Operational Lifecycle Enabler

Use Case Based on API Fabric Proposal and other PoC Ideas
June, 2019
 API Fabric : Re-Cap From F2F Event

Use Case Specific Simplified APIs exposed ,

different abstraction levels

Leverage Consistent API Management ,Security, Identity,

tool sets
API Façade
Composition , Policy control

API Fabric
from Open
Source

Build or
Reuse API Adaptation/Mediation Transformation , Adaptation, Enrichment – Used for
from Standard API adoption
ONAP
Backend Separated from
Consumption Layer – Backend
can evolve independently

Existing ONAP Component Level Fine-grained APIs

Handle common API transactional requirements at Façade, Focus on integration of adaptation logic in Mediation/Adaptation
Agenda

• Use Case Overview

• Proof of Concept Plan
Use Case Overview
 Brief Context
Operational Life cycle Use Case Context
• In a typical Telecom Operator production environment the deployed
Day -1 Day 0 Day 1 Day 2 Day 2+n software solutions/systems goes through different operational
lifecycle stages , or processes based on a well defined business
process flows
Modelling, Design, Infra Readiness

Service Configuration & Activation

OSS/BSS
Commissioning, Certification

Service Monitoring, Closed

Acceptance, Deployment &

Loop Control , Finalization

This is typically classified in terms of Day 0,Day 1 and Day 2
Service Realization

Operations or PSR Definition/PSR Instance Lifecycle Operations

ONAP • The operational activities cut across different layers of solutions and
systems.

• From ONAP perspective the key enablers available currently for

Infrastructure supporting such operational activities are set of granular APIs
exposed by ONAP components
PSR Definition LC PSR Instance LC
• The proposed use case suggest a more generic approach for exposing
ONAP operational capabilities through a function by name API Fabric
which exposes a façade layer in Ext-API rather than deep integration
with individual ONAP components.
MEF PSR Definition and PSRI Lifecycle – Ref MEF 50.1

Day 0 Day 1..n

Operational enablers required to support the end to end operational lifecycle

 MEF LSO Operational Threads

• Partners on-boarding
Operational Threads describe the high • Product Ordering and Service Activation
level Use Cases of LSO behavior as well as Orchestration (Partially Supported in Ext-API)
the series of interactions among LSO • Controlling a Service
management entities, helping to express • Customer Viewing Service Performance and
the vision of the LSO capabilities. The Fault Reports and Metrics
interactions de-scribed within each • Placing and Tracking Trouble Reports
Operational Thread address the detailed • Assessing Service Quality Based on SLS
involvement of the Interface Reference • Collection and Reporting of Billing and Usage
Points in the LSO Reference Architecture. • Securing Management and Control
Mechanisms
• Providing Connectivity Services for Cloud
Reference : MEF 55.1
Operational Lifecycle : How ONAP Services are Consumed in
Production
Consumption through Standard interface Consumption based on custom interface
• TMF, ETSI, MEF, ONF, IETF based interfaces • ONAP Proprietary i/f or Consumer Proprietary i/f
depending on ONAP deployment context • No fixed pattern for interfaces or Managed objects
• Each standard based on a specific set of • Mostly used for consuming either ONAP internal
managed object model and standard set of Services or integration with custom operator solutions
operations on managed objects • Expect to operate on a unified/normalized/abstracted
• Mostly used for integration set of managed objects

ONAP

From a consumer point of view it is always beneficial to have a consistent/simple/uniform interface. Deep
integration with internal modules are not sustainable
 Use Case Overview Operational Lifecycle Enablement
Use Case Overview
• An approach by which operators can consume the
operational capabilities of ONAP in a simple or standard
based way
• An API Fabric that exposes Operational APIs through
Market place for reference and subscription
• API Fabric resides in Ext-API function as an additional MS
and integrated with CLI , also supports custom integration
with other ONAP internal services to expose a Facade
view
• API Fabric also supports establishing secure channel with
ONAP internal APIs exposed by ONAP components
• What API Fabric provides
• API Marketplace of supported APIs that can be
subscribed on demand
• API LCM – Interface to onboard new Operational
APIs and integrate with backend
• API Fabric reside as a sub component of Ext-API and provide additional
• Development Toolkit – Ability to insert additional
capabilities such as security, API management, marketplace etc.
logic while processing APIs
• CLI project has built in normalized set of managed objects corresponding to
Target : Operations Engineers, Devops Engineers, the internal APIs in ONAP which can be operated upon via APIs exposed
Operations Team, Product Design Team, Planning through API Fabric
Use Case Scenarios

