Kaspersky SD-WAN Help

Managing VNF and PNF packages

Managing VNF and PNF packages

A VNF or PNF package is a ZIP archive in which you must place the following components to deploy a network function and manage its lifecycle:

The VNF/PNF descriptor, a file with parameters of the network function.
The /image directory, which contains virtual machine images in the QCOW format for deploying the virtual network function. This directory is not included in the PNF package.
The /scripts directory, which contains scripts for deploying and managing the network function.
logo.png, the icon of the network function. This component is optional.
description-file.pdf, technical documentation or specification of the network function. This component is optional.

You must upload the VNF or PNF package to the orchestrator web interface to add a virtual or physical network function to the topology when managing a network service template or network service.

In this section

Configuring the VNF descriptor

Configuring the PNF descriptor

Protection of VNF and PNF packages against spoofing and modification

Uploading a VNF or PNF package to the orchestrator web interface

Page top

Configuring the VNF descriptor

Expand all | Collapse all

Specify the settings of the virtual network function in a VNF descriptor in YAML or XML format, then add the VNF descriptor to the root directory of the VNF package. A VNF descriptor has the following structure:

Section/setting	Description
`name`	Name of the virtual network function.
`description`	Brief description of the virtual network function.
`description_file`	Name of the PDF file with the technical documentation or specification of the virtual network function. This file must be placed in the root directory of the VNF package. Users can view and download the file in the orchestrator web interface. Optional parameter.
`provider`	Provider of the virtual network function.
`version`	Version of the virtual network function.
`external_connections`	External connection points of the virtual network function. You can configure the specified external connection points of the virtual network function in the orchestrator web interface.
`internal_connections`	Internal connection points of VDUs that are part of the virtual network function. This section is optional.
`virtual_links`	Virtual links for connecting internal connection points. This section must be specified if you specified the `internal_connections` section.
`images`	VDU disk images. You can deploy multiple VDUs using the same VDU disk image.
`configurations`	Scripts for performing actions at various stages of the virtual network function lifecycle, for example, during deployment of the virtual network function.
`flavours`	Flavours of the virtual network function. You can select one of the specified flavours of the virtual network function in the orchestrator web interface.
`scaling`	Virtual network function scaling parameters. This section is optional.
`user_configurations`	Orchestrator web interface inputs that are added to the settings area of the virtual network function. This section is optional.
`backups`	Virtual network function backup tasks. This section is optional.

VNF descriptor example

name: OpenWrt18

description: OpenWrt 18.06.1

description_file: openwrt-presentation.pdf

provider: Kaspersky

version: 1.0.1

external_connections:

- name: LAN

description: eth1

ip: AUTO

mask: AUTO

group: eth1-group

- name: WAN

description: eth2

ip: AUTO

mask: AUTO

group: eth2-group

images:

- name: openwrt

container_format: BARE

disk_format: QCOW2

type: OPENSTACK

filename: openwrt-18.06.1-x86-64.qcow2

configurations:

- name: config

filename: config.yml

stage: initialization

executor: ansible

authentication: password

- name: config2

filename: 3VDU.sh

stage: initialization

executor: /bin/sh

authentication: key

- name: config3

filename: 2VDU.sh

stage: initialization

executor: /bin/sh

authentication: key

flavours:

- name: 2VDU

description: 1 vCPU, 512MB memory

position: 1

affinity:

groups:

- name: aff

vdu_name:

- OpenWrt

- OpenWrt2

management:

vnc:

- vdu_name: OpenWrt

ssh:

- vdu_name: OpenWrt

def_user: root

authentication: key

web:

- vdu_name: OpenWrt

vdus:

- name: OpenWrt

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config3

def_user: root

def_password: p@ssw0rd

password_authentication: yes

disks:

- name: default

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

- name: OpenWrt2

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config3

def_user: root

def_password: p@ssw0rd

password_authentication: yes

disks:

- name: default

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

- name: VDU

description: 1 vCPU, 512MB memory

position: 2

affinity:

groups:

- name: aff

vdu_name:

- OpenWrt

- OpenWrt2

- OpenWrt3

management:

vnc:

- vdu_name: OpenWrt

ssh:

- vdu_name: OpenWrt

def_user: root

authentication: key

web:

- vdu_name: OpenWrt

vdus:

- name: OpenWrt

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

check_connection_mode: none

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssword

password_authentication: yes

disks:

- name: default

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

- name: OpenWrt2

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssw0rd

password_authentication: yes

disks:

- name: default

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

- name: OpenWrt3

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssw0rd

password_authentication: yes

disks:

- name: default

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

scaling:

scale_in_status: permit

scale_out_status: "permit"

user_configurations:

tab:

- name: GW

variables:

- name: "gw_ip"

description: IP

input_type: input

required: true

type: string

default_value: 192.168.0.1

example: 192.168.0.1

- name: direction

description: traffic direction

input_type: dropdown

required: true

type: string

values:

