summaryrefslogtreecommitdiffstats
path: root/docs/testing/user/ovpaddendum
diff options
context:
space:
mode:
Diffstat (limited to 'docs/testing/user/ovpaddendum')
-rw-r--r--docs/testing/user/ovpaddendum/index.rst420
1 files changed, 420 insertions, 0 deletions
diff --git a/docs/testing/user/ovpaddendum/index.rst b/docs/testing/user/ovpaddendum/index.rst
new file mode 100644
index 00000000..2bb7e8c8
--- /dev/null
+++ b/docs/testing/user/ovpaddendum/index.rst
@@ -0,0 +1,420 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) Intel and others
+
+====================================================================
+OPNFV Verified Program - Guidelines Addendum for Danube
+====================================================================
+
+.. toctree::
+ :maxdepth: 2
+
+
+Introduction
+============
+
+This addendum provides a high-level description of the testing scope and
+pass/fail criteria used in the OPNFV Verified Program (OVP) for the
+OPNFV Danube release. This information is intended as an overview for OVP
+testers and for the Dovetail Project to help guide test-tool and test-case
+development for the OPNFV Danube release. The Dovetail project is responsible for documenting
+test-case specifications as well as implementing the OVP tool-chain through collaboration
+with the OPNFV testing community. OVP testing focuses on establishing the
+ability of the System Under Test (SUT) to perform NFVI and VIM operations and support
+Service Provider oriented features that ensure manageable, resilient and secure
+networks.
+
+
+Meaning of Compliance
+=====================
+
+OPNFV Compliance indicates adherence of an NFV platform to behaviors defined
+through specific platform capabilities, allowing to prepare, instantiate,
+operate and remove VNFs running on the NFVI. Danube compliance evaluates the
+ability of a platform to support Service Provider network capabilities and
+workloads that are supported in the OPNFV platform as of this release.
+Compliance test cases are designated as compulsory or optional based on the
+maturity of OPNFV capabilities as well as industry expectations. Compulsory
+test cases may for example include NFVI management capabilities whereas tests
+for certain high-availability features may be deemed as optional.
+
+Test coverage and pass/fail criteria are
+designed to ensure an acceptable level of compliance but not be so restrictive
+as to disqualify variations in platform implementations, capabilities and features.
+
+
+SUT Assumptions
+===============
+
+Assumptions about the System Under Test (SUT) include ...
+
+- The minimal specification of physical infrastructure, including controller
+ nodes, compute nodes and networks, is defined by the `Pharos specification`_.
+
+- The SUT is fully deployed and operational, i.e. SUT deployment tools are
+ out of scope of testing.
+
+
+Scope of Testing
+================
+
+The `OPNFV OVP Guidelines`_, as approved by the Board of Directors, outlines
+the key objectives of the OVP as follows:
+
+- Help build the market for
+
+ - OPNFV based infrastructure
+
+ - applications designed to run on that infrastructure
+
+- Reduce adoption risks for end-users
+
+- Decrease testing costs by verifying hardware and software platform
+ interfaces and components
+
+- Enhance interoperability
+
+The guidelines further directs the scope to be constrained to "features,
+capabilities, components, and interfaces included in an OPNFV release that are
+generally available in the industry (e.g., through adoption by an upstream
+community)", and that compliance verification is evaluated using "functional tests
+that focus on defined interfaces and/or behaviors without regard to the
+the implementation of the underlying system under test".
+
+OPNFV provides a broad range of capabilities, including the reference platform itself
+as well as tools-chains and methodologies for building infrastructures, and
+deploying and testing the platform.
+Not all these aspects are in scope for OVP and not all functions and
+components are tested in the initial version of OVP. For example, the deployment tools
+for the SUT and CI/CD toolchain are currently out of scope.
+Similarly, performance benchmarking related testing is also out of scope or
+for further study. Newer functional areas such as MANO (outside of APIs in the NFVI and
+VIM) are still developing and are for future considerations.
+
+
+General Approach
+----------------
+
+In order to meet the above objectives for OVP, we aim to follow a general approach
+by first identifying the overall requirements for all stake-holders,
+then analyzing what OPNFV and the upstream communities can effectively test and verify
+presently to derive an initial working scope for OVP, and to recommend what the
+community should strive to achieve in future releases.
