Policy/CLAMP - Control Loop Automation Management Platform

Policy/Clamp in ONAP Architecture

CLAMP platform has been integrated into the Policy framework project, starting as a POC during Honolulu release and as a official feature with Istanbul release. So CLAMP must be seen now as a function provided by the Policy Framework project.

CLAMP is a function for designing and managing control loops and a UI to manage Policies.

It is used to visualize a control loop, configure it with specific parameters for a particular network

service, then deploying and undeploying it. Once deployed, the user can also update the loop with new parameters during runtime, as well as suspending and restarting it.

Starting with Istanbul release, CLAMP GUI can also be used to create/read/update/delete/list policies outside of a control loop, and therefore CLAMP is also the front-end for Policies management in ONAP.

CLAMP interacts with other systems to deploy and execute the control loop. For example, it extracts the control loop blueprint from CSAR distributed by SDC. CLAMP also calls the internal Policy framework API to get the Policy Models(Model Driven Control Loop) It requests from DCAE the instantiation of microservices. to manage the control loop flow. Furthermore, it creates and updates multiple policies (for DCAE mS configuration and actual Control Operations) in the Policy Engine that define the closed loop flow.


The ONAP CLAMP function abstracts the details of these systems under the concept of a control loop model. The design of a control loop and its management is represented by a workflow in which all relevant system interactions take place. This is essential for a self-service model of creating and managing control loops, where no low-level user interaction with other components is required.

At a higher level, CLAMP is about supporting and managing the broad operational life cycle of VNFs/VMs and ultimately ONAP components itself. It will offer the ability to design, test, deploy and update control loop automation - both closed and open. Automating these functions would represent a significant saving on operational costs compared to traditional methods.


Offered APIs

The list of APIs that Policy/CLAMP has offered could be find in the following table:




swagger json file

html doc

pdf doc




Consumed APIs

Policy/CLAMP uses the API’s exposed by the following ONAP components:

  • SDC : REST based interface exposed by the SDC, Distribution of service to DCAE

  • DCAE: REST based interface exposed by DCAE, Common Controller Framework, DCAE microservices onboarded (TCA, Stringmatch, Holmes (optional))

  • Policy Core: REST based interface, Policy Core engine target both XACML and Drools PDP, Policy Engine trigger operations to App-C/VF-C/SDN-C

  • CDS: REST based interface, to retrieve list of operations/actions with their corresponding payload at runtime for Operational Policies where the field ‘actor’ is ‘CDS’.


Policy/CLAMP component is composed of a UI layer and a backend layer, each layer having its own container. Policy/CLAMP also requires a database instance with 1 DB, it uses MariaDB, which is the same DB as for the core Policy.


Logging & Diagnostic Information

CLAMP uses logback framework to generate logs. The logback.xml file can be found under the [src/main/resources/ folder](src/main/resources).

With the default log settings, all logs will be generated into console and into root.log file under the CLAMP root folder. The root.log file is not allowed to be appended, thus restarting the CLAMP will result in cleaning of the old log files.


A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/).

Once the image has been built and is available locally, you can use the docker-compose up command to deploy a pre-populated database and a CLAMP instance available on [https://localhost:3000](https://localhost:3000).


Currently, the CLAMP docker images can be deployed with small configuration needs. Though, you might need to make small adjustments to the configuration. As CLAMP is spring based, you can use the SPRING_APPLICATION_JSON environment variable to update its parameters.

There are one datasource for Clamp. By default, it will try to connect to the localhost server using the credentials available in the example SQL files. If you need to change the default database host and/or credentials, you can do it by using the following json as SPRING_APPLICATION_JSON environment variable :

    "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
    "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
    "clamp.config.dcae.inventory.url": "https://inventory.{{ include "common.namespace" . }}:8080",
    "clamp.config.dcae.dispatcher.url": "https://deployment-handler.{{ include "common.namespace" . }}:8443",
    "clamp.config.dcae.deployment.url": "https://deployment-handler.{{ include "common.namespace" . }}:8443",
    "clamp.config.dcae.deployment.userName": "none",
    "clamp.config.dcae.deployment.password": "none",
    "clamp.config.policy.api.url": "https://policy-api.{{ include "common.namespace" . }}:6969",
    "clamp.config.policy.api.userName": "healthcheck",
    "clamp.config.policy.api.password": "zb!XztG34",
    "clamp.config.policy.pap.url": "https://policy-pap.{{ include "common.namespace" . }}:6969",
    "clamp.config.policy.pap.userName": "healthcheck",
    "clamp.config.policy.pap.password": "zb!XztG34",
    "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
    "com.att.eelf.logging.path": "/opt/clamp",
    "com.att.eelf.logging.file": "logback.xml"

SDC-Controllers config

This file is a JSON that must be specified to Spring config, here is an example:

       "user": "clamp",
       "consumerGroup": "consumerGroup1",
       "consumerId": "consumerId1",
       "environmentName": "AUTO",
       "sdcAddress": "localhost:8443",
       "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
       "user": "clamp",
       "consumerGroup": "consumerGroup1",
       "consumerId": "consumerId1",
       "environmentName": "AUTO",
       "sdcAddress": "localhost:8443",
       "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",

Multiple controllers can be configured so that Clamp is able to receive the notifications from different SDC servers. Each Clamp existing in a cluster should have different consumerGroup and consumerId so that they can each consume the SDC notification. The environmentName is normally the Dmaap Topic used by SDC. If the sdcAddress is not specified or not available (connection failure) the messageBusAddresses will be used (Dmaap servers)


A user can access Policy/CLAMP UI at the following URL : https://localhost:3000. (in this URL ‘localhost’ must be replaced by the actual host where Policy/CLAMP has been installed if it is not your current localhost) For OOM, the URL is https://<host-ip>:30258

- Without AAF, the credentials are
  Default username : admin
  Default password : password

- With AAF enabled, the certificate p12 must be added to the browser
  ca path: src/main/resources/clds/aaf/org.onap.clamp.p12, password "China in the Spring"
  Or get it from this page : https://wiki.onap.org/display/DW/Control+Loop+Flows+and+Models+for+Casablanca

Human Interfaces

User Interface - serve to configure control loop Policy/CLAMP UI is used to configure the Control Loop designed and distributed by SDC. From that UI it’s possible to distribute the configuration policies and control the life-cycle of the DCAE Micro Services. Policy/CLAMP UI is also used to manage Policies outside of a Control Loop.

The following actions are done using the UI:

  • Design a control loop flow by selecting a predefined template from a list (a template is an orchestration chain of Micro-services, so the template defines how the micro-services of the control loop are chained together)

  • Give value to the configuration the parameters of each micro-service of the control loop

  • Select the service and VNF(of that service) to which the control loop will be attached

  • Configure the operational policy(the actual operation resulting from the control loop)

  • Send the “TOSCA” blueprint parameters that will be used by DCAE to start the control loop (The blueprint will be sent first to SDC and SDC will publish it to DCAE)

  • Trigger the deployment of the Control loop in DCAE

  • Control (start/stop) the operation of the control loop in DCAE

HealthCheck API - serve to verify CLAMP status (see offered API’s section) * https://<host-ip>:8443/restservices/clds/v1/healthcheck This one does not require the certificate

Walk-through can be found here: https://wiki.onap.org/display/DW/CLAMP+videos