- value: in

is_default: true

- value: out

update_configuration_name:

- update_var

- change

backups:

- name: backup_config

description: backup/etc/config

backup:

path: /root/config.thz

interval: 600

store_configs: 10

backup_type: vnfm_scp

authentication: key

configuration_name_ref: backup

restore:

path: /tmp/config.tgz

backup_type: vnfm_scp

authentication: password

configuration_name_ref: restore

external_connections

The external_connections section has the following structure:


Section/setting		Description
`- name`		Name of the external connection point.
	`description`	Brief description of the external connection point.
	`ip`	IP address of the external connection point. Enter a value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126`
	`mask`	Subnet mask of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `255.255.255.0` The subnet mask is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the subnet mask cannot be changed. `AUTO` — The subnet mask is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section. `MANUAL` — the subnet mask must be specified manually in the orchestrator web interface when configuring external connection points of the virtual network function.
	`gw`	IP address of the gateway of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. `MANUAL` — the IP address must be specified manually in the orchestrator web interface when configuring external connection points of the virtual network function. Optional parameter.
	`dns`	IP address of the DNS server of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. `MANUAL` — the IP address must be specified manually in the orchestrator web interface when configuring external connection points of the virtual network function. Optional parameter.
	`group`	The group to which the external connection point belongs. This setting is required if multiple VDUs within the virtual network function use the same external connection point.

Example of this section

external_connections:

- name: LAN

description: eth1

ip: 192.168.2.0

mask: 255.255.255.0

gw: 192.168.0.1

dns: 192.168.0.10

group: lan-group

internal_connections

The internal_connections section has the following structure:


Section/setting		Description
`- name`		Name of the internal connection point.
	`description`	Brief description of the internal connection point.
	`virtual_link_name`	Name of the virtual link from the `virtual_links` section for the internal connection point.
	`ip`	IP address of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section. `MANUAL` — the IP address must be specified manually in the orchestrator web interface when configuring external connection points of the virtual network function.
	`mask`	Subnet mask of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `255.255.255.0` The subnet mask is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the subnet mask cannot be changed. `AUTO` — The subnet mask is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section.
	`gw`	IP address of the gateway of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`dns`	IP address of the DNS server of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`group`	The group to which the internal connection point belongs. This setting is required if multiple VDUs within the virtual network function use the same internal connection point.

Example of this section

internal_connections:

- name: LAN

description: eth3

ip: 192.168.2.0

mask: 255.255.255.0

gw: 192.168.0.1

dns: 192.168.0.10

group: lan-group

virtual_link_name: int-link

virtual_links

The virtual_links section has the following structure:


Section/setting		Description
`- name`		Name of the virtual link.
	`cidr`	IPv4 prefix of the virtual link. Enter a value in the XXX.XXX.XXX.XXX/XX format, for example: `192.168.2.0/24`
	`ip_version`	Version of IP addresses in the subnet. Possible values: `v4` `v6`

Example of this section

virtual_links:

- name: int_link

cidr: 203.0.113.0/24

ip_version: v4

images

The images section has the following structure:


Section/setting		Description
`- name`		Name of the VDU disk image.
	`container_format`	Container format of the VDU disk image.
	`disk_format`	Format of the VDU disk image.
	`type`	VIM type.
	`file_name`	File name of the VDU disk image. You must place the VDU disk image in the /image directory of the VNF package.

Example of this section

images:

- name: VDU_img

container_format: BARE

disk_format: QCOW2

type: OPENSTACK

filename: VDU_img.qcow2

configurations

The configurations section has the following structure:


Section/setting		Description
`- name`		Name of the script.
	`filename`	The file name of the script file, Ansible playbook, or user-data attribute for Cloud-init. You must place the script in the /scripts directory of the VNF package.
	`stage`	The stage of operation of the virtual network function at which the script runs. Possible values: `initialization` to run the script on deployment of the virtual network function. `termination` to run the script on deletion of the virtual network function. `none` to run the script when a value changes in the `user_configurations` section in the settings area of the virtual network function in the orchestrator web interface.
	`executor`	Script interpreter. Possible values: `ansible` `expect` `/bin/sh` `bin/bash` `cloud-init` `<path to the custom script interpreter>`, for example `/usr/bin/php`.
	`authentication`	Method for authenticating the VNFM in the virtual network function for running scripts. Possible values: `key` means the VNFM is authenticated in the virtual network function using a key that is generated when the virtual network function is deployed. You need to use a script to get the key, so we recommend not to specify this value for the first script. `password` means the VNFM is authenticated in the virtual network function with a user name and password from the `flavours` → `vdus` section.
	`files_path`	Path to files for running scripts using SSH. You need to create a directory in the /scripts directory of the VNF package and place the files in that directory. The files are copied to the VDU. Optional parameter.
	`config_drive`	Using config-drive. Possible values: `true` `false` This parameter must be specified if as the `executor`, you specified `cloud_init`.
	`timeout`	The time to wait for the script to finish, in seconds. If the script does not finish within the specified time, execution is terminated. The timeout starts at the moment the script is run. You can specify this parameter if you have specified a path to a custom script executor for the `executor` parameter.