+
+The overall requirements for OVP can be categorized by the basic cloud
+capabilities representing common operations needed by basic VNFs, and additional
+requirements for VNFs that go beyond the common cloud capabilities including
+functional extensions, operational capabilities and additional carrier grade
+requirements.
+
+For the basic NFV requirements, we will analyze the required test cases,
+leverage or improve upon existing test cases in OPNFV projects
+and upstream projects whenever we can, and bridge the gaps when we must, to meet
+these basic requirements.
+
+We are not yet ready to include compliance requirements for capabilities such
+as hardware portability, carrier grade performance, fault management and other
+operational features, security, MANO and VNF verification. These areas are
+being studied for consideration in future OVP releases.
+
+In some areas, we will start with a limited level of verification
+initially, constrained by what community resources are able to support at this
+time, but still serve a basic need that is not being fulfilled elsewhere.
+In these areas, we bring significant value to the community we
+serve by starting a new area of verification, breaking new ground and
+expanding it in the future.
+
+In other areas, the functions being verified have yet to reach
+wide adoption but are seen as important requirements in NFV,
+or features are only needed for specific NFV use cases but
+an industry consensus about the APIs and behaviors is still deemed beneficial. In such
+cases, we plan to incorporate the test areas as optional. An optional test
+area will not have to be run or passed in order to achieve compliance.
+Optional tests provide an opportunity for vendors to demonstrate compliance with specific OPNFV
+features beyond the mandatory test scope.
+
+
+Analysis of Scope
+-----------------
+
+In order to define the scope of the Danube-release of the compliance and
+verification program, this section analyzes NFV-focused platform capabilities
+with respect to the high-level objectives and the general approach outlined in
+the previous section. The analysis determines which capabilities are suitable
+for inclusion in this release of the OVP and which capabilities are to be
+addressed in future releases.
+
+1. Basic Cloud Capabilities
+
+The intent of these tests is to verify that the SUT has the required
+capabilities that a basic VNF needs, and these capabilities are implemented
+in a way that enables this basic VNF to run on any OPNFV compliant
+deployment.
+
+A basic VNF can be thought of as a single virtual machine that is networked
+and can perform the simplest network functions, for example, a simple forwarding
+gateway, or a set of such virtual machines connected only by simple virtual network
+services. Running such basic VNF leads to a set of common requirements, including:
+
+- image management (Refstack testing Glance API)
+- identity management (Refstack testing Keystone Identity API)
+- virtual compute (Refstack testing Nova Compute API)
+- virtual storage (Refstack testing Cinder API)
+- virtual networks (Refstack testing Neutron Network API)
+- forwarding packets through virtual networks in data path
+- filtering packets based on security rules and port security in data path
+- dynamic network runtime operations through the life of a VNF (e.g. attach/detach,
+ enable/disable, read stats)
+- correct behavior after common virtual machine life cycles events (e.g.
+ suspend/resume, reboot, migrate)
+- simple virtual machine resource scheduling on multiple nodes
+
+OPNFV mainly supports OpenStack as the VIM up to the Danube release. The
+VNFs used in the OVP program, and features in scope for the program which are
+considered to be basic to all VNFs, require commercial OpenStack distributions
+to support a common basic level of cloud capabilities, and to be compliant
+to a common specification for these capabilities. This requirement significantly
+overlaps with OpenStack community's Interop working group's goals, but they are not
+identical. The OVP runs the OpenStack Refstack-Compute test cases to verify
+compliance to the basic common API requirements of cloud
+management functions and VNF (as a VM) management for OPNFV.
+Additional NFV specific requirements are added in network data path validation,
+packet filtering by security group rules and port security, life cycle runtime events of
+virtual networks, multiple networks in a topology, validation
+of VNF's functional state after common life-cycle events including reboot, pause,
+suspense, stop/start and cold migration. In addition, the
+basic requirement also verifies that the SUT can allocate VNF resources based
+on simple anti-affinity rules.
+
+The combined test cases help to ensure that these basic operations are always
+supported by a compliant platform and they adhere to
+a common standard to enable portability across OPNFV compliant platforms.
+
+2. NFV specific functional requirements
+
+NFV has functional requirements beyond the basic common cloud
+capabilities, esp. in the networking area. Examples like SDNVPN, IPv6, SFC may
+be considered additional NFV requirements beyond general purpose cloud
+computing. These feature requirements expand beyond common OpenStack (or other
+VIM) requirements. OPNFV OVP will incorporate test cases to verify
+compliance in these areas as they become mature. Because these extensions
+may impose new API demands, maturity and industry adoption is a prerequisite for
+making them a mandatory requirement for OPNFV compliance. At the time of Danube,
+we have not identified a new functional area that is mandatory for OVP.
