VNF Format and Packaging

VMware Integrated OpenStack supports ISO, VMDK, and OVA formats natively. Non-native formats such as RAW, QCOW2, VDI, and VHD are also supported after automatic conversion by the import process. The initial format of the VNF is taken into consideration for onboarding, as is the format of any additional components the VNF requires to function. Images are either able to be directly imported, or they can be converted. These formats can also be imported using the command-line.

VNF Onboarding by Using VMware Integrated OpenStack

Once the initial VNF requirements, images, and formats are clarified, a project must be created so that to deploy the VNF in an operational environment. Projects are the VMware Integrated OpenStack constructs that map to tenants. Administrators create projects and assign users to each project. Permissions are managed through definitions for user, group, and project. Users have a further restricted set of rights and privileges. Users are limited to the projects to which they are assigned, although they can be assigned to more than one project. When a user logs in to a project, they are authenticated by Keystone. Once the user is authenticated, they can perform operations within the project.

Resource Allocation

When building a project for the VNF, the administrator must set the initial quota limits for the project. To guarantee resources to a VNF-C, a Tenant vDC can be used. A Tenant vDC provides resource isolation and guaranteed resource availability for each tenant. Quotas are the operational limits that configure the amount of system resources that are available per project. Quotas can be enforced at a project and user level. When a user logs in to a project, they see an overview of the project including the resources that are provided for them, the resources they have consumed, and the remaining resources. For fine-grained resource allocation and control, the quota of the resources that are available to a project can be further divided using Tenant vDCs.

VNF Networking

Based on specific VNF networking requirements, a tenant can provision East-West connectivity, security groups, firewalls, micro-segmentation, NAT, and LBaaS from by using the VMware Integrated OpenStack user interface or command-line. VNF North-South connectivity is established by connecting tenant networks to external networks through NSX-T Data Center routers that are deployed in Edge Nodes. External networks are created by administrators and a variety of VNF routing scenarios are possible.

After the VNFs are deployed, their routing, switching, and security policies must be configured. There are many different infrastructure services available that can be configured in different ways, and in the coming sections of this document a couple of options are discussed.

Tenant networks are accessible by all Tenant vDCs within the project. Therefore, the implementation of East-West connectivity between VNF-Cs in the same Tenant vDC, and the connectivity between VNFs in two different Tenant vDCs belonging to the same project, is identical. Tenant networks are implemented as segments within the project. The North-South network is a tenant network that is connected to the telecommunications network through an N-VDS Enhanced for data-intensive workloads or by using N-VDS Standard through an NSX Edge Cluster.

VMware Integrated OpenStack exposes a rich set of API calls to provide automation. The deployment of VNFs can be automated by using a Heat template. With API calls, the upstream VNF-M and NFVO can automate all aspects of the VNF life cycle.