Example of this section

configurations:

- name: config

filename: config.yml

stage: initialization

executor: ansible

authentication: password

files_path: SSH_scripts

config_drive: true

timeout: 15

flavours

The flavours section has the following structure:


Section/setting		Description
`- name`		Name of the deployment option.
	`description`	Brief description of the flavour.
	`position`	Sequential number of the flavour. The flavour with the lowest position has the lowest performance.
	`affinity`	Groups of VDUs hosted on the same OpenStack host. We recommend hosting VDUs that require minimizing communication delays which each other on the same OpenStack host.
	`anti-affinity`	Groups of VDUs hosted on different OpenStack hosts. We recommend deploying VDUs that may require vertical scaling or high availability on distinct OpenStack hosts.
	`management`	Parameters of VDU administration consoles.
	`vdus`	VDU settings.

The affinity and anti-affinity sections have the following structure:


Section/setting			Description
`groups`			VDU groups.
	`- name`		Name of the VDU group.
		`vdu_name`	Names of VDUs. Specify a list of values, for example: `vdu_name:` `- VDU_1` `- VDU_2`

The management section has the following structure:


Section/setting			Description
`vnc`			Settings for managing VDUs using the VNC console.
	`- vdu_name`		Name of the VDU.
`ssh`			Settings for managing VDUs using the SSH console.
	`- vdu_name`		Name of the VDU.
		`def_user`	User name for establishing the SSH session.
		`authentication`	Method for authenticating the VNFM in the virtual network function for running scripts. Possible values: `key` means the VNFM is authenticated in the virtual network function using a key that is generated when the virtual network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the virtual network function with a user name and password from the `vdus` section.
`web`			Settings for managing VDUs using the web console.
	`- vdu_name`		Name of the VDU.
		`protocol`	Protocol for connecting to the web console. Possible values: `http` `https`
		`port`	Port for connecting to the web console. Enter a value in the range of 1 to 65,536. By default, port 80 is used.
		`path`	Path to the web console.
		`def_user`	User name for authenticating in the web console.
		`def_password`	Password for authenticating in the web console.

The vdus section has the following structure:


Section/setting					Description
`- name`					Name of the VDU.
	`password_rules`				VDU password requirements. This section is optional.
		`length`			Minimum length of the password.
		`use_upper_case`			Users must use uppercase characters in the password. Possible values: `true` `false`
		`use_lower_case`			Users must use lowercase characters in the password. Possible values: `true` `false`
		`use_digits`			Users must use numerals in the password. Possible values: `true` `false`
		`specific_symbols`			Whether users must use special characters in the password, such as: `@"!`
		`specific_symbols_min_usage`			Minimum number of special characters that must be present in the password.
	`check_connection_mode`				Type of VDU availability test performed during deployment. By default, an SSH test is performed. Possible values: `ssh` `none` Optional parameter.
	`zabbix_template`				Name of the Zabbix template for the VDU.
	`monitoring_type`				Monitoring type of the virtual network function. Possible values: `agent` means monitoring using a Zabbix agent. `snmp` means monitoring using the SNMP protocol.
	`ssh_port`				Port number for establishing an SSH session. Optional parameter.
	`configurations`				Names of scripts from the `configurations` section to be run on the VDU. Specify a list of values, for example: `vdu_name:` `- config_1` `- config_2`
	`backups`				Names of backup tasks from the `backups` to be used on the VDU. Specify a list of values, for example: `vdu_name:` `- backup_1` `- backup_2` This section is optional.
	`def_user`				User name for authenticating the VNFM in the virtual network function. Optional parameter.
	`def_password`				Password for authenticating the VNFM in the virtual network function. Optional parameter.
	`password_authentication`				Password authentication of the VNFM in the virtual network function. Possible values: `yes` `no` Optional parameter.
	`disks`				Parameters of VDU virtual disks.
		`- name`			Name of the VDU virtual disk.
			`order`		Mounting order of the VDU virtual disk.
			`type`		Type of the ephemeral OpenStack disk.
			`image`		Name of the VDU virtual disk image from the `images` section. Optional parameter if you are creating a blank VDU disk.
			`storage_db`		Size of the VDU virtual disk in gigabytes.
	`cpu`				VDU CPU parameters.
		`smt`			Simultaneous multithreading requirements for VDU deployment. Possible values: `prefer` to use simultaneous multithreading if it is enabled on the VDU host. `isolate` to not use simultaneous multithreading. `require` to use simultaneous multithreading.
		`cpu_pinning`			Use of CPU pinning. Possible values: `shared` if you do not want to pin CPU cores to the VDU. `dedicated` if you want to pin CPU cores to the VDU.
		`num_vpu`			Number of CPU cores pinned to the VDU.
	`memory`				VDU RAM settings.
		`total_memory_mb`			Amount of VDU RAM in megabytes.
		`page_size`			Size of memory pages when deploying the VDU. Possible values: `small` for 4KB. `large` for 2 MB or 1 GB. `any` for any size. `4KB` `2MB` `2048` `1GB`
	`network_interfaces`				Network interface settings
		`- name`			Name of the network interface.
			`type`		Type of the network interface. Possible values: `data` is a network interface for data transfer. `management` is a management network interface that is mapped to a network port.
			`description`		Brief description of the network interface.
			`connection_point_ref`		Name of the external connection point from the `external_connections` section for the management network interface.
			`port_security`		Whether Port security This function improves network security at the level of Ethernet ports of switches and prevents unauthorized access to the network by limiting the number of MAC addresses that can be associated with a single physical port. When enabled, only trusted devices with predefined MAC addresses can connect to the network. is used. Possible values: `disabled` `enabled` Optional parameter.
			`properties`		Advanced settings of the network interface.
				`vnic_type`	vNIC type of the network interface. Possible values: `virtio` `direct` `macvtap` `vhost`
	`auto_healing`				VDU auto-healing parameters.
		`triggers_set`			External triggers that initiate VDU auto-healing. Possible values: `any` to have any external trigger initiate VDU auto-healing. `all` to initiate VDU auto-healing if all specified external triggers are triggered. `<trigger name>` to initiate VDU auto-healing when the specified external trigger is triggered.
		`triggers`			External triggers.
			`- name`		Name of the external trigger. Possible values: `unreachable` `scale_up` `scale_down`
		`action_set`			Action to perform when an external trigger is triggered.
			`- type`		Type of action. Possible values: `reprovision` to reprovision the VDU. `reboot` to restart the VDU. `script` to run the specified script.
			`configuration_name_ref`		Name of the script from the `configuration` section that is run when an external trigger is triggered. This parameter must be specified if as the `- type`, you selected `script`.
	`bootstrap_timeout`				SSH availability timeout during VDU deployment, in seconds. If the VDU is not available over SSH after the specified timeout expires, the deployment is rolled back. Optional parameter.

Example of this section

vdus:

- name: vgw

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

check_connection_mode: none

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config_1

- config_2

backups:

- backup_config

def_user: root

def_password: p@ssw0rd

password_authentication: yes

disks:

- name: "default"

order: 1

type: default

image: openwrt

storage_gb: 1

cpu:

smt: prefer

cpu_pinning: dedicated

num_vpu: 1

memory:

total_memory_mb: 512

page_size: small

network_interfaces:

- name: eth

type: data

description: eth0

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

scaling

The scaling section has the following structure:

Parameter	Description
`scale_in_status`	Horizontal scaling to a scaling option with a lower sequential number. Possible values: `permit` `deny`
`scale_out_status`	Horizontal scaling to a scaling option with a higher sequential number. Possible values: `permit` `deny`
`scale_up_status`	Vertical scaling to a scaling option with a lower sequential number. Possible values: `permit` `deny`
`scale_down_status`	Vertical scaling to a scaling option with a higher sequential number. Possible values: `permit` `deny`

Example of this section

scaling:

scale_in_status: permit

scale_out_status: permit

scale_up_status: permit

scale_down_status: permit

user_configurations

The user_configurations section has the following structure:


Section/setting				Description
`tab`				Tabs that are added to the settings area of the virtual network function.
`- name`				Name of the tab.
	`variables`			Orchestrator web interface inputs that are displayed on the tab.
	`- name`			Name of the orchestrator web interface input.
		`description`		Brief description of the orchestrator web interface input.
		`input_type`		Type of the orchestrator web interface input. Possible values: `input` to add a field. `dropdown` to add a drop-down list.
		`default_value`		Default value of the field. You can specify this parameter if as the `input_type`, you specified `input`.
		`values`		The options that are displayed in the drop-down list. This setting can be specified if as the `input_type`, you specified `dropdown`.
		`- value`		The name of the value.
			`is_default`	Default value. Possible values: `true` `false` Optional parameter.
		`required`		Required orchestrator web interface input. Possible values: `true` `false` Optional parameter.
		`type`		The type of value that can be specified in the orchestrator web interface input. Optional parameter.
		`example`		A tooltip that is displayed when the value of the orchestrator web interface input changes. Optional parameter.
		`update_configuration_name`		Names of scripts from the `configurations` section that are run when the value of the orchestrator web interface input changes. Specify a list of values, for example: `update_configuration_name:` `- config_1` `- config_2`

Example of this section

user_configurations:

tab:

