, service calls) in a critical section of code, so as to minimize blocking of other operations and increase concurrent throughput.
* R-63473 The VNF **MUST** automatically advertise newly scaled components so there is no manual intervention required.
* R-74712 The VNF **MUST** utilize FQDNs (and not IP address) for both Service Chaining and scaling.
-* R-41159 The VNF **MUST** deliver any and all functionality from any VNFC in the pool. The VNFC pool member should be transparent to the client. Upstream and downstream clients should only recognize the function being performed, not the member performing it.
+* R-41159 The VNF **MUST** deliver any and all functionality from any VNFC in the pool (where pooling is the most suitable solution). The VNFC pool member should be transparent to the client. Upstream and downstream clients should only recognize the function being performed, not the member performing it.
* R-85959 The VNF **SHOULD** automatically enable/disable added/removed sub-components or component so there is no manual intervention required.
* R-06885 The VNF **SHOULD** support the ability to scale down a VNFC pool without jeopardizing active sessions. Ideally, an active session should not be tied to any particular VNFC instance.
* R-12538 The VNF **SHOULD** support load balancing and discovery mechanisms in resource pools containing VNFC instances.
Application Configuration Management
-------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Leverage configuration management audit capability to drive conformity
to develop gold configurations for technologies like Java, Python, etc.
Intelligent Transaction Distribution & Management
--------------------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Leverage Intelligent Load Balancing and redundant components (hardware
and modules) for all transactions, such that at any point in the
* R-27995 The VNF **SHOULD** include control loop mechanisms to notify the consumer of the VNF of their exceeding SLA thresholds so the consumer is able to control its load against the VNF.
Deployment Optimization
------------------------
+^^^^^^^^^^^^^^^^^^^^^^
Reduce opportunity for failure, by human or by machine, through smarter
deployment practices and automation. This can include rolling code
* R-16039 The VNF **SHOULD** test for adherence to the defined resiliency rating recommendation at each layer, during each delivery cycle so that the resiliency rating is measured and feedback is provided where software resiliency requirements are not met.
Monitoring & Dashboard
-----------------------
+^^^^^^^^^^^^^^^^^^^^^
Promote dashboarding as a tool to monitor and support the general
operational health of a system. It is critical to the support of the
* R-48917 The VNF **MUST** monitor for and alert on (both sender and receiver) errant, running longer than expected and missing file transfers, so as to minimize the impact due to file transfer errors.
* R-28168 The VNF **SHOULD** use an appropriately configured logging level that can be changed dynamically, so as to not cause performance degradation of the VNF due to excessive logging.
* R-87352 The VNF **SHOULD** utilize Cloud health checks, when available from the Network Cloud, from inside the application through APIs to check the network connectivity, dropped packets rate, injection, and auto failover to alternate sites if needed.
-* R-16560 The VNF **MUST** conduct a resiliency impact assessment for all inter/intra-connectivity points in the VNF to provide an overall resiliency rating for the VNF to be incorporated into the software design and development of the VNF.
+* R-16560 The VNF **SHOULD** conduct a resiliency impact assessment for all inter/intra-connectivity points in the VNF to provide an overall resiliency rating for the VNF to be incorporated into the software design and development of the VNF.
-c. VNF Security
-===============
+VNF Security
+----------------------
The objective of this section is to provide the key security
requirements that need to be met by VNFs. The security requirements are
requirements associated with data protection.
VNF General Security Requirements
----------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This section provides details on the VNF general security requirements
on various security areas such as user access control, network security,
* R-23135 The VNF **MUST**, if not using the NCSP’s IDAM API, authenticate system to system communications where one system accesses the resources of another system, and must never conceal individual accountability.
VNF Identity and Access Management Requirements
------------------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The following security requirements for logging, identity, and access
management need to be met by the solution in a virtual environment:
VNF API Security Requirements
------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
This section covers API security requirements when these are used by the
VNFs. Key security areas covered in API security are Access Control,
VNF Security Analytics Requirements
------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This section covers VNF security analytics requirements that are mostly
applicable to security monitoring. The VNF Security Analytics cover the
* R-84160 The VNF **MUST** have security logging for VNFs and their OSs be active from initialization. Audit logging includes automatic routines to maintain activity records and cleanup programs to ensure the integrity of the audit/logging systems.
VNF Data Protection Requirements
---------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This section covers VNF data protection requirements that are mostly
applicable to security monitoring.
* R-39604 The VNF **MUST** provide the capability of testing the validity of a digital certificate by checking the Certificate Revocation List (CRL) for the certificates of that type to ensure that the certificate has not been revoked.
* R-75343 The VNF **MUST** provide the capability of testing the validity of a digital certificate by recognizing the identity represented by the certificate — the "distinguished name".
-d. VNF Modularity
-=================
+VNF Modularity
+---------------------------
ONAP Heat Orchestration Templates: Overview
--------------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ONAP supports a modular Heat Orchestration Template design pattern,
referred to as *VNF Modularity.*
ONAP VNF Modularity Overview
-----------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
With VNF Modularity, a single VNF may be composed from one or more Heat
Orchestration Templates, each of which represents a subset of the
ONAP VNF Modularity
--------------------
+^^^^^^^^^^^^^^^^^^^
ONAP supports a modular Heat Orchestration Template design pattern,
referred to as *VNF Modularity.* With this approach, a single VNF may be
template.
Suggested Patterns for Modular VNFs
------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
There are numerous variations of VNF modularity. Below are two suggested
usage patterns.
options.
Modularity Rules
-----------------
+^^^^^^^^^^^^^^
There are some rules to follow when building modular VNF templates:
name in the add-on module
VNF Modularity Examples
------------------------
+^^^^^^^^^^^^^^^^^^^^^^
*Example: Base Module creates SecurityGroup*
network_id: { get_param: int_oam_net_id }
...
-e. VNF Devops
-=============
+VNF Devops
+---------------------
This section includes guidelines for VNF providers to ensure that a Network
Cloud Service Provider’s operations personnel have a common and
* R-06327 The VNF **MUST** respond to a "drain VNFC" [2]_ command against a specific VNFC, preventing new session from reaching the targeted VNFC, with no disruption to active sessions on the impacted VNFC, if a VNF provides a load balancing function across multiple instances of its VNFCs. This is used to support scenarios such as proactive maintenance with no user impact.
* R-64713 The VNF **SHOULD** support a software promotion methodology from dev/test -> pre-prod -> production in software, development & testing and operations.
-f. VNF Develop Steps
-=======================
+VNF Develop Steps
+--------------------------------
Aid to help the VNF provider to fasten the integration with the GVNFM, the
ONAP provides the VNF SDK tools, and the documents. In this charter,
Code Review / vnfrqts / requirements.git / blobdiff