1. Operational API is on boarded for consumption

2. Operational APIs is instrumented for alignment with ONAP API
3. Operational API is secured through an Oauth 2.0 Provider
4. Operational API is activated to be subscribed by external consumers
5. Operational API is subscribed by external consumer
6. Operational API is consumed by external consumer
 Use Case Scenario 1 : A new Operational API is on boarded
for consumption
Actors : DevOps Engineer , Operations Administrator, Operational Process Designer

API LCM API Configuration DB

Validates Operational 4 Devops Engineer 2
Operations Administrator API Swagger File and
Specification API Fabric
Creates a new API project
in API Fabric and onboards
3 the Swagger File for the
Spec exposed Operational API
Enterprise git
Server
Develops operational
API Specification and
mapping logic Develops Exposed 2
Operational API Swagger
File based on Specification
1

Operational Process Designer Devops Engineer 1

 Use Case Scenario 2 : Operational APIs is instrumented for
alignment with ONAP API

For the onboarded API and associated

operations API LCM API Configuration DB
• Configures the Plugin association with API

7
DevOps
Engineer

Spec Plugin
Plugin
Plugin 6
5
Preload Plugin to API Fabric
API Frabric or
If a new Plugin/MS is integrate it as
required for controlling Microservices
the API behavior it is
created Optional
Optional
DevOps
Engineer

Plugin Example : API Transformation Logic, Enrichment Logic, Composition Logic

This step will be demonstrated with the built in Plugins in API Fabric
Use Case Scenario 3: Operational API is secured through an
Oauth 2.0 Provider
Configure Auth Provider Details for API
9 10 API LCM API Configuration DB

DevOps Engineer API Fabric

Auth 8
Provider
Configures
Security
Scheme/ Operations Admin
Credentials /
Domain/Scope
Use Case Scenario 4:Operational API is activated to be
subscribed by external consumers

Publishes and Starts API for

Subscription/Consumption API LCM API Configuration DB

11 API Fabric
Operations Admin
Published API is available in
Marketplace for subscription
Use Case Scenario 5: Operational API is subscribed by
external consumer

12
API LCM API Configuration DB

API Fabric
Consumer
Consumer App Subscribes to the API from
Market Place or uses the API Fabric
Management API to Subscribe
Use Case Scenario 6: Operational API is consumed by
external consumer
Access Restricted API
With Token API LCM API Configuration DB
14
API Fabric Plugin Plugin Plugin
Authorized API Call
Consumer OAuth2.0 is allowed to be
13 Introspection 15 16 processed by
Authorization Grant associated plugins
Request Token with
Auth
Registered Credentials ONAP Services
Provider
API Fabric Scope – Wish List
API Façade API Mediation/Adaptation
• Model Driven API Management – Swagger import, LCM • Script insertion – Groovy, Python or Custom
management (version, canary, artifacts/plugin association)
• Business logic insertion – Plugin SDK
• API Composition toolsets – HTTP Callout and aggregation
• Transformation templates – JOLT , Velocity
• Integration with ONAP specific or external Auth Provider
• Expression Language – Query strings , Regular
• API Marketplace , Subscription Management, Plan expression support
Management
• Alert Generation and Control loop support
• API Policy Management –, Tenancy, Rate Limit, Quota,
Circuit Break • Runtime Mediation Control

• Documentation Tools • Flexibility to support API variance – SOAP, REST,

GraphQL, gRPC, XML, JSON
• Input Validation

Common (including non-functional)

• API Monitoring, Metrics Collection, Analytics • Low Maintenance overhead
• Cloud native friendly - Distributed, Microservice based, • Developer friendly toolsets , Low effort
Scalable
• API Sharding , Canary Support
Managed Objects Supported by CLI Project
Managed Objects - CLI Project
Cloud (A&AI)
Customer (A&AI)
Ems (A&AI)
EP (Entitlement Pool) (SDC)
License Group (SDC)
License Mode (SDC)
License-agreement (License Agreement – SDC)
Logic Link (A&AI)
Microservice (MSB
PNF (manage in A&AI)
Policy-Operational (Policy)
Policy-Config (Policy)
SDNC (A&AI)
Service (SO)
Service-Instance (A&AI)
Service-Model (SDC)
Service Type (SDC)
Subscription (A&AI)
Tenant (A&AI)
VF (SDC)
VF-Model (SDC)
VF Module (SDC)
VIM (A&AI)
VNF (A&AI, APPC)
VNFM (A&AI)
VSP (A&AI)
API Fabric Deployment View

