[integration] vFW Closed Loop Issues on Beijing


Netaji Surve
 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Marco Platania
 

Netaji,

 

In Beijing Policy update is a little different. Please look at this wiki page and follow the instructions below (changing the PAP name based on your deployment): https://wiki.onap.org/display/DW/Scalability%2C+Resiliency+and+Manageability

  • Login to PAP
  • Copy push-policy.sh to a non-read-only directory
    • cp /tmp/policy-install/config/push-policies.sh /tmp/policy-install
  • Change vFW policy resourceID in /tmp/policy-install/push-policies.sh to reflect the real vPacketGen model-invariant-id, e.g.:
    • sed -i "s/Eace933104d443b496b8.nodes.heat.vpg/02c953b7-e626-4e16-9874-6191572949a0/g" push-policies.sh
  • From Rancher VM, run: kubectl exec -it dev-pap-7ff989696d-s86wj -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /tmp/policy-install/push-policies.sh"

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

1>     To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

2>     I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Marco Platania
 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

1>     To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

2>     I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Netaji Surve
 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Pedro Barros
 

Hi,

Use as password "admin" instead of that token.

BR
Pedro


Netaji Surve
 

Hi pedrobarros,

 

Thanks for the response. It’s working now J .

 

Thanks,

Netaji Surve

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of pedrobarros1@...
Sent: Thursday, July 12, 2018 11:14 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

Use as password "admin" instead of that token.

BR
Pedro

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Netaji Surve
 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Brian Freeman
 

Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Netaji Surve
 

Hi Brian,

 

Yes I ran aai/v11/network/generic-vnfs/ using postman and found my vnf is present in the response with different name.

 

 

I did update the policy. I also did run the heatbridge using robot script as follows:

./demo-k8s.sh  onap  heatbridge <stack_name> <service_instance_id> vFW

 

 

Thanks,

Netaji Surve

 

 

 

 

 

From: FREEMAN, BRIAN D [mailto:bf1936@...]
Sent: Thursday, July 12, 2018 4:04 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: RE: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Marco Platania
 

Netaji,

 

The problem is that the TCA output is not “enriched”. DCAE goes to AAI to get additional info that should appear in the AAI section of the JSON object. In your case, only the VNF name appears. Did you run heatbridge:

 

./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Marco

 

From: <onap-discuss@...> on behalf of BRIAN FREEMAN <bf1936@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, BRIAN FREEMAN <bf1936@...>
Date: Thursday, July 12, 2018 at 9:04 AM
To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Ran Pollak <Ran.Pollak@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.


Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

1>     To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

2>     I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Netaji Surve
 

Hi Marco,

 

Yes I did run the heatbridge using command ./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Thanks,

Netaji Surve

 

 

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Thursday, July 12, 2018 4:42 PM
To: onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Netaji,

 

The problem is that the TCA output is not “enriched”. DCAE goes to AAI to get additional info that should appear in the AAI section of the JSON object. In your case, only the VNF name appears. Did you run heatbridge:

 

./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Marco

 

From: <onap-discuss@...> on behalf of BRIAN FREEMAN <bf1936@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, BRIAN FREEMAN <bf1936@...>
Date: Thursday, July 12, 2018 at 9:04 AM
To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Ran Pollak <Ran.Pollak@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Netaji Surve
 

Hi Marco,

 

Here are some more details :

 

URII : https://10.247.18.6:30233/aai/v11/network/generic-vnfs/

Response: PFA gereric-vnf-GET-response.txt

 

 

URI: http://10.247.18.6:30227/events/POLICY-CL-MGT/mygroup/myid?timeout=5000

Response:  PFA POLICY-CL-MGT-Response.txt

 

I am confused why in POLICY-CL-MGT response its "generic-vnf.vnf-name\": \"demofwl01fwl\". If we see the AAI response for “/aai/v11/network/generic-vnfs/” it showing “demofwl01fwl” in not generic vnf name but it is vServer name.

 

Do you have any idea about this?

