diff options
Diffstat (limited to 'docs/testing/user/cvpaddendum')
-rw-r--r-- | docs/testing/user/cvpaddendum/index.rst | 422 |
1 files changed, 0 insertions, 422 deletions
diff --git a/docs/testing/user/cvpaddendum/index.rst b/docs/testing/user/cvpaddendum/index.rst deleted file mode 100644 index cd8a296a..00000000 --- a/docs/testing/user/cvpaddendum/index.rst +++ /dev/null @@ -1,422 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International -.. License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Intel and others - -.. _dovetail-cvp_addendum: - -==================================================================== -Compliance Verification Program - Guidelines Addendum for Danube -==================================================================== - -.. toctree:: - :maxdepth: 2 - - -Introduction -============ - -This addendum provides a high-level description of the testing scope and -pass/fail criteria used in the Compliance Verification Program (CVP) for the -OPNFV Danube release. This information is intended as an overview for CVP -testers and for the Dovetail Project to help guide test-tool and test-case -development for the OPNFV Danube release. The Dovetail project is responsible for documenting -test-case specifications as well as implementing the CVP tool-chain through collaboration -with the OPNFV testing community. CVP testing focuses on establishing the -ability of the System Under Test (SUT) to perform NFVI and VIM operations and support -Service Provider oriented features that ensure manageable, resilient and secure -networks. - - -Meaning of Compliance -===================== - -OPNFV Compliance indicates adherence of an NFV platform to behaviors defined -through specific platform capabilities, allowing to prepare, instantiate, -operate and remove VNFs running on the NFVI. Danube compliance evaluates the -ability of a platform to support Service Provider network capabilities and -workloads that are supported in the OPNFV platform as of this release. -Compliance test cases are designated as compulsory or optional based on the -maturity of OPNFV capabilities as well as industry expectations. Compulsory -test cases may for example include NFVI management capabilities whereas tests -for certain high-availability features may be deemed as optional. - -Test coverage and pass/fail criteria are -designed to ensure an acceptable level of compliance but not be so restrictive -as to disqualify variations in platform implementations, capabilities and features. - - -SUT Assumptions -=============== - -Assumptions about the System Under Test (SUT) include ... - -- The minimal specification of physical infrastructure, including controller - nodes, compute nodes and networks, is defined by the `Pharos specification`_. - -- The SUT is fully deployed and operational, i.e. SUT deployment tools are - out of scope of testing. - - -Scope of Testing -================ - -The `OPNFV CVP Guidelines`_, as approved by the Board of Directors, outlines -the key objectives of the CVP as follows: - -- Help build the market for - - - OPNFV based infrastructure - - - applications designed to run on that infrastructure - -- Reduce adoption risks for end-users - -- Decrease testing costs by verifying hardware and software platform - interfaces and components - -- Enhance interoperability - -The guidelines further directs the scope to be constrained to "features, -capabilities, components, and interfaces included in an OPNFV release that are -generally available in the industry (e.g., through adoption by an upstream -community)", and that compliance verification is evaluated using "functional tests -that focus on defined interfaces and/or behaviors without regard to the -the implementation of the underlying system under test". - -OPNFV provides a broad range of capabilities, including the reference platform itself -as well as tools-chains and methodologies for building infrastructures, and -deploying and testing the platform. -Not all these aspects are in scope for CVP and not all functions and -components are tested in the initial version of CVP. For example, the deployment tools -for the SUT and CI/CD toolchain are currently out of scope. -Similarly, performance benchmarking related testing is also out of scope or -for further study. Newer functional areas such as MANO (outside of APIs in the NFVI and -VIM) are still developing and are for future considerations. - - -General Approach ----------------- - -In order to meet the above objectives for CVP, we aim to follow a general approach -by first identifying the overall requirements for all stake-holders, -then analyzing what OPNFV and the upstream communities can effectively test and verify -presently to derive an initial working scope for CVP, and to recommend what the -community should strive to achieve in future releases. - -The overall requirements for CVP can be categorized by the basic cloud -capabilities representing common operations needed by basic VNFs, and additional -requirements for VNFs that go beyond the common cloud capabilities including -functional extensions, operational capabilities and additional carrier grade -requirements. - -For the basic NFV requirements, we will analyze the required test cases, -leverage or improve upon existing test cases in OPNFV projects -and upstream projects whenever we can, and bridge the gaps when we must, to meet -these basic requirements. - -We are not yet ready to include compliance requirements for capabilities such -as hardware portability, carrier grade performance, fault management and other -operational features, security, MANO and VNF verification. These areas are -being studied for consideration in future CVP releases. - -In some areas, we will start with a limited level of verification -initially, constrained by what community resources are able to support at this -time, but still serve a basic need that is not being fulfilled elsewhere. -In these areas, we bring significant value to the community we -serve by starting a new area of verification, breaking new ground and -expanding it in the future. - -In other areas, the functions being verified have yet to reach -wide adoption but are seen as important requirements in NFV, -or features are only needed for specific NFV use cases but -an industry consensus about the APIs and behaviors is still deemed beneficial. In such -cases, we plan to incorporate the test areas as optional. An optional test -area will not have to be run or passed in order to achieve compliance. -Optional tests provide an opportunity for vendors to demonstrate compliance with specific OPNFV -features beyond the mandatory test scope. - - -Analysis of Scope ------------------ - -In order to define the scope of the Danube-release of the compliance and -verification program, this section analyzes NFV-focused platform capabilities -with respect to the high-level objectives and the general approach outlined in -the previous section. The analysis determines which capabilities are suitable -for inclusion in this release of the CVP and which capabilities are to be -addressed in future releases. - -1. Basic Cloud Capabilities - -The intent of these tests is to verify that the SUT has the required -capabilities that a basic VNF needs, and these capabilities are implemented -in a way that enables this basic VNF to run on any OPNFV compliant -deployment. - -A basic VNF can be thought of as a single virtual machine that is networked -and can perform the simplest network functions, for example, a simple forwarding -gateway, or a set of such virtual machines connected only by simple virtual network -services. Running such basic VNF leads to a set of common requirements, including: - -- image management (Refstack testing Glance API) -- identity management (Refstack testing Keystone Identity API) -- virtual compute (Refstack testing Nova Compute API) -- virtual storage (Refstack testing Cinder API) -- virtual networks (Refstack testing Neutron Network API) -- forwarding packets through virtual networks in data path -- filtering packets based on security rules and port security in data path -- dynamic network runtime operations through the life of a VNF (e.g. attach/detach, - enable/disable, read stats) -- correct behavior after common virtual machine life cycles events (e.g. - suspend/resume, reboot, migrate) -- simple virtual machine resource scheduling on multiple nodes - -OPNFV mainly supports OpenStack as the VIM up to the Danube release. The -VNFs used in the CVP program, and features in scope for the program which are -considered to be basic to all VNFs, require commercial OpenStack distributions -to support a common basic level of cloud capabilities, and to be compliant -to a common specification for these capabilities. This requirement significantly -overlaps with OpenStack community's Interop working group's goals, but they are not -identical. The CVP runs the OpenStack Refstack-Compute test cases to verify -compliance to the basic common API requirements of cloud -management functions and VNF (as a VM) management for OPNFV. -Additional NFV specific requirements are added in network data path validation, -packet filtering by security group rules and port security, life cycle runtime events of -virtual networks, multiple networks in a topology, validation -of VNF's functional state after common life-cycle events including reboot, pause, -suspense, stop/start and cold migration. In addition, the -basic requirement also verifies that the SUT can allocate VNF resources based -on simple anti-affinity rules. - -The combined test cases help to ensure that these basic operations are always -supported by a compliant platform and they adhere to -a common standard to enable portability across OPNFV compliant platforms. - -2. NFV specific functional requirements - -NFV has functional requirements beyond the basic common cloud -capabilities, esp. in the networking area. Examples like SDNVPN, IPv6, SFC may -be considered additional NFV requirements beyond general purpose cloud -computing. These feature requirements expand beyond common OpenStack (or other -VIM) requirements. OPNFV CVP