API Fabric Management

API

API Fabric GW API Fabric Config DB

Plugins
API Fabric Management
UI
Can reuse what is
currently available in
Ext-Plugins Ext-API
Proof Of Concept Plan
POC Option 1: VF Secure Invocation of ONAP API by External
App
• An external Security Monitoring Application monitors VNF for threats (DDOS, Failed • Currently ONAP does not expose Policy APIs directly through a secure channel.
Logins) • VF Requirement is to expose ONAP internal APIs through a Façade interface with
• ONAP Policy FW is triggered for taking corrective action (isolate the VNF after security – API GW is the right choice as per the feedback they received from
instantiating a standby VNF) community
 POC Option 1: Realization

ONAP Internal API Façade 1

Onboarding & Instrumentation 2
Oauth Token Request
Oauth Token
Ext-API API Fabric External App
3
OAuth2.0 4 ONAP Internal
2.1
Authentication Service Request
CLI (Optional)
5 Option A : Assuming CLI exposes
Auth Provider Internal API Internal API 6 API for triggering the Policy
Enrichment Call
Option B

ONAP 7 ONAP
A&AI/SDC Component X Component Y
(e.g. Policy) (e.g. SO)
POC Option 1: Sequence of Operation

Ext-API API Ext-API TMF NBI ONAP Internal ONAP Internal

Ext-App Auth Provider
Fabric Services Services

Token Request

Token Response

ONAP Internal API Façade Invocation

Token Introspection Optional API

Token Validated Enrichment (SDC or
ONAP Internal
A&AI Call)
Service Invocation

Enrichment data
ONAP Internal API Invocation

Response Composition
ONAP Internal API Façade Response
POC Option 2: Secure Invocation of External API

• Co-locate API Fabric with External API Project and enable Secure interface
for all Ext-API invocations
• For any Custom/Façade API invocations from outside ONAP, support them
through the approach followed by POC Option 1

• API Fabric to expose the supported TMF APIs in the Marketplace

• Allow subscription of supported TMF APIs
• Support API Management and Security Management at API Fabric level
• Integrate API Fabric with ONAP AAF or an In-Built Auth Provider to enable Oauth 2.0
based authentication
POC Option 2: Secure Access of ONAP External API

1 OSS/BSS

ONAP TMF API Onboarding &

Exposure through Marketplace 2 Oauth TMF API 4
Token Req

Invocation
API Fabric TMF API
Ext-API
OAuth2.0 Token
Management, TMF Request TMF Request
3 5 6 6 Enrichment
Introspection Enrichment
7 7
Auth Provider
(AAF or Built-in)

SDC A&AI SO
PoC 2: Sequence Diagram 1/2 Subscription of API through Marketplace is not shown

Ext-API API
OSS/BSS Auth Provider
Fabric
Ext-API TMF NBI SDC SO AAI

Token Request

Token Response

TMF API Invocation

Token Introspection
TMF API TMF API
Token Validated Invocation enrichment using
SDC Catalog Info
SO Service API
(E2E Service)
Update AAI
Operation ID

Operation ID
Hub Resource Request (Callback URL , Token)
Register Hub Resource
Check Orchestration status
Update Callback URL about
Orchestration Complete
Orchestration status
PoC 2: Sequence Diagram 2/2
Ext-API API
OSS/BSS Auth Provider
Fabric
Ext-API TMF NBI SDC SO AAI Partner ONAP

Partner Registration (New API)

E2E Service Order

Optional - API
Token Validation Enrichment (SDC
Catalog TMF API)

E2E Service Order API payload

enrichment
API Fabric exposes a
Façade API for SO to
invoke partner . Fabric
E2E Service Creation SO API Service Instance
transforms the request Creation
to a TMF Service Order Operation ID
. SO need not store
TMF 641 Order
Partner template Partner Service Creation Request
registered
URL and Partner Service Order
Token used
here
Potential Security Mechanism

• MEF initiated a new work item “Security Mechanisms for Inter-carrier

Interfaces” in May 2019. Currently in exploratory stage
• ETSI GS NFV-SEC 022 V0.1.0 (2019-04) suggests Oauth 2.0 Access
Token based Security for APIs

• We can start supporting OAuth2.0 based Security Mechanism

• API Fabric can maintain keystore and truststore to expose https
based interaction externally
Potential Challenges

• Hub Resource Security – Security Mechanism for Call Back

• Use of AAF as Auth Provider : Oauth 2.0 Protocol Interface
availability to be checked
- Need for Special Auth Client to interact with AAF
s
Q&A