 

Thanks,

Netaji Surve

 

 

 

From: Netaji Surve
Sent: Thursday, July 12, 2018 5:41 PM
To: PLATANIA, MARCO (MARCO) <platania@...>; onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: RE: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi Marco,

 

Yes I did run the heatbridge using command ./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Thanks,

Netaji Surve

 

 

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Thursday, July 12, 2018 4:42 PM
To: onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Netaji,

 

The problem is that the TCA output is not “enriched”. DCAE goes to AAI to get additional info that should appear in the AAI section of the JSON object. In your case, only the VNF name appears. Did you run heatbridge:

 

./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Marco

 

From: <onap-discuss@...> on behalf of BRIAN FREEMAN <bf1936@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, BRIAN FREEMAN <bf1936@...>
Date: Thursday, July 12, 2018 at 9:04 AM
To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Ran Pollak <Ran.Pollak@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

  1. To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

  1. I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)


Marco Platania
 

Hi Netaji,

 

For vFW closed loop to work, the vFW hostname (VM name) has to match the Generic VNF name that is used during VNF instantiation (i.e. the generic-vnf-name in the SDNC preload). This can be simply done by appropriately preloading SDNC, such that “vfw_name_0” will match the generic-vnf-name. vfw_name_0 is defined in Heat and sets the vFW VM hostname.

 

In your case, this requirement is not met. How did you preload SDNC? My feeling is that you are using a combination of automated (i.e. via Robot) and manual steps to run closed loop, and something is missing. I would suggest to start over using manual operations and follow these videos:

 

https://wiki.onap.org/display/DW/Running+the+ONAP+Demos?preview=/1015891/16009974/ONAP-service-design.mp4

https://wiki.onap.org/display/DW/Running+the+ONAP+Demos?preview=/1015891/16010290/vFW_closed_loop.mp4

 

These use Heat, but if you scroll the wiki page https://wiki.onap.org/display/DW/Running+the+ONAP+Demos you’ll find examples for K8S/OOM.

 

Marco

 

 

From: Netaji Surve <Netaji.Surve@...>
Date: Sunday, July 15, 2018 at 4:54 AM
To: "PLATANIA, MARCO (MARCO)" <platania@...>, "'onap-discuss@...'" <onap-discuss@...>, BRIAN FREEMAN <bf1936@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Ran Pollak <Ran.Pollak@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Keren Joseph <Keren.Joseph@...>
Subject: RE: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi Marco,

 

Here are some more details :

 

URII : https://10.247.18.6:30233/aai/v11/network/generic-vnfs/

Response: PFA gereric-vnf-GET-response.txt

 

 

URI: http://10.247.18.6:30227/events/POLICY-CL-MGT/mygroup/myid?timeout=5000

Response:  PFA POLICY-CL-MGT-Response.txt

 

I am confused why in POLICY-CL-MGT response its "generic-vnf.vnf-name\": \"demofwl01fwl\". If we see the AAI response for “/aai/v11/network/generic-vnfs/” it showing “demofwl01fwl” in not generic vnf name but it is vServer name.

 

Do you have any idea about this?

 

Thanks,

Netaji Surve

 

 

 

From: Netaji Surve
Sent: Thursday, July 12, 2018 5:41 PM
To: PLATANIA, MARCO (MARCO) <platania@...>; onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: RE: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi Marco,

 

Yes I did run the heatbridge using command ./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Thanks,

Netaji Surve

 

 

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Thursday, July 12, 2018 4:42 PM
To: onap-discuss@...; FREEMAN, BRIAN D <bf1936@...>; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Netaji,

 

The problem is that the TCA output is not “enriched”. DCAE goes to AAI to get additional info that should appear in the AAI section of the JSON object. In your case, only the VNF name appears. Did you run heatbridge:

 

./demo.sh onap heatbridge <stack name> <service instance ID> vFW

 

Marco

 

From: <onap-discuss@...> on behalf of BRIAN FREEMAN <bf1936@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, BRIAN FREEMAN <bf1936@...>
Date: Thursday, July 12, 2018 at 9:04 AM
To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Ran Pollak <Ran.Pollak@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Netaji,

 

Did you query AAI for all the generic_vnf’s using POSTMAN or curl to see if your test vFW is there but with a different name ?

 

We have run into this before but I cant remember the issue/fix.

Marco would know off the top of his head. I would make sure I ran heatbridge and that the updated policy for the uuid (not sure of the exact steps) is in the policy config.

 

Brian

 

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 8:45 AM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Ran Pollak <Ran.Pollak@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Keren Joseph <Keren.Joseph@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

I could successfully Mount APPC.

Now I am trying to validate closed is working. I could see following response on Dmaap topics.