+In the meantime, OVP
+intends to offer tests in some of these areas as an optional extension of the test
+report to be submitted for review, noting that passing these tests will not be
+required to pass OPNFV compliance verification.
+
+SDNVPN is relevant due to the wide adoption of MPLS/BGP based VPNs in wide area
+networks, which makes it necessary for data centers hosting VNFs to be able to
+seamlessly interconnect with such networks. IPv6 is a high priority service provider
+requirement to ease IP addressing and operational issues. SFC is also an important
+NFV requirement, however its implementation has not yet been accepted or adopted
+in the upstream at the time of Danube.
+
+3. High availability
+
+High availability is a common carrier grade requirement. Availability of a
+platform involves many aspects of the SUT, for example hardware or lower layer
+system failures or system overloads, and is also highly dependent on
+configurations. The current OPNFV high availability verification focuses on
+OpenStack control service failures and resource overloads, and verifies service
+continuity when the system encounters such failures or resource overloads, and
+also verifies the system heals after a failure episode within a reasonable time
+window. These service HA capabilities are commonly adopted in the industry
+and should be a mandatory requirement.
+
+The current test cases in HA cover the basic area of failure and resource
+overload conditions for a cloud platform's service availability, including all
+of the basic cloud capability services, and basic compute and storage loads,
+so it is a meaningful first step for OVP. We expect additional high availability
+scenarios be extended in future releases.
+
+4. Resiliency
+
+Resiliency testing involves stressing the SUT and verifying its ability
+to absorb stress conditions and still provide an acceptable level of service.
+Resiliency is an important requirement for end-users.
+
+The OPNFV testing projects have started testing
+OPNFV system resiliency in
+the Danube release that can be used to provide limited coverage in this area.
+However, this is a relatively new test methodology in OPNFV, additional study
+and testing experiences are still needed. We defer the resiliency testing to
+future OVP releases.
+
+5. Security
+
+Security is among the top priorities as a carrier grade requirement by the
+end-users. Some of the basic common functions, including virtual network isolation,
+security groups, port security and role based access control are already covered as
+part of the basic cloud capabilities that are verified in OVP. These test cases
+however do not yet cover the basic required security capabilities expected of an end-user
+deployment. It is an area that we should address in the near future, to define
+a common set of requirements and develop test cases for verifying those
+requirements.
+
+Another common requirement is security vulnerability scanning.
+While the OPNFV security project integrated tools for security vulnerability
+scanning, this has not been fully analyzed or exercised in Danube release.
+This area needs further work to identify the required level of security for the
+purpose of OPNFV in order to be integrated into the OVP. End-user inputs on
+specific requirements in security is needed.
+
+6. Service assurance
+
+Service assurance (SA) is a broad area of concern for reliability of the NFVI/VIM
+and VNFs, and depends upon multiple subsystems of an NFV platform for essential
+information and control mechanisms. These subsystems include telemetry, fault management
+(e.g. alarms), performance management, audits, and control mechanisms such as security
+and configuration policies.
+
+The current Danube release implements some enabling capabilities in NFVI/VIM
+such as telemetry, policy, and fault management. However, the specification of expected
+system components, behavior and the test cases to verify them have not yet
+been adequately developed. We will therefore not be testing this area at this time
+but defer to future study.
+
+7. Use case testing
+
+Use-case test cases exercise multiple functional capabilities of a platform in
+order to realize a larger end-to-end scenario. Such end-to-end use cases do
+not necessarily add new API requirements to the SUT per se, but exercise
+aspects of the SUT's functional capabilities in more complex ways. For
+instance, they allow for verifying the complex interactions among multiple VNFs
+and between VNFs and the cloud platform in a more realistic fashion. End-users
+consider use-case-level testing as a significant tool in verifying OPNFV
+compliance because it validates design patterns and support for the types of
+NFVI features that users care about.
+
+There are a lot of projects in OPNFV developing use cases and sample VNFs,
+however most are still in early phase and require further enhancements to
+become useful additions to the OVP. Examples such as vIMS, or those which are
+not yet available in Danube release, e.g. vCPE, will be valuable additions to
+the OVP. These use cases need to be widely accepted, and since they are more
+complex, using these VNFs for OVP demands a higher level of community resources
+to implement, analyze and document these VNFs. Hence, use case testing is not
+ready for OVP at the time of Danube, but can be incorporated in Euphrates or as
+a future roadmap area.