- name: GW

variables:

- name: "gw_ip"

description: IP

input_type: input

required: true

type: string

default_value: 192.168.0.1

example: 192.168.0.1

- name: direction

description: traffic direction

input_type: dropdown

required: true

type: string

values:

- value: in

is_default: true

- value: out

update_configuration_name:

- update_var

- change

backups

The backups section has the following structure:


Section/setting			Description
`- name`			Name of the backup task.
	`description`		Brief description of the backup task.
	`backup`		Backup parameters.
		`path`	Path to the virtual network function directory where the files that you want to backup are located.
		`interval`	Time interval in seconds for backup.
		`store_config`	Number of backup copies to keep.
		`backup_type`	Type of backup.
		`authentication`	Method for authenticating the VNFM in the virtual network function for running scripts. Possible values: `key` means the VNFM is authenticated in the virtual network function using a key that is generated when the virtual network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the virtual network function with a user name and password from the `flavours` → `vdus` section.
		`configuration_name_ref`	Name of the script from the `configurations` section to run before the backup.
	`restore`		Backup restoration parameters.
		`path`	Path to the virtual network function directory where the restored files are placed.
		`backup_type`	Type of backup.
		`authentication`	Method for authenticating the VNFM in the virtual network function for running scripts. Possible values: `key` means the VNFM is authenticated in the virtual network function using a key that is generated when the virtual network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the virtual network function with a user name and password from the `flavours` → `vdus` section.
		`configuration_name_ref`	Name of the script from the `configurations` section to run after the restoration from backup begins.

Example of this section

backups:

- name: backup_config

description: backup/etc/config

backup:

path: /root/config.thz

interval: 600

store_configs: 10

backup_type: vnfm_scp

authentication: key

configuration_name_ref: backup

restore:

path: /tmp/config.tgz

backup_type: vnfm_scp

authentication: password

configuration_name_ref: restore

Page top

Configuring the PNF descriptor

Expand all | Collapse all

Specify the settings of the physical network function in a PNF descriptor in YAML or XML format, then add the PNF descriptor to the root directory of the PNF package. A PNF descriptor has the following structure:

Section/setting	Description
`name`	Name of the physical network function.
`description`	Brief description of the physical network function.
`description_file`	Name of the PDF file with the technical documentation or specification of the physical network function. This file must be placed in the root directory of the PNF package. Users can view and download the file in the orchestrator web interface. Optional parameter.
`provider`	Provider of the physical network function.
`version`	Version of the physical network function.
`external_connections`	External connection points of the physical network function.
`internal_connections`	Internal connection points of VDUs that are part of the physical network function. This section is optional.
`configurations`	Scripts for performing actions at various stages of the physical network function lifecycle, for example, during deployment of the physical network function.
`flavours`	Flavours of the physical network function. You can select one of the specified flavours of the physical network function in the orchestrator web interface.
`scaling`	Physical network function scaling parameters. This section is optional.
`user_configurations`	Orchestrator web interface inputs that are added to the settings area of the physical network function. This section is optional.
`backups`	Physical network function backup tasks. This section is optional.

PNF descriptor example

name: OpenWrt18

description: OpenWrt 18.06.1

description_file: openwrt-presentation.pdf

provider: Kaspersky

version: 1.0.1

external_connections:

- name: LAN

description: eth1

ip: AUTO

mask: AUTO

group: eth1-group

- name: WAN

description: eth2

ip: AUTO

mask: AUTO

group: eth2-group

configurations:

- name: config

filename: config.yml

stage: initialization

executor: ansible

authentication: password

- name: config2

filename: 3VDU.sh

stage: initialization

executor: /bin/sh

authentication: key

- name: config3

filename: 2VDU.sh

stage: initialization

executor: /bin/sh

authentication: key

flavours:

- name: 2VDU

description: 1 vCPU, 512MB memory

position: 1

management:

ssh:

- vdu_name: OpenWrt

def_user: root

authentication: key

web:

- vdu_name: OpenWrt

vdus:

- name: OpenWrt

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config3

def_user: root

def_password: p@ssw0rd

password_authentication: yes

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reboot

- name: OpenWrt2

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config3

def_user: root

def_password: p@ssw0rd

password_authentication: yes

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reboot

- name: VDU

description: 1 vCPU, 512MB memory

position: 2

management:

ssh:

- vdu_name: OpenWrt

def_user: root

authentication: key

web:

- vdu_name: OpenWrt

vdus:

- name: OpenWrt

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

check_connection_mode: none

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssword

password_authentication: yes

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reboot

- name: OpenWrt2

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssw0rd

password_authentication: yes

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reboot

- name: OpenWrt3

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config

- config2

def_user: root

def_password: p@ssw0rd

password_authentication: yes

network_interfaces:

- name: Management

type: management

description: eth0

- name: eth1

type: data

description: eth1

connection_point_ref: LAN

- name: eth2

type: data

description: eth2

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reboot

scaling:

scale_in_status: permit

scale_out_status: "permit"

user_configurations:

tab:

- name: GW

variables:

- name: "gw_ip"

description: IP

input_type: input

required: true

type: string

default_value: 192.168.0.1

example: 192.168.0.1

- name: direction

description: traffic direction

input_type: dropdown

required: true

type: string

values:

- value: in

is_default: true

- value: out

update_configuration_name:

- update_var

- change

backups:

- name: backup_config

description: backup/etc/config

backup:

path: /root/config.thz

interval: 600

store_configs: 10

backup_type: vnfm_scp

authentication: key

configuration_name_ref: backup

restore:

path: /tmp/config.tgz

backup_type: vnfm_scp

authentication: password

configuration_name_ref: restore

external_connections

The external_connections section has the following structure:


Section/setting		Description
`- name`		Name of the external connection point.
	`description`	Brief description of the external connection point.
	`ip`	IP address of the external connection point. Enter a value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126`
	`mask`	Subnet mask of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `255.255.255.0` The subnet mask is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the subnet mask cannot be changed. `AUTO` — The subnet mask is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section.
	`gw`	IP address of the gateway of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`dns`	IP address of the DNS server of the external connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`group`	The group to which the external connection point belongs. This setting is required if multiple VDUs within the physical network function use the same external connection point.

Example of this section

external_connections:

- name: LAN

description: eth1

ip: 192.168.2.0

mask: 255.255.255.0

gw: 192.168.0.1

dns: 192.168.0.10

group: lan-group

internal_connections

The internal_connections section has the following structure:


Section/setting		Description
`- name`		Name of the internal connection point.
	`description`	Brief description of the internal connection point.
	`ip`	IP address of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section.
	`mask`	Subnet mask of the internal connection point. Possible values: Value in the XXX.XXX.XXX.XXX format, for example: `255.255.255.0` The subnet mask is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the subnet mask cannot be changed. AUTO — The subnet mask is assigned automatically using an external DHCP server or scripts. You can specify scripts in the `configurations` section.
	`gw`	IP address of the gateway of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`dns`	IP address of the DNS server of the internal connection point. Possible values: Value in the `XXX.XXX.XXX.XXX` format, for example: `192.168.110.126` The IP address is assigned using DHCP via MAC-based reservation of an OpenStack port. In this case, the IP address cannot be changed. `AUTO` — The IP address is assigned automatically using an external DHCP server or scripts from the `configurations` section. Optional parameter.
	`group`	The group to which the internal connection point belongs. This setting is required if multiple VDUs within the physical network function use the same internal connection point.

Example of this section

internal_connections:

- name: LAN

description: eth3

ip: 192.168.2.0

mask: 255.255.255.0

gw: 192.168.0.1

dns: 192.168.0.10

group: lan-group

configurations

The configurations section has the following structure:


Section/setting		Description
`- name`		Name of the script.
	`filename`	File name of the script or Ansible playbook. You must place the script in the /scripts directory of the PNF package.
	`stage`	The stage of operation of the physical network function at which the script runs. Possible values: `initialization` to run the script on deployment of the physical network function. `termination` to run the script on deletion of the physical network function. `none` to run the script when a value changes in the `user_configurations` section in the settings area of the physical network function in the orchestrator web interface.
	`executor`	Script interpreter. Possible values: `ansible` `expect` `/bin/sh` `bin/bash` `<path to the custom script interpreter>`, for example `/usr/bin/php`.
	`authentication`	Method for authenticating the VNFM in the physical network function for running scripts. Possible values: `key` means the VNFM is authenticated in the physical network function using a key that is generated when that physical network function is deployed. You need to use a script to get the key, so we recommend not to specify this value for the first script. `password` means the VNFM is authenticated in the physical network function with a user name and password from the `flavours` → `vdus` section.
	`files_path`	Path to files for running scripts using SSH. You need to create a directory in the /scripts directory of the PNF package and place the files in that directory. The files are copied to the VDU. Optional parameter.
	`timeout`	The time to wait for the script to finish, in seconds. If the script does not finish within the specified time, execution is terminated. The timeout starts at the moment the script is run. You can specify this parameter if you have specified a path to a custom script executor for the `executor` parameter.

Example of this section

configurations:

- name: config

filename: config.yml

stage: initialization

executor: ansible

authentication: password

files_path: SSH_scripts

config_drive: true

timeout: 15

flavours

The flavours section has the following structure:


Section/setting		Description
`- name`		Name of the deployment option.
	`description`	Brief description of the flavour.
	`position`	Sequential number of the flavour. The flavour with the lowest position has the lowest performance.
	`management`	Parameters of VDU administration consoles.
	`vdus`	VDU settings.