 

 

 

 

 

 

 

 

 

 

In the response of POLICY-CL-MGT topic you can see

 

 

"{\n  \"AAI\": {\n    \"generic-vnf.vnf-name\": \"demofwl01fwl\"\n  },\n  \"closedLoopAlarmStart\": 1531397598999178,\n  \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\n  \"version\": \"1.0.2\",\n  \"requestId\": \"2b72d40c-5eb1-4688-8b35-a4f561694ac4\",\n  \"closedLoopEventClient\": \"DCAE_INSTANCE_ID.dcae-tca\",\n  \"targetType\": \"VNF\",\n  \"target\": \"generic-vnf.vnf-name\",\n  \"from\": \"policy:amsterdam\",\n  \"policyScope\": \"com\",\n  \"policyName\": \"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER\",\n  \"policyVersion\": \"1\",\n  \"notification\": \"FINAL: FAILURE\",\n  \"message\": \"Exception from queryAai: org.onap.policy.aai.util.AaiException: AAI Response is null (query by vnf-name)\",\n  \"notificationTime\": \"2018-07-12 12:12:53.259000+00:00\",\n  \"history\": []\n}"

 

 

 

 

Then I found error in drools logs. Please see attached drools log. In logs we can see it is trying to fetch generic-vnf using following API

https://aai.onap:8443/aai/v11/network/generic-vnfs/generic-vnf?vnf-name=demofwl01fwl

 

But here vnf-name=demofwl01fwl  is not present in AAI that why AAI is throwing error that no such vnf present.

 

Are we missing any configurations?

 

Thanks,

Netaji Surve.

 

 

From: onap-discuss@... [mailto:onap-discuss@...] On Behalf Of Netaji Surve
Sent: Thursday, July 12, 2018 11:08 AM
To: onap-discuss@...
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Hi,

 

Thanks for the response.

 

I was trying to mount APPC with below command.

 

curl -v --noproxy '*' --user "admin":"Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" -d @appc-mount.xml -H "Accept: application/xml" -H "Content-type: application/xml" -X PUT  http://10.247.18.6:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/e3fa09fa-55a4-4ca6-a707-c185915e0a06

 

PFA appc-mount.xml which I used as body.

 

After I tried this API I got error

 

Is there any changes in header required?

 

Thanks,

Netaji Surve.

From: PLATANIA, MARCO (MARCO) [mailto:platania@...]
Sent: Wednesday, July 11, 2018 4:25 PM
To: onap-discuss@...; Netaji Surve <Netaji.Surve@...>
Cc: Alka Choudhary <ALKAC@...>; Borislav Glozman <Borislav.Glozman@...>; Sudhakar Reddy <Sudhakar.Reddy@...>; Prashant Kumar <prashant.kumar1@...>; Keren Joseph <Keren.Joseph@...>; Ran Pollak <Ran.Pollak@...>
Subject: Re: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

Also, keep in mind that DMaaP topics have changed:

 

VES reporting: {{mr_ip}}:30227/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:30227/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

 

Marco

 

From: <onap-discuss@...> on behalf of Netaji Surve <Netaji.Surve@...>
Reply-To: "onap-discuss@..." <onap-discuss@...>, "Netaji.Surve@..." <Netaji.Surve@...>
Date: Wednesday, July 11, 2018 at 9:15 AM
To: "'onap-discuss@...'" <onap-discuss@...>
Cc: Alka Choudhary <ALKAC@...>, Borislav Glozman <Borislav.Glozman@...>, Sudhakar Reddy <Sudhakar.Reddy@...>, Prashant Kumar <prashant.kumar1@...>, Keren Joseph <Keren.Joseph@...>, Ran Pollak <Ran.Pollak@...>
Subject: [onap-discuss] [integration] vFW Closed Loop Issues on Beijing

 

 

Hi Community,

 

I am trying to run the vFW closed loop on Beijing. I could create the stack on OS and packets are flowing from PG to FW to SINK.

 

1>     To run the closed loop I am following below link:

https://wiki.onap.org/display/DW/vFWCL+instantiation,+testing,+and+debuging

 

In this link under closed loop section I tried step 2 which is Upload operational policy. And tried running below command

 

update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>

 

But to run this command we need <policy-pdp-node-port> as a parameter to the script. But in Beijing pdp is not having any nodeport service.

 

 

 

 

              I am not clear how to run this update-vfw-op-policy.sh script.

 

 

2>     I tried to get events on topic unauthenticated.SEC_MEASUREMENT_OUTPUT its giving below error.

 

 

Also topics POLICY-CL-MGT, unauthenticated.TCA_EVENT_OUTPUT are not created. I am not clear when these topic gets created.

Are we missing any step? If anyone has any idea please suggest.

 

 

 

 

Thanks,

Netaji Surve

 

 

 

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer

Amdocs Development Centre India Private Limited having CIN: U72200PN2004PTC0188320 converted into Amdocs Development Centre India LLP (A limited liability partner­ship with LLP Identification Number: AAI-6901 effective 28th Feb 2017)