firewall onap

Cloud-Native Firewall + ONAP (CDS) Integration

PANTHEON.tech’s Firewall CNF can be integrated with the ONAP Controller Design Studio (CDS) component.

We achieved a successful & effective integration with the Firewall CNF and CDS, in an easy-to-understand use-case: block and allow traffic between two Docker containers.

Cloud-Native Firewall & CDS

With ONAP, orchestration management and automation of network services is simple, yet effective. It allows defining policies and act on network changes in real-time.

With CDS, users can configure other ONAP components as well – such as SDN-C or SDN-R, and thereby directly configure the network itself.

CDS is responsible for designing and controlling self-services – a fully self-defined software system. It makes these self-services so accessible, that minimal to no code development is required. It is usable also by non-programmers.

CDS in ONAP

Position of CDS within the ONAP architecture

Self-contained services are defined by a Controller Blueprint Archive (CBA). The core of the CBA structure defines the service, according to TOSCA – the topology and orchestration specification for cloud applications. These blueprints are modeled, enriched to become fully self-contained TOSCA blueprints, and uploaded to CDS.

ONAP Demo Simplification

Our VPP-Agent-based Firewall CNF can be configured using CDS and afterward, effectively blocks or allows traffic between two Alpine Linux containers.

The workflow of applying a configuration to our Firewall CNF is comprised of two steps:

  1. Resolve the configuration template
  2. Apply the resolved configuration to the CNF, using the REST API

This shows the versatility and agility of our CNFs, by showcasing another possible integration in a popular project, such as ONAP.

Try our Firewall CNF + CDS Demo

This demonstration is available on our GitHub!

The script in our demonstration provides a setup, where necessary containers are started and the data plane and control plane are brought in place.

The script will then showcase traffic (pinging) from the start point to endpoint in three scenarios:

  1. Firewall CNF is not configured
  2. Firewall CNF is configured by CDS to deny traffic
  3. Firewall CNF is configured by CDS to allow traffic

PANTHEON.tech & ONAP

PANTHEON.tech is closely involved and following the development of various ONAP components.

The CPS component is of crucial importance in the ONAP project since it serves as a common data layer service, which preserves network-element runtime information, in form of database functionality.

PANTHEON.tech’s involvement in ONAP CPS includes creating an easy and common platform for testing deployments easier which highlights, where optimization is needed or achieved.

We hope you enjoyed this demonstration!


Make sure to visit our cloud-network functions (CNF) portfolio!

by Filip Gschwandtner | Leave us your feedback on this post!

You can contact us here.

Explore our PANTHEON.tech GitHub.

Watch our YouTube Channel.