will incorporate test cases to verify -compliance in these areas as they become mature. Because these extensions -may impose new API demands, maturity and industry adoption is a prerequisite for -making them a mandatory requirement for OPNFV compliance. At the time of Danube, -we have not identified a new functional area that is mandatory for CVP. -In the meantime, CVP -intends to offer tests in some of these areas as an optional extension of the test -report to be submitted for review, noting that passing these tests will not be -required to pass OPNFV compliance verification. - -SDNVPN is relevant due to the wide adoption of MPLS/BGP based VPNs in wide area -networks, which makes it necessary for data centers hosting VNFs to be able to -seamlessly interconnect with such networks. IPv6 is a high priority service provider -requirement to ease IP addressing and operational issues. SFC is also an important -NFV requirement, however its implementation has not yet been accepted or adopted -in the upstream at the time of Danube. - -3. High availability - -High availability is a common carrier grade requirement. Availability of a -platform involves many aspects of the SUT, for example hardware or lower layer -system failures or system overloads, and is also highly dependent on -configurations. The current OPNFV high availability verification focuses on -OpenStack control service failures and resource overloads, and verifies service -continuity when the system encounters such failures or resource overloads, and -also verifies the system heals after a failure episode within a reasonable time -window. These service HA capabilities are commonly adopted in the industry -and should be a mandatory requirement. - -The current test cases in HA cover the basic area of failure and resource -overload conditions for a cloud platform's service availability, including all -of the basic cloud capability services, and basic compute and storage loads, -so it is a meaningful first step for CVP. We expect additional high availability -scenarios be extended in future releases. - -4. Resiliency - -Resiliency testing involves stressing the SUT and verifying its ability -to absorb stress conditions and still provide an acceptable level of service. -Resiliency is an important requirement for end-users. - -The OPNFV testing projects have started testing -OPNFV system resiliency in -the Danube release that can be used to provide limited coverage in this area. -However, this is a relatively new test methodology in OPNFV, additional study -and testing experiences are still needed. We defer the resiliency testing to -future CVP releases. - -5. Security - -Security is among the top priorities as a carrier grade requirement by the -end-users. Some of the basic common functions, including virtual network isolation, -security groups, port security and role based access control are already covered as -part of the basic cloud capabilities that are verified in CVP. These test cases -however do not yet cover the basic required security capabilities expected of an end-user -deployment. It is an area that we should address in the near future, to define -a common set of requirements and develop test cases for verifying those -requirements. - -Another common requirement is security vulnerability scanning. -While the OPNFV security project integrated tools for security vulnerability -scanning, this has not been fully analyzed or exercised in Danube release. -This area needs further work to identify the required level of security for the -purpose of OPNFV in order to be integrated into the CVP. End-user inputs on -specific requirements in security is needed. - -6. Service assurance - -Service assurance (SA) is a broad area of concern for reliability of the NFVI/VIM -and VNFs, and depends upon multiple subsystems of an NFV platform for essential -information and control mechanisms. These subsystems include telemetry, fault management -(e.g. alarms), performance management, audits, and control mechanisms such as security -and configuration policies. - -The current Danube release implements some enabling capabilities in NFVI/VIM -such as telemetry, policy, and fault management. However, the specification of expected -system components, behavior and the test cases to verify them have not yet -been adequately developed. We will therefore not be testing this area at this time -but defer to future study. - -7. Use case testing - -Use-case test cases exercise multiple functional capabilities of a platform in -order to realize a larger end-to-end scenario. Such end-to-end use cases do -not necessarily add new API requirements to the SUT per se, but exercise -aspects of the SUT's functional capabilities in more complex ways. For -instance, they allow for verifying the complex interactions among multiple VNFs -and between VNFs and the cloud platform in a more realistic fashion. End-users -consider use-case-level testing as a significant tool in verifying OPNFV -compliance because it validates design patterns and support for the types of -NFVI features that