The management section has the following structure:


Section/setting			Description
`ssh`			Settings for managing VDUs using the SSH console.
	`- vdu_name`		Name of the VDU.
		`def_user`	User name for establishing the SSH session.
		`authentication`	Method for authenticating the VNFM in the physical network function for running scripts. Possible values: `key` means the VNFM is authenticated in the physical network function using a key that is generated when that physical network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the physical network function with a user name and password from the `vdus` section.
`web`			Settings for managing VDUs using the web console.
	`- vdu_name`		Name of the VDU.
		`protocol`	Protocol for connecting to the web console. Possible values: `http` `https`
		`port`	Port for connecting to the web console. Enter a value in the range of 1 to 65,536. By default, port 80 is used.
		`path`	Path to the web console.
		`def_user`	User name for authenticating in the web console.
		`def_password`	Password for authenticating in the web console.

The vdus section has the following structure:


Section/setting				Description
`- name`				Name of the VDU.
	`password_rules`			VDU password requirements. This section is optional.
		`length`		Minimum length of the password.
		`use_upper_case`		Users must use uppercase characters in the password. Possible values: `true` `false`
		`use_lower_case`		Users must use lowercase characters in the password. Possible values: `true` `false`
		`use_digits`		Users must use numerals in the password. Possible values: `true` `false`
		`specific_symbols`		Whether users must use special characters in the password, such as: `@"!`
		`specific_symbols_min_usage`		Minimum number of special characters that must be present in the password.
	`check_connection_mode`			Type of VDU availability test performed during deployment. By default, an SSH test is performed. Possible values: `ssh` `none` Optional parameter.
	`zabbix_template`			Name of the Zabbix template for the VDU.
	`monitoring_type`			Monitoring type of the physical network function. Possible values: `agent` means monitoring using a Zabbix agent. `snmp` means monitoring using the SNMP protocol.
	`ssh_port`			Port number for establishing an SSH session. Optional parameter.
	`configurations`			Names of scripts from the `configurations` section to be run on the VDU. Specify a list of values, for example: `vdu_name:` `- config_1` `- config_2`
	`backups`			Names of backup tasks from the `backups` to be used on the VDU. Specify a list of values, for example: `vdu_name:` `- backup_1` `- backup_2` This section is optional.
	`def_user`			User name for authenticating the VNFM in the physical network function. Optional parameter.
	`def_password`			Password for authenticating the VNFM in the physical network function. Optional parameter.
	`password_authentication`			Password authentication of the VNFM in the physical network function. Possible values: `yes` `no` Optional parameter.
	`network_interfaces`			Network interface settings
		`- name`		Name of the network interface.
			`type`	Type of the network interface. Possible values: `data` is a network interface for data transfer. `management` is a management network interface that is mapped to a network port.
			`description`	Brief description of the network interface.
			`connection_point_ref`	Name of the external connection point from the `external_configurations` section for the management network interface.
	`auto_healing`			VDU auto-healing parameters.
		`triggers_set`		External triggers that initiate VDU auto-healing. Possible values: `any` to have any external trigger initiate VDU auto-healing. `all` to initiate VDU auto-healing if all specified external triggers are triggered. `<trigger name>` to initiate VDU auto-healing when the specified external trigger is triggered.
		`triggers`		External triggers.
			`- name`	Name of the external trigger. Possible values: `unreachable` `scale_up` `scale_down`
		`action_set`		Action to perform when an external trigger is triggered.
			`- type`	Type of action. Possible values: `reboot` to restart the VDU. `script` to run the specified script.
			`configuration_name_ref`	Name of the script from the `configuration` section that is run when an external trigger is triggered. This parameter must be specified if as the `- type`, you selected `script`.

Example of this section

vdus:

- name: vgw

password_rules:

length: 12

use_upper_case: true

use_lower_case: true

use_digits: true

specific_symbols: .?$#@![]-{}

specific_symbols_min_usage: 2

check_connection_mode: none

zabbix_template: Template OS Linux

monitoring_type: agent

ssh_port: 22

configurations:

- config_1

- config_2

backups:

- backup_config

def_user: root

def_password: p@ssw0rd

password_authentication: yes

network_interfaces:

- name: eth

type: data

description: eth0

connection_point_ref: WAN

auto_healing:

triggers_set: any

triggers:

- name: unreachable

action_set:

- type: reprovision

scaling

The scaling section has the following structure:

Parameter

Description

scale_up_status

Vertical scaling to a scaling option with a lower sequential number. Possible values:

permit
deny

scale_down_status

Vertical scaling to a scaling option with a higher sequential number. Possible values:

permit
deny

Example of this section

scaling:

scale_in_status: permit

scale_out_status: permit

user_configurations

The user_configurations section has the following structure:


Section/setting				Description
`tab`				Tabs that are added to the settings area of the physical network function.
`- name`				Name of the tab.
	`variables`			Orchestrator web interface inputs that are displayed on the tab.
	`- name`			Name of the orchestrator web interface input.
		`description`		Brief description of the orchestrator web interface input.
		`input_type`		Type of the orchestrator web interface input. Possible values: `input` to add a field. `dropdown` to add a drop-down list.
		`default_value`		Default value of the field. You can specify this parameter if as the `input_type`, you specified `input`.
		`values`		The options that are displayed in the drop-down list. This setting can be specified if as the `input_type`, you specified `dropdown`.
		`- value`		The name of the value.
			`is_default`	Default value. Possible values: `true` `false` Optional parameter.
		`required`		Required orchestrator web interface input. Possible values: `true` `false` Optional parameter.
		`type`		The type of value that can be specified in the orchestrator web interface input. Optional parameter.
		`example`		A tooltip that is displayed when the value of the orchestrator web interface input changes. Optional parameter.
		`update_configuration_name`		Names of scripts from the `configurations` section that are run when the value of the orchestrator web interface input changes. Specify a list of values, for example: `update_configuration_name:` `- config_1` `- config_2`

Example of this section

user_configurations:

tab:

- name: GW

variables:

- name: "gw_ip"

description: IP

input_type: input

required: true

type: string

default_value: 192.168.0.1

example: 192.168.0.1

- name: direction

description: traffic direction

input_type: dropdown

required: true

type: string

values:

- value: in

is_default: true

- value: out

update_configuration_name:

- update_var

- change

backups

The backups section has the following structure:


Section/setting			Description
`- name`			Name of the backup task.
	`description`		Brief description of the backup task.
	`backup`		Backup parameters.
		`path`	Path to the physical network function directory where the files that you want to backup are located.
		`interval`	Time interval in seconds for backup.
		`store_config`	Number of backup copies to keep.
		`backup_type`	Type of backup.
		`authentication`	Method for authenticating the VNFM in the physical network function for running scripts. Possible values: `key` means the VNFM is authenticated in the physical network function using a key that is generated when that physical network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the physical network function with a user name and password from the `flavours` → `vdus` section.
		`configuration_name_ref`	Name of the script from the `configurations` section to run before the backup.
	`restore`		Backup restoration parameters.
		`path`	Path to the physical network function directory where the restored files are placed.
		`backup_type`	Type of backup.
		`authentication`	Method for authenticating the VNFM in the physical network function for running scripts. Possible values: `key` means the VNFM is authenticated in the physical network function using a key that is generated when that physical network function is deployed. You need to get the key using a script from the `configurations` section. `password` means the VNFM is authenticated in the physical network function with a user name and password from the `flavours` → `vdus` section.
		`configuration_name_ref`	Name of the script from the `configurations` section to run after the restoration from backup begins.

Example of this section

backups:

- name: backup_config

description: backup/etc/config

backup:

path: /root/config.thz

interval: 600

store_configs: 10

backup_type: vnfm_scp

authentication: key

configuration_name_ref: backup

restore:

path: /tmp/config.tgz

backup_type: vnfm_scp

authentication: password

configuration_name_ref: restore

Page top

Protection of VNF and PNF packages against substitution and modification

Some VNF and PNF package files are placed in the local directory of the Docker container of the orchestrator, and you can protect them against substitution and modification. When VNF and PNF packages are protected, the orchestrator automatically computes their SHA256 hash when they are uploaded to the orchestrator web interface. When accessing files in the local directory of the Docker container, the orchestrator compares their current SHA256 hash with the previously saved hash. If the SHA256 hashes do not match, the orchestrator prevents users from performing actions with the network function, such as adding it to the topology of a network service.

To protect of VNF and PNF packages against substitution and modification:

In the lower part of the menu, click the settings icon → Storage security.
This opens a window, in that window, select the Calculate hash sum SHA256 for VNF/PNF files on storage check box. This check box is cleared by default.

VNF and PNF packages are protected against substitution and modification.

Page top

Uploading a VNF or PNF package to the orchestrator web interface

To upload a VNF or PNF package to the orchestrator web interface:

In the menu, go to the Catalog section.
The network service management page is displayed.
In the upper part of the page, click + VNF or + PNF.
This opens a window; in that window, select the VNF or PNF package.
If you want to check the integrity of the VNF or PNF package, enter its SHA256 hash in the Hash sum SHA256 field. Maximum length: 64 characters.
Click Save.

The VNF or PNF package is uploaded to the orchestrator web interface. The VNF or PNF is displayed in the Catalog pane. If you entered a SHA256 hash of a VNF or PNF package, the orchestrator compares the hash you entered with the actual SHA256 hash. If the SHA256 hashes do not match, the VNF or PNF package is not uploaded.

Contents

Managing VNF and PNF packages

Configuring the VNF descriptor

Configuring the PNF descriptor

Protection of VNF and PNF packages against substitution and modification

Uploading a VNF or PNF package to the orchestrator web interface