+
+8. Additional capabilities
+
+In addition to the capabilities analyzed above, there are further system
+aspects which are of importance for the OVP. These comprise operational and
+management aspects such as platform in-place upgrades and platform operational
+insights such as telemetry and logging. Further aspects include API backward
+compatibility / micro-versioning, workload migration, multi-site federation and
+interoperability with workload automation platforms, e.g. ONAP. Finally,
+efficiency aspects such as the hardware and energy footprint of the platform
+are worth considering in the OVP.
+
+OPNFV is addressing these items on different levels of details in different
+projects. However, the contributions developed in these projects are not yet
+considered widely available in commercial systems in order to include them in
+the OVP. Hence, these aspects are left for inclusion in future releases of the
+OVP.
+
+
+
+Scope of the Danube-release of the OVP
+--------------------------------------
+
+Summarizing the results of the analysis above, the scope of the Danube-release
+of the OVP is as follows:
+
+- Test Area: Basic cloud capabilities
+
+ - **OpenStack interoperability test cases excluding object storage**\*
+ - **OPNFV-Functest/vPing, including both user data and ssh**
+ - *Port security and security groups*
+ - *VM life-cycle events*
+ - *VM networking*
+ - *VM resource scheduling*
+ - *Forwarding packets in the data path*
+
+\* The OPNFV OVP utilizes the same set of test cases as the OpenStack
+interoperability program *OpenStack Powered Compute*. Passing the OPNFV OVP
+does **not** imply that the SUT is certified according to the *OpenStack Powered
+Compute* program. *OpenStack Powered Compute* is a trademark of the OpenStack
+foundation and the corresponding certification label can only be awarded by the
+OpenStack foundation.
+
+
+
+- Test Area: SDNVPN
+
+ - *OPNFV-SDNVPN*
+
+
+- Test Area: IPv6
+
+ - *OPNFV-IPv6
+ (Limited to overlay tests, v6Ping)*
+
+
+- Test Area: High Availability
+
+ - **OPNFV-Yardstick/HA**
+ (Limited to service continuity verification of control services)
+
+[Highlighting: **Mandatory test cases**, *Optional test cases*]
+
+
+These tested areas represent significant advancement in the direction to meet
+the OVP's objectives and end-user expectations, and is a good basis for the
+initial phase of OVP.
+
+Note: The SUT is limited to NFVI and VIM functions. While testing MANO
+component capabilities is out of scope, certain APIs exposed towards MANO are
+used by the current OPNFV compliance testing suite. MANO and other operational
+elements may be part of the test infrastructure; for example used for workload
+deployment and provisioning.
+
+
+Scope considerations for future OVP releases
+--------------------------------------------
+
+Based on the previous analysis, the following items are outside the scope of
+the Danube release of the CV but are being considered for inclusion in future
+releases:
+
+- service assurance
+- use case testing
+- platform in-place upgrade
+- API backward compatibility / micro-versioning
+- workload migration
+- multi-site federation
+- service function chaining
+- platform operational insights, e.g. telemetry, logging
+- efficiency, e.g. hardware and energy footprint of the platform
+- interoperability with workload automation platforms e.g. ONAP
+- resilience
+- security and vulnerability scanning
+- performance measurements
+
+
+Criteria for Awarding Compliance
+================================
+
+This section provides guidance on compliance criteria for each test area. The
+criteria described here are high-level, detailed pass/fail metrics are
+documented in Dovetail test specifications.
+
+1. All mandatory test cases must pass.
+
+Exceptions to this rule may be legitimate, e.g. due to imperfect test tools or
+reasonable circumstances that we can not foresee. These exceptions must be
+documented and accepted by the reviewers.
+
+2. Optional test cases are optional to run. Its test results, pass or fail,
+ do not impact compliance.
+
+Applicants who choose to run the optional test cases can include the results
+of the optional test cases to highlight the additional compliance.
+
+.. References
+.. _`OPNFV OVP Guidelines`: https://wiki.opnfv.org/display/dovetail/OVP+document
+.. _`Pharos specification`: https://wiki.opnfv.org/display/pharos/Pharos+Specification
+