users care about. - -There are a lot of projects in OPNFV developing use cases and sample VNFs, -however most are still in early phase and require further enhancements to -become useful additions to the CVP. Examples such as vIMS, or those which are -not yet available in Danube release, e.g. vCPE, will be valuable additions to -the CVP. These use cases need to be widely accepted, and since they are more -complex, using these VNFs for CVP demands a higher level of community resources -to implement, analyze and document these VNFs. Hence, use case testing is not -ready for CVP at the time of Danube, but can be incorporated in Euphrates or as -a future roadmap area. - -8. Additional capabilities - -In addition to the capabilities analyzed above, there are further system -aspects which are of importance for the CVP. These comprise operational and -management aspects such as platform in-place upgrades and platform operational -insights such as telemetry and logging. Further aspects include API backward -compatibility / micro-versioning, workload migration, multi-site federation and -interoperability with workload automation platforms, e.g. ONAP. Finally, -efficiency aspects such as the hardware and energy footprint of the platform -are worth considering in the CVP. - -OPNFV is addressing these items on different levels of details in different -projects. However, the contributions developed in these projects are not yet -considered widely available in commercial systems in order to include them in -the CVP. Hence, these aspects are left for inclusion in future releases of the -CVP. - - - -Scope of the Danube-release of the CVP --------------------------------------- - -Summarizing the results of the analysis above, the scope of the Danube-release -of the CVP is as follows: - -- Test Area: Basic cloud capabilities - - - **OpenStack interoperability test cases excluding object storage**\* - - **OPNFV-Functest/vPing, including both user data and ssh** - - *Port security and security groups* - - *VM life-cycle events* - - *VM networking* - - *VM resource scheduling* - - *Forwarding packets in the data path* - -\* The OPNFV CVP utilizes the same set of test cases as the OpenStack -interoperability program *OpenStack Powered Compute*. Passing the OPNFV CVP -does **not** imply that the SUT is certified according to the *OpenStack Powered -Compute* program. *OpenStack Powered Compute* is a trademark of the OpenStack -foundation and the corresponding certification label can only be awarded by the -OpenStack foundation. - - - -- Test Area: SDNVPN - - - *OPNFV-SDNVPN* - - -- Test Area: IPv6 - - - *OPNFV-IPv6 - (Limited to overlay tests, v6Ping)* - - -- Test Area: High Availability - - - **OPNFV-Yardstick/HA** - (Limited to service continuity verification of control services) - -[Highlighting: **Mandatory test cases**, *Optional test cases*] - - -These tested areas represent significant advancement in the direction to meet -the CVP's objectives and end-user expectations, and is a good basis for the -initial phase of CVP. - -Note: The SUT is limited to NFVI and VIM functions. While testing MANO -component capabilities is out of scope, certain APIs exposed towards MANO are -used by the current OPNFV compliance testing suite. MANO and other operational -elements may be part of the test infrastructure; for example used for workload -deployment and provisioning. - - -Scope considerations for future CVP releases --------------------------------------------- - -Based on the previous analysis, the following items are outside the scope of -the Danube release of the CV but are being considered for inclusion in future -releases: - -- service assurance -- use case testing -- platform in-place upgrade -- API backward compatibility / micro-versioning -- workload migration -- multi-site federation -- service function chaining -- platform operational insights, e.g. telemetry, logging -- efficiency, e.g. hardware and energy footprint of the platform -- interoperability with workload automation platforms e.g. ONAP -- resilience -- security and vulnerability scanning -- performance measurements - - -Criteria for Awarding Compliance -================================ - -This section provides guidance on compliance criteria for each test area. The -criteria described here are high-level, detailed pass/fail metrics are -documented in Dovetail test specifications. - -1. All mandatory test cases must pass. - -Exceptions to this rule may be legitimate, e.g. due to imperfect test tools or -reasonable circumstances that we can not foresee. These exceptions must be -documented and accepted by the reviewers. - -2. Optional test cases are optional to run. Its test results, pass or fail, - do not impact compliance. - -Applicants who choose to run the optional test cases can include the results -of the optional test cases to highlight the additional compliance. - -.. References -.. _`OPNFV CVP Guidelines`: https://wiki.opnfv.org/display/dovetail/CVP+document -.. _`Pharos specification`: https://wiki.opnfv.org/display/pharos/Pharos+Specification - |